Jump to content

Agent_r.arn Trojan


Recommended Posts

Hello Lords of Malwarebytes and thank you for your time!

I got hit with the Agent_r.arn Trojan and performed the following steps:

1) Was notified by AVG of trojan. Ran Full scan and corrected what was suggested. Some files could not be cleaned.

2) Rebooted as instructed by software and ran a scan again. Appeared that same files showed up on report.

3) Updated MBAM and rebooted in safe mode. Ran MBAM scan. 4 items were detected and cleaned successfully, including what appeared to be Agent_r.arn.

4) Ran AVG scan in Safe mode.(log attached in zipfile)

5) Rebooted to normal windows and ran AVG scan. Same entries appeared as in previous scans (screenshot in zip file).

6) Ran MBAM scan and no items were detected.

I am a little sketchy that infected items are still appearing in an AVG scan and would like you input as to whether or not the threat has been removed or not. Contained in the zip file also are the dds logs.

Sorry here is the Zipfile. :rolleyes:

Log Files.zip

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Thanks for replying!

I updated MBAM and re-scanned and it found Rouge.PrivacyPorotection in c:\windows\temp\0.336237869603271.exe. While the scan was running AVG Resident Shield found several files infected with Backdoor.Generic14.BSFB and Luhe.packed.p (attached screenshot). Here is the log from MBAM scan. I rebooted after cleaning as the software instructed. I have had it disconnected from the network except for when updating MBAM and AVG.

I've tried cleaning some of the Generic14 files but they seem to keep regenerating themselves.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8192

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

11/19/2011 10:03:10 AM

mbam-log-2011-11-19 (10-03-10).txt

Scan type: Full scan (C:\|)

Objects scanned: 302888

Time elapsed: 1 hour(s), 18 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\Temp\0.3362378696032071.exe (Rogue.PrivacyProtection) -> Quarantined and deleted successfully.

post-99917-0-06621600-1321715717.jpg

Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

OK I ran Combofix and it found a rootkit. I forgot to write the name down, sorry. But it said it was in the IP stack and was a difficult infection. I followed the prompts and I was instructed to reboot, so i did. It came back and combo fix started however it stalled for over an hour at "combofix is starting up" (or preparing to run combofix, whatever it says at startup). So I stopped it and restarted combofix. This time the scan completed successfully. Anyway, log is below. As far as how computer is running, I haven't really been using it much since I disconnected it form network. Only to run scans.

ComboFix 11-11-19.04 - Dan 11/19/2011 18:45:06.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1403 [GMT -5:00]

Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: PC-cillin Internet Security - Virus Protection *Disabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: PC-cillin Internet Security - Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Dan\Start Menu\Programs\AV Security 2012

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_ABEL

-------\Legacy_COMSYSAPP

-------\Service_Abel

-------\Service_COMSysApp

.

.

((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))

.

.

2011-11-12 12:52 . 2011-11-12 12:52 -------- d-----w- C:\$AVG

2011-11-11 18:28 . 2011-11-11 18:28 -------- d-----w- c:\documents and settings\Dan\Application Data\s2iibbD3pnG5QH

2011-11-11 18:28 . 2011-11-11 18:28 -------- d-----w- c:\documents and settings\Dan\Application Data\addWWK8fRL9hXwU

2011-11-11 18:28 . 2011-11-11 18:28 -------- d-----w- c:\documents and settings\Dan\Application Data\FC407

2011-11-11 18:28 . 2011-11-11 18:28 -------- d-----w- c:\documents and settings\Dan\Application Data\uJJ77dELLgRZqYw

2011-11-11 18:28 . 2011-11-11 18:28 -------- d-----w- c:\documents and settings\Dan\Application Data\T99ggTZqq

2011-10-30 22:26 . 2011-10-30 22:26 -------- d-----w- c:\documents and settings\Dan\Application Data\Catalina Marketing Corp

2011-10-30 22:26 . 2011-10-30 22:26 466944 ----a-w- c:\program files\Mozilla Firefox\plugins\NPcol400.dll

2011-10-30 21:53 . 2011-10-30 21:53 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-10-30 21:53 . 2011-10-30 21:53 -------- d-----w- c:\program files\Coupons

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-07 10:23 . 2011-01-07 10:41 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-04 10:21 . 2011-02-10 11:53 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-09-13 10:30 . 2011-03-16 20:03 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-09 09:12 . 2004-08-10 18:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 22:00 . 2011-03-16 00:56 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\system32\dnssdX.dll

2010-10-12 20:33 . 2010-10-12 20:33 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2010-10-12 22:15 . 2010-10-12 22:15 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2010-10-12 20:37 . 2010-10-12 20:37 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2010-10-12 20:35 . 2010-10-12 20:35 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2010-10-12 20:34 . 2010-10-12 20:34 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2010-10-12 20:32 . 2010-10-12 20:32 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2010-10-12 20:35 . 2010-10-12 20:35 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2010-10-12 20:34 . 2010-10-12 20:34 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2010-07-14 16:42 . 2010-07-14 16:42 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2010-10-12 20:37 . 2010-10-12 20:37 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2011-10-01 21:14 . 2011-07-17 11:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OE_OEM"="c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 321040]

"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"gStart"="c:\garmin\gStart.exe" [2007-08-23 1891416]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-13 68856]

"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 138008]

"PMX Daemon"="ICO.EXE" [2006-11-08 49152]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]

"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]

"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]

"MaxtorOneTouch"="c:\program files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 712704]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]

"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]

"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Online plug-in.lnk - c:\windows\Installer\{0F1F7A90-E71B-4E45-A066-2891619F22E1}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2011-6-4 77824]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 3:03 PM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 5:41 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/4/2011 11:59 PM 295248]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/16/2010 3:22 PM 65584]

R1 NmPar;MosChip Unusable Parallel Port;c:\windows\system32\drivers\NmPar.sys [10/11/2006 2:12 PM 76416]

R1 nmserial;MosChip PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [10/12/2006 11:23 PM 60032]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]

R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [4/12/2008 1:27 PM 2368]

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [11/8/2007 8:20 PM 36368]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 8:28 PM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53 AM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53 AM 16720]

R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [12/13/2007 8:36 AM 141376]

R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [12/13/2007 8:36 AM 7424]

R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [12/13/2007 8:36 AM 235616]

R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [12/18/2007 8:13 PM 18432]

R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [12/18/2007 8:13 PM 14336]

R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [12/13/2007 8:55 AM 31616]

R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [11/8/2007 8:20 PM 280392]

S1 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [2/27/2008 8:08 PM 14336]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/14/2010 8:50 AM 135664]

S2 NmSer;NetMos Multi I/O Serial Driver; [x]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/14/2010 8:50 AM 135664]

S3 mamovec;mamovec;c:\windows\system32\drivers\mamovec.sys [7/3/2008 8:08 PM 24784]

S3 mamovem;mamovem;c:\windows\system32\drivers\mamovem.sys [7/3/2008 8:08 PM 25044]

S3 mamoveu;mamoveu;c:\windows\system32\drivers\mamoveu.sys [7/3/2008 8:08 PM 48853]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [7/3/2008 8:19 PM 18176]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [7/3/2008 8:19 PM 7680]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [7/3/2008 8:19 PM 42112]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [7/3/2008 8:19 PM 23680]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 4:10 PM 32512]

S3 Oxmfuf;Filter driver for OX16PCI95x ports;c:\windows\system32\drivers\oxmfuf.sys [2/27/2008 8:08 PM 4992]

S3 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\OxSer.sys [2/27/2008 8:08 PM 54584]

S4 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [11/8/2007 8:19 PM 345696]

S4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [11/8/2007 8:19 PM 923216]

S4 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [11/8/2007 8:19 PM 566872]

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 13:50]

.

2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 13:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.dell.com

mSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\w75iazg5.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Cain & Abel v2.8.6 - i:\cain\UNINSTAL.EXE

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-19 18:56

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1408)

c:\program files\Citrix\ICA Client\pnsson.dll

.

- - - - - - - > 'explorer.exe'(1988)

c:\windows\system32\WININET.dll

c:\program files\iTunes\iTunesMiniPlayer.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Roxio\Drag-to-Disc\Shellex.dll

c:\windows\system32\DLAAPI_W.DLL

c:\windows\system32\CDRTC.DLL

c:\program files\Roxio\Drag-to-Disc\ShellRes.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\pmxscrll.dll

c:\windows\system32\PMXCOMM.dll

c:\windows\system32\PMXHOOKS.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Citrix\ICA Client\ssonsvr.exe

c:\program files\Maxtor\Utils\SyncServices.exe

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

c:\windows\system32\ICO.EXE

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\Pmxmiced.exe

c:\windows\system32\wscntfy.exe

c:\program files\Citrix\ICA Client\WFCRUN32.EXE

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Logitech\Video\FxSvr2.exe

c:\program files\AVG\AVG2012\avgui.exe

.

**************************************************************************

.

Completion time: 2011-11-19 19:01:55 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-20 00:01

.

Pre-Run: 254,130,970,624 bytes free

Post-Run: 255,063,134,208 bytes free

.

- - End Of File - - 69A9BE7069A05D7E80D433B560228C5A

Link to post
Share on other sites

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: PC-cillin Internet Security - Virus Protection *Disabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5}

You have two anti-virus programs.

Use add/remove programs and uni8nstall one of them

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

I uninstalled TrendMicro PCCillin and rebooted. After rebooting, before I ran TDSSkiller, AVG popped up with the backdoor.generic warning again. (just fyi). I then ran scan and it completed successfully with no issues found.

19:41:48.0906 2128 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50

19:41:49.0343 2128 ============================================================

19:41:49.0343 2128 Current date / time: 2011/11/19 19:41:49.0343

19:41:49.0343 2128 SystemInfo:

19:41:49.0343 2128

19:41:49.0343 2128 OS Version: 5.1.2600 ServicePack: 3.0

19:41:49.0343 2128 Product type: Workstation

19:41:49.0343 2128 ComputerName: D13SL9F1

19:41:49.0343 2128 UserName: Dan

19:41:49.0343 2128 Windows directory: C:\WINDOWS

19:41:49.0343 2128 System windows directory: C:\WINDOWS

19:41:49.0343 2128 Processor architecture: Intel x86

19:41:49.0343 2128 Number of processors: 2

19:41:49.0343 2128 Page size: 0x1000

19:41:49.0343 2128 Boot type: Normal boot

19:41:49.0343 2128 ============================================================

19:41:50.0156 2128 Initialize success

19:42:12.0421 2136 ============================================================

19:42:12.0421 2136 Scan started

19:42:12.0421 2136 Mode: Manual;

19:42:12.0421 2136 ============================================================

19:42:12.0656 2136 Abiosdsk - ok

19:42:12.0718 2136 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

19:42:12.0718 2136 abp480n5 - ok

19:42:12.0843 2136 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

19:42:12.0843 2136 ACPI - ok

19:42:12.0906 2136 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

19:42:12.0906 2136 ACPIEC - ok

19:42:12.0984 2136 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

19:42:12.0984 2136 adpu160m - ok

19:42:13.0046 2136 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

19:42:13.0046 2136 aec - ok

19:42:13.0125 2136 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

19:42:13.0140 2136 AFD - ok

19:42:13.0187 2136 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

19:42:13.0218 2136 agp440 - ok

19:42:13.0312 2136 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

19:42:13.0328 2136 agpCPQ - ok

19:42:13.0390 2136 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

19:42:13.0406 2136 Aha154x - ok

19:42:13.0500 2136 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

19:42:13.0500 2136 aic78u2 - ok

19:42:13.0593 2136 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

19:42:13.0609 2136 aic78xx - ok

19:42:13.0734 2136 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

19:42:13.0734 2136 AliIde - ok

19:42:13.0812 2136 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

19:42:13.0812 2136 alim1541 - ok

19:42:13.0890 2136 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

19:42:13.0906 2136 amdagp - ok

19:42:13.0984 2136 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

19:42:13.0984 2136 amsint - ok

19:42:14.0031 2136 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

19:42:14.0031 2136 asc - ok

19:42:14.0078 2136 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

19:42:14.0109 2136 asc3350p - ok

19:42:14.0156 2136 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

19:42:14.0156 2136 asc3550 - ok

19:42:14.0203 2136 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

19:42:14.0203 2136 AsyncMac - ok

19:42:14.0234 2136 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

19:42:14.0234 2136 atapi - ok

19:42:14.0265 2136 Atdisk - ok

19:42:14.0328 2136 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

19:42:14.0328 2136 Atmarpc - ok

19:42:14.0375 2136 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

19:42:14.0375 2136 audstub - ok

19:42:14.0453 2136 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

19:42:14.0453 2136 AVGIDSDriver - ok

19:42:14.0500 2136 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

19:42:14.0500 2136 AVGIDSEH - ok

19:42:14.0500 2136 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

19:42:14.0515 2136 AVGIDSFilter - ok

19:42:14.0625 2136 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

19:42:14.0625 2136 AVGIDSShim - ok

19:42:14.0671 2136 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

19:42:14.0671 2136 Avgldx86 - ok

19:42:14.0703 2136 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

19:42:14.0703 2136 Avgmfx86 - ok

19:42:14.0781 2136 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

19:42:14.0781 2136 Avgrkx86 - ok

19:42:14.0828 2136 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

19:42:14.0828 2136 Avgtdix - ok

19:42:14.0875 2136 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

19:42:14.0875 2136 Beep - ok

19:42:14.0875 2136 catchme - ok

19:42:14.0937 2136 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

19:42:14.0953 2136 cbidf - ok

19:42:15.0000 2136 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

19:42:15.0000 2136 cbidf2k - ok

19:42:15.0046 2136 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

19:42:15.0046 2136 CCDECODE - ok

19:42:15.0125 2136 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

19:42:15.0125 2136 cd20xrnt - ok

19:42:15.0203 2136 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

19:42:15.0203 2136 Cdaudio - ok

19:42:15.0218 2136 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

19:42:15.0218 2136 Cdfs - ok

19:42:15.0234 2136 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

19:42:15.0234 2136 Cdrom - ok

19:42:15.0250 2136 Changer - ok

19:42:15.0281 2136 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

19:42:15.0281 2136 CmdIde - ok

19:42:15.0343 2136 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

19:42:15.0359 2136 Cpqarray - ok

19:42:15.0484 2136 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys

19:42:15.0484 2136 ctxusbm - ok

19:42:15.0546 2136 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

19:42:15.0546 2136 dac2w2k - ok

19:42:15.0625 2136 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

19:42:15.0625 2136 dac960nt - ok

19:42:15.0718 2136 datunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\datunidr.sys

19:42:15.0718 2136 datunidr - ok

19:42:15.0750 2136 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

19:42:15.0750 2136 Disk - ok

19:42:15.0843 2136 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS

19:42:15.0859 2136 DLABMFSM - ok

19:42:15.0890 2136 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

19:42:15.0890 2136 DLABOIOM - ok

19:42:15.0937 2136 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

19:42:15.0937 2136 DLACDBHM - ok

19:42:15.0968 2136 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS

19:42:15.0968 2136 DLADResM - ok

19:42:15.0968 2136 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

19:42:15.0984 2136 DLAIFS_M - ok

19:42:15.0984 2136 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

19:42:15.0984 2136 DLAOPIOM - ok

19:42:15.0984 2136 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

19:42:15.0984 2136 DLAPoolM - ok

19:42:16.0046 2136 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

19:42:16.0046 2136 DLARTL_M - ok

19:42:16.0062 2136 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

19:42:16.0062 2136 DLAUDFAM - ok

19:42:16.0078 2136 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

19:42:16.0078 2136 DLAUDF_M - ok

19:42:16.0140 2136 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

19:42:16.0156 2136 dmboot - ok

19:42:16.0250 2136 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

19:42:16.0250 2136 dmio - ok

19:42:16.0312 2136 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

19:42:16.0328 2136 dmload - ok

19:42:16.0375 2136 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

19:42:16.0375 2136 DMusic - ok

19:42:16.0437 2136 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

19:42:16.0437 2136 dpti2o - ok

19:42:16.0500 2136 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

19:42:16.0500 2136 drmkaud - ok

19:42:16.0546 2136 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

19:42:16.0546 2136 DRVMCDB - ok

19:42:16.0578 2136 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

19:42:16.0578 2136 DRVNDDM - ok

19:42:16.0640 2136 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

19:42:16.0656 2136 E100B - ok

19:42:16.0718 2136 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

19:42:16.0718 2136 e1express - ok

19:42:16.0781 2136 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

19:42:16.0796 2136 Fastfat - ok

19:42:16.0812 2136 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

19:42:16.0812 2136 Fdc - ok

19:42:16.0828 2136 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

19:42:16.0843 2136 Fips - ok

19:42:16.0890 2136 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

19:42:16.0890 2136 Flpydisk - ok

19:42:16.0953 2136 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

19:42:16.0953 2136 FltMgr - ok

19:42:17.0015 2136 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

19:42:17.0015 2136 Fs_Rec - ok

19:42:17.0046 2136 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

19:42:17.0046 2136 Ftdisk - ok

19:42:17.0125 2136 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

19:42:17.0125 2136 GEARAspiWDM - ok

19:42:17.0156 2136 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

19:42:17.0156 2136 Gpc - ok

19:42:17.0187 2136 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

19:42:17.0187 2136 HDAudBus - ok

19:42:17.0203 2136 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

19:42:17.0203 2136 HidUsb - ok

19:42:17.0250 2136 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

19:42:17.0250 2136 hpn - ok

19:42:17.0296 2136 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

19:42:17.0296 2136 HTTP - ok

19:42:17.0328 2136 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

19:42:17.0328 2136 i2omgmt - ok

19:42:17.0421 2136 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

19:42:17.0437 2136 i2omp - ok

19:42:17.0484 2136 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

19:42:17.0484 2136 i8042prt - ok

19:42:17.0750 2136 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

19:42:17.0906 2136 ialm - ok

19:42:18.0031 2136 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys

19:42:18.0046 2136 iaStor - ok

19:42:18.0093 2136 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

19:42:18.0093 2136 Imapi - ok

19:42:18.0156 2136 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

19:42:18.0171 2136 ini910u - ok

19:42:18.0359 2136 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys

19:42:18.0390 2136 IntcAzAudAddService - ok

19:42:18.0484 2136 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

19:42:18.0500 2136 IntelIde - ok

19:42:18.0546 2136 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

19:42:18.0562 2136 intelppm - ok

19:42:18.0593 2136 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

19:42:18.0593 2136 Ip6Fw - ok

19:42:18.0593 2136 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

19:42:18.0593 2136 IpFilterDriver - ok

19:42:18.0671 2136 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

19:42:18.0671 2136 IpInIp - ok

19:42:18.0718 2136 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

19:42:18.0718 2136 IpNat - ok

19:42:18.0765 2136 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

19:42:18.0765 2136 IPSec - ok

19:42:18.0812 2136 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

19:42:18.0812 2136 IRENUM - ok

19:42:18.0921 2136 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

19:42:18.0921 2136 isapnp - ok

19:42:18.0953 2136 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

19:42:18.0968 2136 Kbdclass - ok

19:42:19.0000 2136 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

19:42:19.0000 2136 kbdhid - ok

19:42:19.0015 2136 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

19:42:19.0015 2136 kmixer - ok

19:42:19.0078 2136 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

19:42:19.0078 2136 KSecDD - ok

19:42:19.0125 2136 lbrtfdc - ok

19:42:19.0171 2136 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys

19:42:19.0171 2136 LVUSBSta - ok

19:42:19.0234 2136 mamovec (494daad7dab01d160c37ae7d99b00de6) C:\WINDOWS\system32\Drivers\mamovec.sys

19:42:19.0234 2136 mamovec - ok

19:42:19.0312 2136 mamovem (b2434b4f7827798abecd2103fb8f64a5) C:\WINDOWS\system32\Drivers\mamovem.sys

19:42:19.0328 2136 mamovem - ok

19:42:19.0421 2136 mamoveu (a1f1ba94c306fa8583df23b29e48c10d) C:\WINDOWS\system32\DRIVERS\mamoveu.sys

19:42:19.0421 2136 mamoveu - ok

19:42:19.0484 2136 MaVctrl (8181ceb341cbb2f7f893f85b915d5e15) C:\WINDOWS\system32\DRIVERS\MaVc2K.sys

19:42:19.0484 2136 MaVctrl - ok

19:42:19.0515 2136 MBAMSwissArmy - ok

19:42:19.0515 2136 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys

19:42:19.0515 2136 mf - ok

19:42:19.0562 2136 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

19:42:19.0562 2136 mnmdd - ok

19:42:19.0625 2136 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

19:42:19.0640 2136 Modem - ok

19:42:19.0718 2136 motccgp (a10fa04b73a9d97e5cf77eb1d5a88165) C:\WINDOWS\system32\DRIVERS\motccgp.sys

19:42:19.0718 2136 motccgp - ok

19:42:19.0859 2136 motccgpfl (aad6191a4daa519f04ab12b2af73e356) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys

19:42:19.0859 2136 motccgpfl - ok

19:42:19.0953 2136 MotDev (80bda4ac4b2834ca522b7386fc1f6a20) C:\WINDOWS\system32\DRIVERS\motodrv.sys

19:42:19.0953 2136 MotDev - ok

19:42:20.0031 2136 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys

19:42:20.0031 2136 motmodem - ok

19:42:20.0109 2136 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys

19:42:20.0109 2136 motport - ok

19:42:20.0171 2136 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

19:42:20.0171 2136 Mouclass - ok

19:42:20.0265 2136 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

19:42:20.0265 2136 mouhid - ok

19:42:20.0328 2136 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

19:42:20.0328 2136 MountMgr - ok

19:42:20.0390 2136 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

19:42:20.0390 2136 mraid35x - ok

19:42:20.0453 2136 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

19:42:20.0453 2136 MRxDAV - ok

19:42:20.0500 2136 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

19:42:20.0500 2136 Msfs - ok

19:42:20.0562 2136 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

19:42:20.0562 2136 MSKSSRV - ok

19:42:20.0625 2136 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

19:42:20.0625 2136 MSPCLOCK - ok

19:42:20.0750 2136 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

19:42:20.0750 2136 MSPQM - ok

19:42:20.0796 2136 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

19:42:20.0796 2136 mssmbios - ok

19:42:20.0859 2136 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

19:42:20.0859 2136 MSTEE - ok

19:42:20.0937 2136 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

19:42:20.0937 2136 Mup - ok

19:42:21.0015 2136 MXOPSWD (c29f284ff7ab4ed38ce419a9424e52a2) C:\WINDOWS\system32\DRIVERS\mxopswd.sys

19:42:21.0015 2136 MXOPSWD - ok

19:42:21.0093 2136 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

19:42:21.0125 2136 NABTSFEC - ok

19:42:21.0187 2136 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

19:42:21.0187 2136 NDIS - ok

19:42:21.0218 2136 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

19:42:21.0234 2136 NdisIP - ok

19:42:21.0296 2136 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

19:42:21.0296 2136 NdisTapi - ok

19:42:21.0375 2136 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

19:42:21.0375 2136 Ndisuio - ok

19:42:21.0406 2136 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

19:42:21.0406 2136 NdisWan - ok

19:42:21.0453 2136 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

19:42:21.0453 2136 NDProxy - ok

19:42:21.0500 2136 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

19:42:21.0500 2136 NetBIOS - ok

19:42:21.0578 2136 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

19:42:21.0578 2136 NetBT - ok

19:42:21.0640 2136 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys

19:42:21.0640 2136 nm - ok

19:42:21.0703 2136 NmPar (79ea5a1b343db2f5187758e00195d9bd) C:\WINDOWS\system32\DRIVERS\NmPar.sys

19:42:21.0703 2136 NmPar - ok

19:42:21.0750 2136 NmSer - ok

19:42:21.0765 2136 nmserial (ace5b84c6d38d6212e2734de714b523b) C:\WINDOWS\system32\DRIVERS\nmserial.sys

19:42:21.0765 2136 nmserial - ok

19:42:21.0828 2136 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys

19:42:21.0843 2136 NPF - ok

19:42:21.0890 2136 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

19:42:21.0890 2136 Npfs - ok

19:42:21.0906 2136 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

19:42:21.0921 2136 Ntfs - ok

19:42:22.0000 2136 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

19:42:22.0000 2136 Null - ok

19:42:22.0093 2136 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

19:42:22.0140 2136 nv - ok

19:42:22.0203 2136 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

19:42:22.0203 2136 NwlnkFlt - ok

19:42:22.0265 2136 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

19:42:22.0265 2136 NwlnkFwd - ok

19:42:22.0312 2136 OEM05Afx (58f478fd0115012ceec75fb73628901c) C:\WINDOWS\system32\Drivers\OEM05Afx.sys

19:42:22.0312 2136 OEM05Afx - ok

19:42:22.0343 2136 OEM05Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM05Vfx.sys

19:42:22.0343 2136 OEM05Vfx - ok

19:42:22.0421 2136 OEM05Vid (3c60c2022cb93073da2574da90c962c2) C:\WINDOWS\system32\DRIVERS\OEM05Vid.sys

19:42:22.0421 2136 OEM05Vid - ok

19:42:22.0500 2136 oxmf (efb392c566976a27cf834989fb37db55) C:\WINDOWS\system32\DRIVERS\oxmf.sys

19:42:22.0500 2136 oxmf - ok

19:42:22.0546 2136 Oxmfuf (14fb89c5b0ee0bf3313873181e8893b5) C:\WINDOWS\system32\DRIVERS\oxmfuf.sys

19:42:22.0546 2136 Oxmfuf - ok

19:42:22.0625 2136 oxser (ba2be7a2189458425e74b73e9b3d6e97) C:\WINDOWS\system32\DRIVERS\oxser.sys

19:42:22.0625 2136 oxser - ok

19:42:22.0703 2136 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

19:42:22.0703 2136 Parport - ok

19:42:22.0765 2136 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

19:42:22.0765 2136 PartMgr - ok

19:42:22.0890 2136 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

19:42:22.0890 2136 ParVdm - ok

19:42:22.0921 2136 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

19:42:22.0921 2136 PCI - ok

19:42:22.0937 2136 PCIDump - ok

19:42:22.0937 2136 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

19:42:22.0937 2136 PCIIde - ok

19:42:22.0968 2136 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

19:42:22.0984 2136 Pcmcia - ok

19:42:23.0031 2136 PDCOMP - ok

19:42:23.0031 2136 PDFRAME - ok

19:42:23.0140 2136 PDRELI - ok

19:42:23.0171 2136 PDRFRAME - ok

19:42:23.0218 2136 pepifilter (2a3efd6c3f116675d149da5e36a010a4) C:\WINDOWS\system32\DRIVERS\lv302af.sys

19:42:23.0218 2136 pepifilter - ok

19:42:23.0265 2136 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

19:42:23.0281 2136 perc2 - ok

19:42:23.0343 2136 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

19:42:23.0359 2136 perc2hib - ok

19:42:23.0484 2136 PID_08A0 (cebefeae6156f4fee41f56be89ea9c96) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS

19:42:23.0484 2136 PID_08A0 - ok

19:42:23.0531 2136 PID_PEPI - ok

19:42:23.0578 2136 pmxmouse (fab495f1defeb596c44b9752a25e2a60) C:\WINDOWS\system32\DRIVERS\pmxmouse.sys

19:42:23.0578 2136 pmxmouse - ok

19:42:23.0609 2136 pmxusblf (1971e853b598bf9baabff2b652e5cd4d) C:\WINDOWS\system32\DRIVERS\pmxusblf.sys

19:42:23.0609 2136 pmxusblf - ok

19:42:23.0703 2136 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

19:42:23.0703 2136 PptpMiniport - ok

19:42:23.0734 2136 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

19:42:23.0734 2136 PSched - ok

19:42:23.0734 2136 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

19:42:23.0750 2136 Ptilink - ok

19:42:23.0906 2136 PTproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys

19:42:23.0906 2136 PTproct - ok

19:42:24.0000 2136 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

19:42:24.0000 2136 PxHelp20 - ok

19:42:24.0046 2136 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

19:42:24.0046 2136 ql1080 - ok

19:42:24.0125 2136 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

19:42:24.0140 2136 Ql10wnt - ok

19:42:24.0203 2136 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

19:42:24.0218 2136 ql12160 - ok

19:42:24.0265 2136 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

19:42:24.0265 2136 ql1240 - ok

19:42:24.0312 2136 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

19:42:24.0312 2136 ql1280 - ok

19:42:24.0359 2136 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

19:42:24.0359 2136 RasAcd - ok

19:42:24.0406 2136 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

19:42:24.0406 2136 Rasl2tp - ok

19:42:24.0421 2136 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

19:42:24.0421 2136 RasPppoe - ok

19:42:24.0421 2136 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

19:42:24.0421 2136 Raspti - ok

19:42:24.0500 2136 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

19:42:24.0500 2136 Rdbss - ok

19:42:24.0531 2136 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

19:42:24.0531 2136 RDPCDD - ok

19:42:24.0671 2136 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

19:42:24.0671 2136 rdpdr - ok

19:42:24.0828 2136 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

19:42:24.0828 2136 RDPWD - ok

19:42:24.0890 2136 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

19:42:24.0890 2136 redbook - ok

19:42:24.0921 2136 RLDesignVirtualAudioCableWdm (f5cd7457fa2f0d1078992ccb77a546c4) C:\WINDOWS\system32\DRIVERS\livecamv.sys

19:42:24.0921 2136 RLDesignVirtualAudioCableWdm - ok

19:42:24.0984 2136 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

19:42:24.0984 2136 Secdrv - ok

19:42:25.0031 2136 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

19:42:25.0031 2136 serenum - ok

19:42:25.0078 2136 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

19:42:25.0078 2136 Serial - ok

19:42:25.0109 2136 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

19:42:25.0125 2136 Sfloppy - ok

19:42:25.0156 2136 Simbad - ok

19:42:25.0203 2136 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

19:42:25.0218 2136 sisagp - ok

19:42:25.0281 2136 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

19:42:25.0281 2136 SLIP - ok

19:42:25.0359 2136 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

19:42:25.0359 2136 Sparrow - ok

19:42:25.0421 2136 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

19:42:25.0421 2136 splitter - ok

19:42:25.0468 2136 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

19:42:25.0468 2136 sr - ok

19:42:25.0562 2136 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

19:42:25.0562 2136 Srv - ok

19:42:25.0687 2136 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

19:42:25.0687 2136 streamip - ok

19:42:25.0765 2136 SVKP (f05028b163b92c302a74409d683ac9b0) C:\WINDOWS\system32\SVKP.sys

19:42:25.0781 2136 SVKP - ok

19:42:25.0843 2136 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

19:42:25.0843 2136 swenum - ok

19:42:25.0921 2136 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

19:42:25.0921 2136 swmidi - ok

19:42:25.0953 2136 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

19:42:25.0968 2136 symc810 - ok

19:42:25.0984 2136 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

19:42:26.0000 2136 symc8xx - ok

19:42:26.0046 2136 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

19:42:26.0062 2136 sym_hi - ok

19:42:26.0062 2136 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

19:42:26.0062 2136 sym_u3 - ok

19:42:26.0234 2136 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

19:42:26.0234 2136 sysaudio - ok

19:42:26.0281 2136 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

19:42:26.0296 2136 Tcpip - ok

19:42:26.0343 2136 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

19:42:26.0359 2136 TDPIPE - ok

19:42:26.0468 2136 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

19:42:26.0484 2136 TDTCP - ok

19:42:26.0515 2136 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

19:42:26.0515 2136 TermDD - ok

19:42:26.0546 2136 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

19:42:26.0562 2136 TosIde - ok

19:42:26.0578 2136 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

19:42:26.0593 2136 Udfs - ok

19:42:26.0640 2136 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

19:42:26.0671 2136 ultra - ok

19:42:26.0718 2136 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

19:42:26.0750 2136 Update - ok

19:42:26.0765 2136 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

19:42:26.0765 2136 usbaudio - ok

19:42:26.0781 2136 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

19:42:26.0796 2136 usbccgp - ok

19:42:26.0812 2136 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

19:42:26.0812 2136 usbehci - ok

19:42:26.0812 2136 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

19:42:26.0812 2136 usbhub - ok

19:42:26.0828 2136 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

19:42:26.0828 2136 usbprint - ok

19:42:26.0859 2136 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

19:42:26.0859 2136 usbscan - ok

19:42:26.0890 2136 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:42:26.0890 2136 USBSTOR - ok

19:42:26.0906 2136 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

19:42:26.0906 2136 usbuhci - ok

19:42:26.0906 2136 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

19:42:26.0906 2136 VgaSave - ok

19:42:26.0953 2136 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

19:42:26.0953 2136 viaagp - ok

19:42:26.0968 2136 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

19:42:26.0968 2136 ViaIde - ok

19:42:27.0000 2136 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

19:42:27.0000 2136 VolSnap - ok

19:42:27.0031 2136 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

19:42:27.0031 2136 Wanarp - ok

19:42:27.0109 2136 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

19:42:27.0125 2136 Wdf01000 - ok

19:42:27.0187 2136 WDICA - ok

19:42:27.0203 2136 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

19:42:27.0203 2136 wdmaud - ok

19:42:27.0265 2136 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

19:42:27.0265 2136 WSTCODEC - ok

19:42:27.0343 2136 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

19:42:27.0343 2136 WudfPf - ok

19:42:27.0406 2136 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

19:42:27.0406 2136 WudfRd - ok

19:42:27.0421 2136 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0

19:42:27.0437 2136 \Device\Harddisk0\DR0 - ok

19:42:27.0437 2136 MBR (0x1B8) (a9f62f76260fab6b0568251bc7e3956f) \Device\Harddisk5\DR12

19:42:27.0437 2136 \Device\Harddisk5\DR12 - ok

19:42:27.0453 2136 Boot (0x1200) (fdc297b0a821cbdecf627586afaaf96a) \Device\Harddisk0\DR0\Partition0

19:42:27.0453 2136 \Device\Harddisk0\DR0\Partition0 - ok

19:42:27.0453 2136 Boot (0x1200) (f8fe678e5da4cf4057a9ac7535dc517a) \Device\Harddisk5\DR12\Partition0

19:42:27.0453 2136 \Device\Harddisk5\DR12\Partition0 - ok

19:42:27.0453 2136 ============================================================

19:42:27.0453 2136 Scan finished

19:42:27.0453 2136 ============================================================

19:42:27.0468 3068 Detected object count: 0

19:42:27.0468 3068 Actual detected object count: 0

Link to post
Share on other sites

Combofix prompted me for an update so I updated and then ran a scan. So far I have not had a pop up with AVG about anything. Should I run and AVG scan and see if anything comes up?

ComboFix 11-11-20.01 - Dan 11/20/2011 8:13.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1339 [GMT -5:00]

Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_COMSysApp

.

.

((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))

.

.

2011-11-12 12:52 . 2011-11-12 12:52 -------- d-----w- C:\$AVG

2011-11-11 18:28 . 2011-11-11 18:28 -------- d-----w- c:\documents and settings\Dan\Application Data\s2iibbD3pnG5QH

2011-11-11 18:28 . 2011-11-11 18:28 -------- d-----w- c:\documents and settings\Dan\Application Data\addWWK8fRL9hXwU

2011-11-11 18:28 . 2011-11-11 18:28 -------- d-----w- c:\documents and settings\Dan\Application Data\FC407

2011-11-11 18:28 . 2011-11-11 18:28 -------- d-----w- c:\documents and settings\Dan\Application Data\uJJ77dELLgRZqYw

2011-11-11 18:28 . 2011-11-11 18:28 -------- d-----w- c:\documents and settings\Dan\Application Data\T99ggTZqq

2011-10-30 22:26 . 2011-10-30 22:26 -------- d-----w- c:\documents and settings\Dan\Application Data\Catalina Marketing Corp

2011-10-30 22:26 . 2011-10-30 22:26 466944 ----a-w- c:\program files\Mozilla Firefox\plugins\NPcol400.dll

2011-10-30 21:53 . 2011-10-30 21:53 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-10-30 21:53 . 2011-10-30 21:53 -------- d-----w- c:\program files\Coupons

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-10 14:22 . 2004-08-10 19:02 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 10:23 . 2011-01-07 10:41 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-04 10:21 . 2011-02-10 11:53 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-09-28 07:06 . 2004-08-10 18:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41 . 2004-08-10 18:51 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41 . 2004-08-10 18:51 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-13 10:30 . 2011-03-16 20:03 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-06 13:20 . 2004-08-10 18:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 22:00 . 2011-03-16 00:56 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\system32\dnssdX.dll

2010-10-12 20:33 . 2010-10-12 20:33 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2010-10-12 22:15 . 2010-10-12 22:15 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2010-10-12 20:37 . 2010-10-12 20:37 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2010-10-12 20:35 . 2010-10-12 20:35 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2010-10-12 20:34 . 2010-10-12 20:34 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2010-10-12 20:32 . 2010-10-12 20:32 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2010-10-12 20:35 . 2010-10-12 20:35 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2010-10-12 20:34 . 2010-10-12 20:34 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2010-07-14 16:42 . 2010-07-14 16:42 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2010-10-12 20:37 . 2010-10-12 20:37 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2011-10-01 21:14 . 2011-07-17 11:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-19_23.57.03 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-11-20 13:21 . 2011-11-20 13:21 16384 c:\windows\Temp\Perflib_Perfdata_570.dat

+ 2007-12-13 13:58 . 2011-08-12 18:51 26488 c:\windows\system32\spupdsvc.exe

- 2007-12-13 13:58 . 2007-07-28 03:11 26488 c:\windows\system32\spupdsvc.exe

- 2008-03-15 16:55 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll

+ 2008-03-15 16:55 . 2011-08-12 18:51 17272 c:\windows\system32\spmsg.dll

- 2004-08-10 18:51 . 2011-06-21 18:45 44544 c:\windows\system32\pngfilt.dll

+ 2004-08-10 18:51 . 2011-08-17 21:32 44544 c:\windows\system32\pngfilt.dll

+ 2004-08-10 18:51 . 2011-11-20 03:58 72372 c:\windows\system32\perfc009.dat

- 2004-08-10 18:51 . 2011-11-06 12:29 72372 c:\windows\system32\perfc009.dat

- 2007-08-13 22:54 . 2011-06-21 18:45 52224 c:\windows\system32\msfeedsbs.dll

+ 2007-08-13 22:54 . 2011-08-17 21:32 52224 c:\windows\system32\msfeedsbs.dll

- 2004-08-10 18:51 . 2011-06-21 18:45 27648 c:\windows\system32\jsproxy.dll

+ 2004-08-10 18:51 . 2011-08-17 21:32 27648 c:\windows\system32\jsproxy.dll

+ 2007-08-13 22:39 . 2011-08-17 12:21 13824 c:\windows\system32\ieudinit.exe

- 2007-08-13 22:39 . 2011-06-21 11:46 13824 c:\windows\system32\ieudinit.exe

+ 2004-08-10 18:51 . 2011-08-17 21:32 44544 c:\windows\system32\iernonce.dll

- 2004-08-10 18:51 . 2011-06-21 18:45 44544 c:\windows\system32\iernonce.dll

- 2004-08-10 18:51 . 2011-06-21 18:45 78336 c:\windows\system32\ieencode.dll

+ 2004-08-10 18:51 . 2011-08-17 21:32 78336 c:\windows\system32\ieencode.dll

- 2004-08-10 18:51 . 2011-06-21 11:46 70656 c:\windows\system32\ie4uinit.exe

+ 2004-08-10 18:51 . 2011-08-17 12:21 70656 c:\windows\system32\ie4uinit.exe

+ 2007-08-13 22:36 . 2011-08-17 21:32 63488 c:\windows\system32\icardie.dll

- 2007-08-13 22:36 . 2011-06-21 18:45 63488 c:\windows\system32\icardie.dll

+ 2007-08-13 22:36 . 2011-08-17 21:32 44544 c:\windows\system32\dllcache\pngfilt.dll

- 2007-08-13 22:36 . 2011-06-21 18:45 44544 c:\windows\system32\dllcache\pngfilt.dll

+ 2011-09-26 16:41 . 2011-09-26 16:41 20480 c:\windows\system32\dllcache\oleaccrc.dll

+ 2011-07-12 23:20 . 2011-08-17 21:32 52224 c:\windows\system32\dllcache\msfeedsbs.dll

- 2011-07-12 23:20 . 2011-06-21 18:45 52224 c:\windows\system32\dllcache\msfeedsbs.dll

- 2007-08-13 22:54 . 2011-06-21 18:45 27648 c:\windows\system32\dllcache\jsproxy.dll

+ 2007-08-13 22:54 . 2011-08-17 21:32 27648 c:\windows\system32\dllcache\jsproxy.dll

- 2011-07-12 23:20 . 2011-06-21 11:46 13824 c:\windows\system32\dllcache\ieudinit.exe

+ 2011-07-12 23:20 . 2011-08-17 12:21 13824 c:\windows\system32\dllcache\ieudinit.exe

+ 2007-08-13 22:39 . 2011-08-17 21:32 44544 c:\windows\system32\dllcache\iernonce.dll

- 2007-08-13 22:39 . 2011-06-21 18:45 44544 c:\windows\system32\dllcache\iernonce.dll

+ 2009-02-20 08:10 . 2011-08-17 21:32 78336 c:\windows\system32\dllcache\ieencode.dll

- 2009-02-20 08:10 . 2011-06-21 18:45 78336 c:\windows\system32\dllcache\ieencode.dll

+ 2007-08-13 22:39 . 2011-08-17 12:21 70656 c:\windows\system32\dllcache\ie4uinit.exe

- 2007-08-13 22:39 . 2011-06-21 11:46 70656 c:\windows\system32\dllcache\ie4uinit.exe

- 2011-07-12 23:20 . 2011-06-21 18:45 63488 c:\windows\system32\dllcache\icardie.dll

+ 2011-07-12 23:20 . 2011-08-17 21:32 63488 c:\windows\system32\dllcache\icardie.dll

- 2007-08-13 22:42 . 2011-06-21 18:45 17408 c:\windows\system32\dllcache\corpol.dll

+ 2007-08-13 22:42 . 2011-08-17 21:32 17408 c:\windows\system32\dllcache\corpol.dll

- 2004-08-10 18:50 . 2011-06-21 18:45 17408 c:\windows\system32\corpol.dll

+ 2004-08-10 18:50 . 2011-08-17 21:32 17408 c:\windows\system32\corpol.dll

- 2010-09-23 19:55 . 2010-09-23 19:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll

+ 2011-07-08 19:00 . 2011-07-08 19:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll

+ 2011-07-07 17:04 . 2011-07-07 17:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

- 2010-09-23 06:26 . 2010-09-23 06:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

+ 2011-07-07 17:04 . 2011-07-07 17:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

- 2010-09-23 06:26 . 2010-09-23 06:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

+ 2011-07-07 17:03 . 2011-07-07 17:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

- 2010-09-23 06:26 . 2010-09-23 06:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

- 2010-09-23 07:17 . 2010-09-23 07:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2011-07-07 18:09 . 2011-07-07 18:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2011-07-07 18:09 . 2011-07-07 18:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll

- 2010-09-23 07:17 . 2010-09-23 07:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 44544 c:\windows\ie7updates\KB2586448-IE7\pngfilt.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 52224 c:\windows\ie7updates\KB2586448-IE7\msfeedsbs.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 27648 c:\windows\ie7updates\KB2586448-IE7\jsproxy.dll

+ 2011-11-20 03:53 . 2011-06-21 11:46 13824 c:\windows\ie7updates\KB2586448-IE7\ieudinit.exe

+ 2011-11-20 03:53 . 2011-06-21 18:45 44544 c:\windows\ie7updates\KB2586448-IE7\iernonce.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 78336 c:\windows\ie7updates\KB2586448-IE7\ieencode.dll

+ 2011-11-20 03:53 . 2011-06-21 11:46 70656 c:\windows\ie7updates\KB2586448-IE7\ie4uinit.exe

+ 2011-11-20 03:53 . 2011-06-21 18:45 63488 c:\windows\ie7updates\KB2586448-IE7\icardie.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 17408 c:\windows\ie7updates\KB2586448-IE7\corpol.dll

+ 2011-11-20 03:51 . 2011-11-20 03:51 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_419c9585\System.Drawing.Design.dll

+ 2011-11-20 03:51 . 2011-11-20 03:51 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_009f040a\CustomMarshalers.dll

+ 2011-11-20 13:12 . 2011-11-20 13:12 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\TVM\6586e96054b789574b031b63ef4d10d7\TVM.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll

+ 2011-11-20 13:11 . 2011-11-20 13:11 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\66873b557d5c7013e4c630361473b0c2\PresentationFontCache.ni.exe

+ 2011-11-20 13:09 . 2011-11-20 13:09 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5b30652a7b802199984f93b5e414260f\PresentationCFFRasterizer.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\eaa8d72317e5b8047e413939cc71ffba\Microsoft.Vsa.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a140509b1342934fc5e58ae22ac9696c\Microsoft.VisualC.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Inte#\aaf7df386198e897c84fdf2a883c8a2a\Intuit.Ctg.Wte.InterviewControlLibrary.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe

+ 2011-11-20 13:17 . 2011-11-20 13:17 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2011-11-20 03:51 . 2011-11-20 03:51 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll

- 2010-10-11 02:07 . 2010-10-11 02:07 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2011-08-28 02:25 . 2011-08-28 02:25 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2011-06-25 03:03 . 2011-08-28 02:25 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2011-06-25 03:03 . 2011-11-20 03:57 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2011-06-25 03:03 . 2011-08-28 02:25 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2011-06-25 03:03 . 2011-11-20 03:57 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2004-08-10 18:51 . 2011-06-21 18:45 832512 c:\windows\system32\wininet.dll

+ 2004-08-10 18:51 . 2011-08-17 21:32 832512 c:\windows\system32\wininet.dll

- 2004-08-10 18:51 . 2011-06-21 18:45 233472 c:\windows\system32\webcheck.dll

+ 2004-08-10 18:51 . 2011-08-17 21:32 233472 c:\windows\system32\webcheck.dll

- 2004-08-10 18:51 . 2011-06-21 18:45 106496 c:\windows\system32\url.dll

+ 2004-08-10 18:51 . 2011-08-17 21:32 106496 c:\windows\system32\url.dll

+ 2004-08-10 18:51 . 2011-11-20 03:58 443232 c:\windows\system32\perfh009.dat

- 2004-08-10 18:51 . 2011-11-06 12:29 443232 c:\windows\system32\perfh009.dat

+ 2004-08-10 18:51 . 2011-08-17 21:32 102912 c:\windows\system32\occache.dll

- 2004-08-10 18:51 . 2011-06-21 18:45 102912 c:\windows\system32\occache.dll

+ 2004-08-10 18:51 . 2011-08-17 21:32 671232 c:\windows\system32\mstime.dll

- 2004-08-10 18:51 . 2011-06-21 18:45 671232 c:\windows\system32\mstime.dll

+ 2004-08-10 18:51 . 2011-08-17 21:32 193024 c:\windows\system32\msrating.dll

- 2004-08-10 18:51 . 2011-06-21 18:45 193024 c:\windows\system32\msrating.dll

- 2004-08-10 18:51 . 2011-06-21 18:45 478720 c:\windows\system32\mshtmled.dll

+ 2004-08-10 18:51 . 2011-08-17 21:32 478720 c:\windows\system32\mshtmled.dll

- 2007-08-13 22:54 . 2011-06-21 18:45 468480 c:\windows\system32\msfeeds.dll

+ 2007-08-13 22:54 . 2011-08-17 21:32 468480 c:\windows\system32\msfeeds.dll

+ 2007-08-13 22:34 . 2011-08-17 21:32 268288 c:\windows\system32\iertutil.dll

- 2007-08-13 22:34 . 2011-06-21 18:45 268288 c:\windows\system32\iertutil.dll

+ 2004-08-10 18:51 . 2011-08-17 21:32 192512 c:\windows\system32\iepeers.dll

- 2004-08-10 18:51 . 2011-06-21 18:45 192512 c:\windows\system32\iepeers.dll

- 2004-08-10 18:51 . 2011-06-21 18:45 384512 c:\windows\system32\iedkcs32.dll

+ 2004-08-10 18:51 . 2011-08-17 21:32 384512 c:\windows\system32\iedkcs32.dll

+ 2007-07-11 16:27 . 2011-08-17 21:32 380928 c:\windows\system32\ieapfltr.dll

- 2007-07-11 16:27 . 2011-06-21 18:45 380928 c:\windows\system32\ieapfltr.dll

- 2004-08-10 18:51 . 2011-06-20 11:27 161792 c:\windows\system32\ieakui.dll

+ 2004-08-10 18:51 . 2011-08-17 11:00 161792 c:\windows\system32\ieakui.dll

+ 2004-08-10 18:51 . 2011-08-17 21:32 230400 c:\windows\system32\ieaksie.dll

- 2004-08-10 18:51 . 2011-06-21 18:45 230400 c:\windows\system32\ieaksie.dll

- 2004-08-10 18:51 . 2011-06-21 18:45 153088 c:\windows\system32\ieakeng.dll

+ 2004-08-10 18:51 . 2011-08-17 21:32 153088 c:\windows\system32\ieakeng.dll

+ 2004-08-10 18:57 . 2011-11-20 13:07 325112 c:\windows\system32\FNTCACHE.DAT

- 2004-08-10 18:57 . 2011-07-12 23:43 325112 c:\windows\system32\FNTCACHE.DAT

+ 2004-08-10 18:51 . 2011-08-17 21:32 133120 c:\windows\system32\extmgr.dll

- 2004-08-10 18:51 . 2011-06-21 18:45 133120 c:\windows\system32\extmgr.dll

- 2004-08-10 18:51 . 2011-06-21 18:45 214528 c:\windows\system32\dxtrans.dll

+ 2004-08-10 18:51 . 2011-08-17 21:32 214528 c:\windows\system32\dxtrans.dll

+ 2004-08-10 18:51 . 2011-08-17 21:32 347136 c:\windows\system32\dxtmsft.dll

- 2004-08-10 18:51 . 2011-06-21 18:45 347136 c:\windows\system32\dxtmsft.dll

+ 2004-08-10 18:50 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd.sys

- 2004-08-10 18:50 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys

+ 2008-04-21 06:44 . 2011-08-17 21:32 832512 c:\windows\system32\dllcache\wininet.dll

- 2008-04-21 06:44 . 2011-06-21 18:45 832512 c:\windows\system32\dllcache\wininet.dll

+ 2007-08-13 22:54 . 2011-08-17 21:32 233472 c:\windows\system32\dllcache\webcheck.dll

- 2007-08-13 22:54 . 2011-06-21 18:45 233472 c:\windows\system32\dllcache\webcheck.dll

+ 2007-08-13 22:44 . 2011-08-17 21:32 106496 c:\windows\system32\dllcache\url.dll

- 2007-08-13 22:44 . 2011-06-21 18:45 106496 c:\windows\system32\dllcache\url.dll

+ 2011-09-26 16:41 . 2011-09-26 16:41 220160 c:\windows\system32\dllcache\oleacc.dll

+ 2007-08-13 22:44 . 2011-08-17 21:32 102912 c:\windows\system32\dllcache\occache.dll

- 2007-08-13 22:44 . 2011-06-21 18:45 102912 c:\windows\system32\dllcache\occache.dll

- 2010-11-05 05:05 . 2011-06-21 18:45 671232 c:\windows\system32\dllcache\mstime.dll

+ 2010-11-05 05:05 . 2011-08-17 21:32 671232 c:\windows\system32\dllcache\mstime.dll

- 2007-08-13 22:44 . 2011-06-21 18:45 193024 c:\windows\system32\dllcache\msrating.dll

+ 2007-08-13 22:44 . 2011-08-17 21:32 193024 c:\windows\system32\dllcache\msrating.dll

+ 2010-09-09 14:16 . 2011-08-17 21:32 478720 c:\windows\system32\dllcache\mshtmled.dll

- 2010-09-09 14:16 . 2011-06-21 18:45 478720 c:\windows\system32\dllcache\mshtmled.dll

+ 2011-07-12 23:20 . 2011-08-17 21:32 468480 c:\windows\system32\dllcache\msfeeds.dll

- 2011-07-12 23:20 . 2011-06-21 18:45 468480 c:\windows\system32\dllcache\msfeeds.dll

- 2008-10-26 06:51 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll

+ 2008-10-26 06:51 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll

+ 2007-08-13 22:43 . 2011-08-17 11:01 634632 c:\windows\system32\dllcache\iexplore.exe

+ 2011-07-12 23:20 . 2011-08-17 21:32 268288 c:\windows\system32\dllcache\iertutil.dll

- 2011-07-12 23:20 . 2011-06-21 18:45 268288 c:\windows\system32\dllcache\iertutil.dll

- 2010-02-26 05:43 . 2011-06-21 18:45 192512 c:\windows\system32\dllcache\iepeers.dll

+ 2010-02-26 05:43 . 2011-08-17 21:32 192512 c:\windows\system32\dllcache\iepeers.dll

+ 2007-08-13 22:39 . 2011-08-17 21:32 384512 c:\windows\system32\dllcache\iedkcs32.dll

- 2007-08-13 22:39 . 2011-06-21 18:45 384512 c:\windows\system32\dllcache\iedkcs32.dll

+ 2011-07-12 23:20 . 2011-08-17 21:32 380928 c:\windows\system32\dllcache\ieapfltr.dll

- 2011-07-12 23:20 . 2011-06-21 18:45 380928 c:\windows\system32\dllcache\ieapfltr.dll

- 2007-08-13 21:56 . 2011-06-20 11:27 161792 c:\windows\system32\dllcache\ieakui.dll

+ 2007-08-13 21:56 . 2011-08-17 11:00 161792 c:\windows\system32\dllcache\ieakui.dll

+ 2007-08-13 22:39 . 2011-08-17 21:32 230400 c:\windows\system32\dllcache\ieaksie.dll

- 2007-08-13 22:39 . 2011-06-21 18:45 230400 c:\windows\system32\dllcache\ieaksie.dll

- 2007-08-13 22:39 . 2011-06-21 18:45 153088 c:\windows\system32\dllcache\ieakeng.dll

+ 2007-08-13 22:39 . 2011-08-17 21:32 153088 c:\windows\system32\dllcache\ieakeng.dll

- 2007-08-13 22:54 . 2011-06-21 18:45 133120 c:\windows\system32\dllcache\extmgr.dll

+ 2007-08-13 22:54 . 2011-08-17 21:32 133120 c:\windows\system32\dllcache\extmgr.dll

+ 2007-08-13 22:35 . 2011-08-17 21:32 214528 c:\windows\system32\dllcache\dxtrans.dll

- 2007-08-13 22:35 . 2011-06-21 18:45 214528 c:\windows\system32\dllcache\dxtrans.dll

- 2007-08-13 22:35 . 2011-06-21 18:45 347136 c:\windows\system32\dllcache\dxtmsft.dll

+ 2007-08-13 22:35 . 2011-08-17 21:32 347136 c:\windows\system32\dllcache\dxtmsft.dll

+ 2011-09-09 09:12 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll

- 2011-09-09 09:12 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll

- 2008-06-20 11:40 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys

+ 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys

+ 2007-08-13 22:39 . 2011-08-17 21:32 124928 c:\windows\system32\dllcache\advpack.dll

- 2007-08-13 22:39 . 2011-06-21 18:45 124928 c:\windows\system32\dllcache\advpack.dll

+ 2004-08-10 18:50 . 2011-08-17 21:32 124928 c:\windows\system32\advpack.dll

- 2004-08-10 18:50 . 2011-06-21 18:45 124928 c:\windows\system32\advpack.dll

+ 2011-07-07 10:18 . 2011-07-07 10:18 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

- 2011-03-25 10:15 . 2011-03-25 10:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2011-07-07 10:18 . 2011-07-07 10:18 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

- 2011-03-25 10:15 . 2011-03-25 10:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2011-07-07 17:04 . 2011-07-07 17:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

- 2010-09-23 06:26 . 2010-09-23 06:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

- 2010-09-23 06:25 . 2010-09-23 06:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

+ 2011-07-07 17:01 . 2011-07-07 17:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

- 2010-09-23 07:17 . 2010-09-23 07:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2011-07-07 18:09 . 2011-07-07 18:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 832512 c:\windows\ie7updates\KB2586448-IE7\wininet.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 233472 c:\windows\ie7updates\KB2586448-IE7\webcheck.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 106496 c:\windows\ie7updates\KB2586448-IE7\url.dll

+ 2011-11-20 03:53 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2586448-IE7\spuninst\updspapi.dll

+ 2011-11-20 03:53 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2586448-IE7\spuninst\spuninst.exe

+ 2011-11-20 03:53 . 2011-06-21 18:45 102912 c:\windows\ie7updates\KB2586448-IE7\occache.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 671232 c:\windows\ie7updates\KB2586448-IE7\mstime.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 193024 c:\windows\ie7updates\KB2586448-IE7\msrating.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 478720 c:\windows\ie7updates\KB2586448-IE7\mshtmled.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 468480 c:\windows\ie7updates\KB2586448-IE7\msfeeds.dll

+ 2011-11-20 03:53 . 2011-06-20 11:29 634648 c:\windows\ie7updates\KB2586448-IE7\iexplore.exe

+ 2011-11-20 03:53 . 2011-06-21 18:45 268288 c:\windows\ie7updates\KB2586448-IE7\iertutil.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 192512 c:\windows\ie7updates\KB2586448-IE7\iepeers.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 384512 c:\windows\ie7updates\KB2586448-IE7\iedkcs32.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 380928 c:\windows\ie7updates\KB2586448-IE7\ieapfltr.dll

+ 2011-11-20 03:53 . 2011-06-20 11:27 161792 c:\windows\ie7updates\KB2586448-IE7\ieakui.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 230400 c:\windows\ie7updates\KB2586448-IE7\ieaksie.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 153088 c:\windows\ie7updates\KB2586448-IE7\ieakeng.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 133120 c:\windows\ie7updates\KB2586448-IE7\extmgr.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 214528 c:\windows\ie7updates\KB2586448-IE7\dxtrans.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 347136 c:\windows\ie7updates\KB2586448-IE7\dxtmsft.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 124928 c:\windows\ie7updates\KB2586448-IE7\advpack.dll

+ 2011-06-25 03:04 . 2011-08-28 02:25 425984 c:\windows\assembly\temp\ZWC7UAYF3J\System.configuration.dll

+ 2011-06-25 03:03 . 2011-08-28 02:25 113664 c:\windows\assembly\temp\RPD1VIZGQ7\System.EnterpriseServices.Wrapper.dll

+ 2011-06-25 03:03 . 2011-08-28 02:25 258048 c:\windows\assembly\temp\RPD1VIZGQ7\System.EnterpriseServices.dll

+ 2011-06-25 03:03 . 2011-08-28 02:25 626688 c:\windows\assembly\temp\QHXLGXL9WC\System.Drawing.dll

+ 2011-06-25 03:03 . 2011-08-28 02:25 114688 c:\windows\assembly\temp\IMOQSNPRMO\System.ServiceProcess.dll

+ 2011-06-25 03:03 . 2011-08-28 02:25 303104 c:\windows\assembly\temp\EKT2ABK8GP\System.Runtime.Remoting.dll

+ 2011-06-25 03:03 . 2011-08-28 02:25 261632 c:\windows\assembly\temp\BFHJLGIKFH\System.Transactions.dll

+ 2011-11-20 03:52 . 2011-11-20 03:52 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_ab5eafdf\System.Drawing.dll

+ 2011-11-20 03:52 . 2011-11-20 03:52 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_32fa64c9\System.Drawing.Design.dll

+ 2011-11-20 03:52 . 2011-11-20 03:52 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_4b1dc0dd\CustomMarshalers.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\c8627df7adb416722d8e0f05c57fef6b\WsatConfig.ni.exe

+ 2011-11-20 13:12 . 2011-11-20 13:12 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a2c1bb3c5b1447b398e72c56091ca571\WindowsFormsIntegration.ni.dll

+ 2011-11-20 13:12 . 2011-11-20 13:12 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f102afdffdbe2565bcedb7fa0626b865\UIAutomationTypes.ni.dll

+ 2011-11-20 13:12 . 2011-11-20 13:12 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\ba55240b7753047f8d1b03ef473bf74e\UIAutomationClient.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\b2a84980f206431821d85d5155d5916f\System.Net.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll

+ 2011-11-20 13:17 . 2011-11-20 13:17 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\20a77c41ee12362d303fb2574fcd5a24\System.IO.Log.ni.dll

+ 2011-11-20 13:17 . 2011-11-20 13:17 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\41c3a2fcffc58b20023c7d54e57ea956\System.IdentityModel.Selectors.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.Wrapper.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll

+ 2011-11-20 13:12 . 2011-11-20 13:12 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\896eca06e2d9377b2dc4fad56ce49b07\System.Drawing.Design.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\33e9b0c368c31ef37a2ec7b5a181044b\System.DirectoryServices.Protocols.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b9d9ff5d03e90ede1116794f2c7dd6da\System.Data.DataSetExtensions.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\3048737e9e3bf5173121a084337256bc\System.AddIn.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6e45cf503f025c5fe814ea7e52f62a78\SMSvcHost.ni.exe

+ 2011-11-20 13:19 . 2011-11-20 13:19 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\f2df1ca28301bfe7e1d52b86c8394217\ServiceModelReg.ni.exe

+ 2011-11-20 13:11 . 2011-11-20 13:11 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll

+ 2011-11-20 13:11 . 2011-11-20 13:11 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94cfc00ad448575bfb0e67c53b514cd5\PresentationFramework.Aero.ni.dll

+ 2011-11-20 13:11 . 2011-11-20 13:11 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\478d57d96f3d8d5fc15c7ac635a4a6a1\PresentationFramework.Classic.ni.dll

+ 2011-11-20 13:11 . 2011-11-20 13:11 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\23c5852ff8ed973ff9b63ce9ba7f91f0\PresentationFramework.Royale.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\04595f414c49cf2a65b349648ba23e62\MSBuild.ni.exe

+ 2011-11-20 13:19 . 2011-11-20 13:19 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4cbd7ed9fbf9f1b3cbdf23906cc0f5a3\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ff6d4892775fd1f9b137f7c92ea453f2\Microsoft.Build.Utilities.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\47ff0720cb80a0fc0bbd15ddc3d12adc\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\da112c5757e3c68d6369b6aa46cc9682\Microsoft.Build.Engine.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\dc278e1123086ae32fec8f7e9751db14\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 696320 c:\windows\assembly\NativeImages_v2.0.50727_32\log4net\be23c163048bbb0f72cfa339ef0eb193\log4net.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 657408 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Serv#\7395f2ce8dd06b57c7efa3977fe962c7\Intuit.Ctg.Wte.Service.Interface.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 802304 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Share#\678767d5d111687c54f32a60b42d66db\Infragistics2.Shared.v8.2.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\4e68d5df30b197ff72c75f1c3c24b949\ComSvcConfig.ni.exe

+ 2011-11-20 13:17 . 2011-11-20 13:17 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e1bcee92f5af50d560d577c0a99ea3bd\AspNetMMCExt.ni.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2011-06-25 03:03 . 2011-11-20 03:57 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2011-06-25 03:03 . 2011-08-28 02:25 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2011-06-25 03:03 . 2011-08-28 02:25 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2011-06-25 03:03 . 2011-11-20 03:57 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2011-06-25 03:03 . 2011-11-20 03:57 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2011-06-25 03:03 . 2011-08-28 02:25 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2011-06-25 03:04 . 2011-08-28 02:25 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2011-06-25 03:04 . 2011-11-20 03:57 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2011-06-25 03:03 . 2011-11-20 03:57 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2011-06-25 03:03 . 2011-08-28 02:25 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2011-06-25 03:03 . 2011-08-28 02:25 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2011-06-25 03:03 . 2011-11-20 03:57 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2011-06-25 03:03 . 2011-08-28 02:25 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2011-06-25 03:03 . 2011-11-20 03:57 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2004-08-10 18:51 . 2011-08-17 21:32 1168896 c:\windows\system32\urlmon.dll

- 2004-08-10 18:51 . 2011-06-21 18:45 1168896 c:\windows\system32\urlmon.dll

+ 2004-08-10 18:51 . 2011-09-05 07:48 3615744 c:\windows\system32\mshtml.dll

- 2007-08-13 22:54 . 2011-06-21 18:45 6076416 c:\windows\system32\ieframe.dll

+ 2007-08-13 22:54 . 2011-08-17 21:32 6076416 c:\windows\system32\ieframe.dll

+ 2008-10-26 06:51 . 2011-09-06 13:20 1858944 c:\windows\system32\dllcache\win32k.sys

- 2008-10-26 06:51 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys

- 2008-08-20 05:30 . 2011-06-21 18:45 1168896 c:\windows\system32\dllcache\urlmon.dll

+ 2008-08-20 05:30 . 2011-08-17 21:32 1168896 c:\windows\system32\dllcache\urlmon.dll

+ 2008-04-21 06:44 . 2011-09-05 07:48 3615744 c:\windows\system32\dllcache\mshtml.dll

- 2011-07-12 23:20 . 2011-06-21 18:45 6076416 c:\windows\system32\dllcache\ieframe.dll

+ 2011-07-12 23:20 . 2011-08-17 21:32 6076416 c:\windows\system32\dllcache\ieframe.dll

+ 2011-07-07 10:18 . 2011-07-07 10:18 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

- 2011-03-25 10:15 . 2011-03-25 10:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

- 2011-03-25 10:15 . 2011-03-25 10:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2011-07-07 10:18 . 2011-07-07 10:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

- 2010-09-23 19:55 . 2010-09-23 19:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

+ 2011-07-08 18:59 . 2011-07-08 18:59 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

- 2010-09-23 19:55 . 2010-09-23 19:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

+ 2011-07-08 18:59 . 2011-07-08 18:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

+ 2011-07-07 17:02 . 2011-07-07 17:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

- 2010-09-23 06:26 . 2010-09-23 06:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

+ 2011-07-07 17:02 . 2011-07-07 17:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

- 2010-09-23 19:55 . 2010-09-23 19:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

+ 2011-07-08 18:59 . 2011-07-08 18:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 1168896 c:\windows\ie7updates\KB2586448-IE7\urlmon.dll

+ 2011-11-20 03:53 . 2011-07-22 16:35 3613696 c:\windows\ie7updates\KB2586448-IE7\mshtml.dll

+ 2011-11-20 03:53 . 2011-06-21 18:45 6076416 c:\windows\ie7updates\KB2586448-IE7\ieframe.dll

+ 2011-06-25 03:03 . 2011-08-28 02:25 2048000 c:\windows\assembly\temp\VVQL9WC0G4\System.XML.dll

+ 2011-06-25 03:04 . 2011-08-28 02:25 2933248 c:\windows\assembly\temp\F89B5794LU\System.Data.dll

+ 2011-06-25 03:04 . 2011-08-28 02:25 3182592 c:\windows\assembly\temp\7RZ8GPQ6TA\System.dll

+ 2011-06-25 03:03 . 2011-08-28 02:25 5025792 c:\windows\assembly\temp\1CDFOXZ89W\System.Windows.Forms.dll

+ 2011-11-20 03:52 . 2011-11-20 03:52 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_df187b20\System.dll

+ 2011-11-20 03:51 . 2011-11-20 03:51 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_cb6ae6e9\System.dll

+ 2011-11-20 03:52 . 2011-11-20 03:52 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_a25a8237\System.Xml.dll

+ 2011-11-20 03:51 . 2011-11-20 03:51 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_72fafd51\System.Xml.dll

+ 2011-11-20 03:52 . 2011-11-20 03:52 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_eba4703d\System.Windows.Forms.dll

+ 2011-11-20 03:51 . 2011-11-20 03:51 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_411e0bf0\System.Windows.Forms.dll

+ 2011-11-20 03:52 . 2011-11-20 03:52 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e357338f\System.Drawing.dll

+ 2011-11-20 03:52 . 2011-11-20 03:52 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_b7bfccb0\System.Design.dll

+ 2011-11-20 03:52 . 2011-11-20 03:52 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_65ecba7a\System.Design.dll

+ 2011-11-20 03:52 . 2011-11-20 03:52 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_96b66e4a\mscorlib.dll

+ 2011-11-20 03:52 . 2011-11-20 03:52 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0fc9dcc8\mscorlib.dll

+ 2011-11-20 13:09 . 2011-11-20 13:09 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll

+ 2011-11-20 13:12 . 2011-11-20 13:12 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\55d4813580b1e5d268ff0564942cee9c\UIAutomationClientsideProviders.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 4161024 c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\91d49450549bdb21b40782f6f951b3a8\ttax.ni.dll

+ 2011-11-20 13:08 . 2011-11-20 13:08 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll

+ 2011-11-20 13:12 . 2011-11-20 13:12 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6303e256d2ac0843c3e4c24172c90544\System.Web.Services.ni.dll

+ 2011-11-20 13:12 . 2011-11-20 13:12 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\10d7daa3d1e62a0e40587cdc707be93f\System.Speech.ni.dll

+ 2011-11-20 13:17 . 2011-11-20 13:17 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll

+ 2011-11-20 13:12 . 2011-11-20 13:12 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0f8e14bfdb27645fb1a92ce26f9bf521\System.Printing.ni.dll

+ 2011-11-20 13:17 . 2011-11-20 13:17 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d14065ede44df8e9b5d6b60c5ddccc69\System.IdentityModel.ni.dll

+ 2011-11-20 13:12 . 2011-11-20 13:12 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\91cd88a803768151c6262853d3454ba7\System.DirectoryServices.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll

+ 2011-11-20 13:11 . 2011-11-20 13:11 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef748704f543a8791e23387652d34dfb\System.Data.SqlXml.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\5d5aa4b926ae422607ea833d934665c2\System.Data.OracleClient.ni.dll

+ 2011-11-20 13:11 . 2011-11-20 13:11 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d96a94076acb8e0c5a96a1b2de4b3a7a\System.Data.Linq.ni.dll

+ 2011-11-20 13:11 . 2011-11-20 13:11 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll

+ 2011-11-20 13:11 . 2011-11-20 13:11 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\714e9504255565bd9076fe13628e104a\ReachFramework.ni.dll

+ 2011-11-20 13:11 . 2011-11-20 13:11 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7dc6ee14234b0686182ced75f7dae990\PresentationUI.ni.dll

+ 2011-11-20 13:09 . 2011-11-20 13:09 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b42ad515bb20ec1f1250c040371c6730\PresentationBuildTasks.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ce1ecd602ca089eb13a9b428dc7f0449\Microsoft.Transactions.Bridge.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\8ad32b72258899177c07dc5912b5b748\Microsoft.JScript.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\50e7c5eb58c982dba7b21cd10a69b095\Microsoft.Build.Tasks.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\415cef6abab5bb959f200f6c537bc289\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\ca8440a41cbc679a901f4ccaec48e562\Intuit.Ctg.Map.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 2597376 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.M#\edcaf3ed41a6cf6810b6bca9691a1b08\Infragistics2.Win.Misc.v8.2.ni.dll

- 2011-06-25 03:04 . 2011-08-28 02:25 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2011-06-25 03:04 . 2011-11-20 03:57 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2011-06-25 03:03 . 2011-08-28 02:25 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2011-06-25 03:03 . 2011-11-20 03:57 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2011-06-25 03:03 . 2011-08-28 02:25 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2011-06-25 03:03 . 2011-11-20 03:57 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2011-11-20 03:57 . 2011-11-20 03:57 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2011-08-28 02:25 . 2011-08-28 02:25 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2011-06-25 03:04 . 2011-08-28 02:25 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2011-06-25 03:04 . 2011-11-20 03:57 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2011-06-25 03:03 . 2011-11-20 03:57 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

- 2011-06-25 03:03 . 2011-08-28 02:25 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2011-11-20 03:51 . 2011-11-20 03:51 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

- 2010-10-11 02:07 . 2010-10-11 02:07 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

+ 2011-11-20 03:51 . 2011-11-20 03:51 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

- 2010-10-11 02:07 . 2010-10-11 02:07 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

+ 2007-12-19 02:27 . 2011-10-28 03:04 50295240 c:\windows\system32\MRT.exe

+ 2011-07-13 03:49 . 2011-07-13 03:49 11459584 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2572067\M2572067Uninstall.msp

+ 2011-07-12 01:43 . 2011-07-12 01:43 11641344 c:\windows\Installer\b17c47.msp

+ 2011-07-12 20:50 . 2011-07-12 20:50 17555968 c:\windows\Installer\b17c3e.msp

+ 2011-11-20 13:12 . 2011-11-20 13:12 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll

+ 2011-11-20 13:18 . 2011-11-20 13:18 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ceadaf3b3d017c7a1ef10a06f8009f6f\System.ServiceModel.ni.dll

+ 2011-11-20 13:12 . 2011-11-20 13:12 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c6374d32e4af7b7e3e46b32176f76558\System.Design.ni.dll

+ 2011-11-20 13:11 . 2011-11-20 13:11 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll

+ 2011-11-20 13:10 . 2011-11-20 13:10 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll

+ 2011-11-20 03:58 . 2011-11-20 03:58 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll

+ 2011-11-20 13:19 . 2011-11-20 13:19 10334208 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.v#\b62b6ab0137eb89d4a73def305b4acf3\Infragistics2.Win.v8.2.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"gStart"="c:\garmin\gStart.exe" [2007-08-23 1891416]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-13 68856]

"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 138008]

"PMX Daemon"="ICO.EXE" [2006-11-08 49152]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]

"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]

"MaxtorOneTouch"="c:\program files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 712704]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]

"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]

"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Online plug-in.lnk - c:\windows\Installer\{0F1F7A90-E71B-4E45-A066-2891619F22E1}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2011-6-4 77824]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 3:03 PM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 5:41 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/4/2011 11:59 PM 295248]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/16/2010 3:22 PM 65584]

R1 NmPar;MosChip Unusable Parallel Port;c:\windows\system32\drivers\NmPar.sys [10/11/2006 2:12 PM 76416]

R1 nmserial;MosChip PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [10/12/2006 11:23 PM 60032]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]

R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [4/12/2008 1:27 PM 2368]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 8:28 PM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53 AM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53 AM 16720]

R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [12/13/2007 8:36 AM 141376]

R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [12/13/2007 8:36 AM 7424]

R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [12/13/2007 8:36 AM 235616]

R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [12/18/2007 8:13 PM 18432]

R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [12/18/2007 8:13 PM 14336]

R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [12/13/2007 8:55 AM 31616]

S1 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [2/27/2008 8:08 PM 14336]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/14/2010 8:50 AM 135664]

S2 NmSer;NetMos Multi I/O Serial Driver; [x]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/14/2010 8:50 AM 135664]

S3 mamovec;mamovec;c:\windows\system32\drivers\mamovec.sys [7/3/2008 8:08 PM 24784]

S3 mamovem;mamovem;c:\windows\system32\drivers\mamovem.sys [7/3/2008 8:08 PM 25044]

S3 mamoveu;mamoveu;c:\windows\system32\drivers\mamoveu.sys [7/3/2008 8:08 PM 48853]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [7/3/2008 8:19 PM 18176]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [7/3/2008 8:19 PM 7680]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [7/3/2008 8:19 PM 42112]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [7/3/2008 8:19 PM 23680]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 4:10 PM 32512]

S3 Oxmfuf;Filter driver for OX16PCI95x ports;c:\windows\system32\drivers\oxmfuf.sys [2/27/2008 8:08 PM 4992]

S3 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\OxSer.sys [2/27/2008 8:08 PM 54584]

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 13:50]

.

2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 13:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.dell.com

mSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\w75iazg5.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-20 08:22

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1012)

c:\program files\Citrix\ICA Client\pnsson.dll

.

- - - - - - - > 'explorer.exe'(4044)

c:\windows\system32\WININET.dll

c:\program files\iTunes\iTunesMiniPlayer.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Roxio\Drag-to-Disc\Shellex.dll

c:\windows\system32\DLAAPI_W.DLL

c:\windows\system32\CDRTC.DLL

c:\program files\Roxio\Drag-to-Disc\ShellRes.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\pmxscrll.dll

c:\windows\system32\PMXCOMM.dll

c:\windows\system32\PMXHOOKS.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Maxtor\Utils\SyncServices.exe

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

c:\program files\Citrix\ICA Client\ssonsvr.exe

c:\windows\system32\ICO.EXE

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\Pmxmiced.exe

c:\program files\Citrix\ICA Client\WFCRUN32.EXE

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Logitech\Video\FxSvr2.exe

.

**************************************************************************

.

Completion time: 2011-11-20 08:26:17 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-20 13:26

ComboFix2.txt 2011-11-20 00:01

.

Pre-Run: 255,408,738,304 bytes free

Post-Run: 255,321,018,368 bytes free

.

- - End Of File - - 0317BCDF1A52B7475AC50A6050BBD4E2

Link to post
Share on other sites

These are leftover from the infection

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

Folder::
c:\documents and settings\Dan\Application Data\s2iibbD3pnG5QH
c:\documents and settings\Dan\Application Data\addWWK8fRL9hXwU
c:\documents and settings\Dan\Application Data\FC407
c:\documents and settings\Dan\Application Data\uJJ77dELLgRZqYw
c:\documents and settings\Dan\Application Data\T99ggTZqq

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Next:

After uninstalling combofix, run a new scan with your AVG.

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

    •Free browser plug-in for Internet Explorer and Firefox

    •Real-time safety ratings

    •Ideal for Facebook, Twitter and LinkedIn

    [*] JAVA Click this link and click on the Free JAVA Download

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.