Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92374 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Multiple Trojan Horses found on AVG scan


  • This topic is locked This topic is locked
16 replies to this topic

#1 StephS

StephS

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 20 October 2009 - 05:39 PM

AVG 8.5 scan has detected 5 different trojan horses over the last two scans: Trojan Horse Generic 14, Trojan Horse Generic_c, Trojan Horse SHeur2, Trojan Horse Injector, and Trojan Horse Downloader.Generic8. They have all been moved to the virus vault. I'm not sure what to do to permanently remove them. Below are my logs from RootRepeal, DDS, and the DDS attachment. Thank you in advance!

RootRepeal Log

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/20 19:25
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB677C000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE32000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB47FF000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

DDS Log
DDS (Ver_09-06-26.01) - NTFSx86
Run by Compaq_Administrator at 19:21:18.93 on Tue 10/20/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1310 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\RINGCE~1\RINGCE~1\RCHotKey.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*http://www.yahoo.com
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [RCHotKey] "c:\progra~1\ringce~1\ringce~1\RCHotKey.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hp\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hp\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
Trusted Zone: microsoft.com\office
Trusted Zone: trymedia.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238559975125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\842l7v6b.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-1 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-1 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-1 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-1 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-1 297752]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-9-25 1247600]
S0 hoi8fc8;hoi8fc8;\SystemRoot\\SystemRoot\System32\drivers\hoi8fc8.sys --> \SystemRoot\\SystemRoot\System32\drivers\hoi8fc8.sys [?]
S1 6e928da3.sys;6e928da3.sys;\??\c:\windows\system32\drivers\6e928da3.sys --> c:\windows\system32\drivers\6e928da3.sys [?]

=============== Created Last 30 ================

2009-10-15 06:36 <DIR> --d----- c:\windows\ie8updates
2009-10-15 03:36 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-10-15 03:36 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-10-15 03:36 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-15 03:36 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-10-15 03:36 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-10-15 03:36 11,069,440 -------- c:\windows\system32\dllcache\ieframe.dll
2009-10-10 12:47 <DIR> --d----- c:\program files\Trend Micro
2009-10-10 11:52 <DIR> --dsh--- c:\documents and settings\compaq_administrator\IETldCache
2009-10-10 11:47 118 a------- c:\windows\system32\MRT.INI
2009-10-10 11:39 <DIR> -cd-h--- c:\windows\ie8
2009-10-08 17:08 68 a------- c:\windows\system32\rotscxyqmipqoi.dat
2009-10-08 16:42 <DIR> --d----- c:\windows\system32\LogFiles
2009-10-08 16:36 229,888 a------- c:\windows\PEV.exe
2009-10-08 16:36 161,792 a------- c:\windows\SWREG.exe
2009-10-08 16:36 98,816 a------- c:\windows\sed.exe
2009-10-05 19:27 0 a------- c:\documents and settings\compaq_administrator\settings.dat
2009-10-05 19:19 <DIR> --d-h--- c:\windows\PIF

==================== Find3M ====================

2009-10-10 11:49 45,344 a------- c:\windows\system32\drivers\hoi8fc8.sys
2009-10-10 11:47 71,168 -------- c:\windows\system32\drivers\rotscxyrodulvy.sys
2009-10-10 11:38 52,914 a------- c:\windows\system32\rotscxkepbpjvr.dat
2009-09-11 10:33 133,632 a------- c:\windows\system32\msv1_0.dll
2009-09-11 10:33 133,632 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 16:45 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 16:45 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-29 04:08 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-08-29 04:08 916,480 a------- c:\windows\system32\wininet.dll
2009-08-29 04:08 916,480 a------- c:\windows\system32\dllcache\wininet.dll
2009-08-29 04:08 5,940,224 a------- c:\windows\system32\dllcache\mshtml.dll
2009-08-29 04:08 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-08-29 04:08 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-08-29 04:08 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-08-29 04:08 387,584 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-08-28 06:35 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 04:16 247,326 -------- c:\windows\system32\strmdll.dll
2009-08-26 04:16 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-25 12:14 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-25 12:14 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-08-25 12:14 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-20 15:09 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-05 05:11 204,800 -------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 10:00 2,180,352 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 10:00 2,180,352 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 09:58 2,136,064 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 09:13 2,015,744 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 09:13 2,057,728 -------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 09:13 2,057,728 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-07-10 00:02 90,168 a------- c:\docume~1\compaq~1\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 19:21:46.04 =============

Attached Files


    Advertisements

Register to Remove


#2 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 20 October 2009 - 07:11 PM

Hello and :welcome: Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise. This may cause a delay, but I will do my best to keep it as short as possible. I am checking over your log , I will post back shortly with instructions.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#3 StephS

StephS

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 20 October 2009 - 09:48 PM

Thank you!

#4 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 21 October 2009 - 03:18 AM

Hi,

I will be helping you on removing malwares on your computer. Log research takes time, so please be patient and I'd be grateful if you would note the following:
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Do not install/uninstall anything on your computer unless advised.
  • Do not run any other scanning tools other than those instructed for you to use.
  • Follow the instructions on the order they are given.
  • Stay with this thread until advised when your computer is clean. Absence of symptoms does not necessarily mean a clean computer.
  • If you are being helped regarding this problem on another forum please advice us so that we can close this thread.
  • And lastly, if you have any questions, please ask before proceeding with any of the advised fixes.

________________________________________________________

NOTE: Refrain from using combofix without proper supervision as this may render your machine inoperable.
________________________________________________________

Please do the following:
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:


    c:\windows\system32\drivers\hoi8fc8.sys

  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Do the same to the following files:
c:\windows\system32\drivers\6e928da3.sys
c:\windows\system32\MRT.INI



--Next--

I see from your logs that ComboFix has been previously run on this computer.
I would like to see those logs, please navigate to C:\Combofix.txt and post the log. Previous runs, the logs can be found at C:\qoobox\combofix2.txt, C:\Qoobox\Combofix3.txt etc.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#5 StephS

StephS

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 21 October 2009 - 04:19 PM

Hi! There was no file for c:\windows\system32\drivers\6e928da3.sys, but I was able to run a scan on the other two:

VirSCAN.org Scanned Report :
Scanned time : 2009/10/21 17:55:03 (EDT)
Scanner results: Scanners did not find malware!
File Name : hoi8fc8.sys
File Size : 45344 byte
File Type : data
MD5 : 8e2d4f45a3d77d3d608804068e516c1d
SHA1 : 749d6363bc815443be29a6decca1d7143a603133
Online report : http://virscan.org/r...fa0b2ab1f0.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091022000136 2009-10-22 4.16 -
AhnLab V3 2009.10.21.00 2009.10.21 2009-10-21 0.84 -
AntiVir 8.2.1.42 7.1.6.134 2009-10-21 0.08 -
Antiy 2.0.18 20091021.3035331 2009-10-21 0.12 -
Arcavir 2009 200910201017 2009-10-20 0.02 -
Authentium 5.1.1 200910211735 2009-10-21 1.19 -
AVAST! 4.7.4 091021-0 2009-10-21 0.01 -
AVG 8.5.288 270.14.25/2450 2009-10-22 0.31 -
BitDefender 7.81008.4436641 7.28477 2009-10-22 3.82 -
CA (VET) 9.0.0.143 35.1.7077 2009-10-22 10.49 -
ClamAV 0.95.2 9920 2009-10-21 0.00 -
Comodo 3.12 2682 2009-10-21 0.76 -
CP Secure 1.3.0.5 2009.10.21 2009-10-21 0.01 -
Dr.Web 4.44.0.9170 2009.10.21 2009-10-21 5.84 -
F-Prot 4.4.4.56 20091021 2009-10-21 1.17 -
F-Secure 7.02.73807 2009.10.21.16 2009-10-21 0.08 -
Fortinet 2.81-3.120 10.970 2009-10-21 0.22 -
GData 19.8517/19.518 20091021 2009-10-21 6.68 -
ViRobot 20091021 2009.10.21 2009-10-21 0.42 -
Ikarus T3.1.01.72 2009.10.21.74222 2009-10-21 4.16 -
JiangMin 11.0.800 2009.10.20 2009-10-20 4.32 -
Kaspersky 5.5.10 2009.10.21 2009-10-21 0.03 -
KingSoft 2009.2.5.15 2009.10.21.16 2009-10-21 0.58 -
McAfee 5.3.00 5778 2009-10-21 3.33 -
Microsoft 1.5101 2009.10.21 2009-10-21 7.03 -
Norman 6.01.09 6.01.00 2009-10-21 4.02 -
Panda 9.05.01 2009.10.20 2009-10-20 0.87 -
Trend Micro 8.700-1004 6.567.00 2009-10-21 0.02 -
Quick Heal 10.00 2009.10.21 2009-10-21 1.22 -
Rising 20.0 21.52.24.00 2009-10-21 0.29 -
Sophos 3.00.1 4.46 2009-10-22 2.59 -
Sunbelt 5461 5461 2009-10-21 1.69 -
Symantec 1.3.0.24 20091021.002 2009-10-21 0.24 -
nProtect 20091021.02 5952698 2009-10-21 8.45 -
The Hacker 6.5.0.2 v00049 2009-10-20 0.68 -
VBA32 3.12.10.11 20091020.1141 2009-10-20 2.02 -
VirusBuster 4.5.11.10 10.112.75/2012369 2009-10-21 2.42 -



VirSCAN.org Scanned Report :
Scanned time : 2009/10/21 18:01:43 (EDT)
Scanner results: Scanners did not find malware!
File Name : MRT.INI
File Size : 118 byte
File Type : ASCII text, with CRLF line terminators
MD5 : f838fa2a4a969df57dec58a5e1290057
SHA1 : eec43dbec13e49210a7ee0467688b4849d9eec34
Online report : http://virscan.org/r...564ecd8a39.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091022000136 2009-10-22 4.08 -
AhnLab V3 2009.10.21.00 2009.10.21 2009-10-21 0.84 -
AntiVir 8.2.1.42 7.1.6.134 2009-10-21 0.34 -
Antiy 2.0.18 20091021.3035331 2009-10-21 0.12 -
Arcavir 2009 200910201017 2009-10-20 0.02 -
Authentium 5.1.1 200910211735 2009-10-21 1.18 -
AVAST! 4.7.4 091021-0 2009-10-21 0.00 -
AVG 8.5.288 270.14.25/2450 2009-10-22 0.30 -
BitDefender 7.81008.4436641 7.28477 2009-10-22 3.81 -
CA (VET) 9.0.0.143 35.1.7077 2009-10-22 4.71 -
ClamAV 0.95.2 9920 2009-10-21 0.00 -
Comodo 3.12 2682 2009-10-21 0.70 -
CP Secure 1.3.0.5 2009.10.21 2009-10-21 0.01 -
Dr.Web 4.44.0.9170 2009.10.21 2009-10-21 5.83 -
F-Prot 4.4.4.56 20091021 2009-10-21 1.17 -
F-Secure 7.02.73807 2009.10.21.16 2009-10-21 0.07 -
Fortinet 2.81-3.120 10.970 2009-10-21 0.14 -
GData 19.8518/19.518 20091021 2009-10-21 5.61 -
ViRobot 20091021 2009.10.21 2009-10-21 0.44 -
Ikarus T3.1.01.72 2009.10.21.74222 2009-10-21 4.16 -
JiangMin 11.0.800 2009.10.20 2009-10-20 4.50 -
Kaspersky 5.5.10 2009.10.21 2009-10-21 0.03 -
KingSoft 2009.2.5.15 2009.10.21.16 2009-10-21 0.73 -
McAfee 5.3.00 5778 2009-10-21 3.37 -
Microsoft 1.5101 2009.10.21 2009-10-21 5.86 -
Norman 6.01.09 6.01.00 2009-10-21 4.02 -
Panda 9.05.01 2009.10.20 2009-10-20 0.49 -
Trend Micro 8.700-1004 6.567.00 2009-10-21 0.02 -
Quick Heal 10.00 2009.10.21 2009-10-21 1.34 -
Rising 20.0 21.52.24.00 2009-10-21 0.53 -
Sophos 3.00.1 4.46 2009-10-22 2.60 -
Sunbelt 5462 5462 2009-10-21 2.09 -
Symantec 1.3.0.24 20091021.002 2009-10-21 0.23 -
nProtect 20091021.02 5952698 2009-10-21 7.41 -
The Hacker 6.5.0.2 v00049 2009-10-20 0.65 -
VBA32 3.12.10.11 20091020.1141 2009-10-20 1.91 -
VirusBuster 4.5.11.10 10.112.75/2012369 2009-10-21 2.42 -


Combofix log:

ComboFix 09-10-07.05 - Compaq_Administrator 10/08/2009 16:45.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1519 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\c8f6cd1.msp
c:\windows\kb913800.exe
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\26500.exe
c:\windows\system32\41.exe
c:\windows\system32\6334.exe
c:\windows\system32\critical_warning.html
c:\windows\system32\logon.exe
c:\windows\system32\tapi.nfo
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-09-08 to 2009-10-08 )))))))))))))))))))))))))))))))
.

2009-10-08 20:42 . 2009-10-08 20:42 -------- d-----w- c:\windows\system32\LogFiles
2009-10-05 23:27 . 2009-10-05 23:27 0 ----a-w- c:\documents and settings\Compaq_Administrator\settings.dat
2009-10-05 23:19 . 2009-10-05 23:19 -------- d--h--w- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 20:18 . 2008-12-02 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-05 19:21 . 2009-09-05 18:52 45344 ----a-w- c:\windows\system32\drivers\hoi8fc8.sys
2009-08-25 16:14 . 2008-12-02 03:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-25 16:14 . 2008-12-02 03:41 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-25 16:14 . 2008-12-02 03:41 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-25 16:14 . 2008-12-02 03:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-25 16:13 . 2009-08-25 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-25 16:09 . 2009-08-25 16:09 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\AVG8
2009-08-25 14:25 . 2006-09-26 02:20 90560 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:11 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2004-08-10 04:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"RCHotKey"="c:\progra~1\RINGCE~1\RINGCE~1\RCHotKey.exe" [2008-12-18 32768]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-15 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-26 180269]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-25 2007832]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-11-17 827904]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-15 68592]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-14 16239616]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-05-09 1519616]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-9-25 36903]
hp psc 2000 Series.lnk - c:\program files\HP\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]
hpoddt01.exe.lnk - c:\program files\HP\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-12-20 54776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-25 16:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\RingCentral\\RingCentral Call Controller\\RCUI.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/1/2008 11:41 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/1/2008 11:41 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/1/2008 11:41 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/1/2008 11:41 PM 297752]
S0 hoi8fc8;hoi8fc8;\SystemRoot\\SystemRoot\System32\drivers\hoi8fc8.sys --> \SystemRoot\\SystemRoot\System32\drivers\hoi8fc8.sys [?]
S1 6e928da3.sys;6e928da3.sys;\??\c:\windows\System32\drivers\6e928da3.sys --> c:\windows\System32\drivers\6e928da3.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*http://www.yahoo.com
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*http://www.yahoo.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: microsoft.com\office
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\842l7v6b.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe



**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2009-10-08 16:57
ComboFix-quarantined-files.txt 2009-10-08 20:56

Pre-Run: 221,760,004,096 bytes free
Post-Run: 222,341,681,152 bytes free

157 --- E O F --- 2009-09-03 04:28



Thanks!

#6 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 21 October 2009 - 07:45 PM

Hi,

Please delete your copy of Combofix.

--Next--

Download Combofix from any of the links below. You must rename it before saving it. Save it as SubsFix.exe

* IMPORTANT !!! Save SubsFix.exe to your Desktop

Link 1
Link 2

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link - How to Disable your Security Programs
--------------------------------------------------------------------

  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#7 StephS

StephS

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 21 October 2009 - 08:13 PM

ComboFix Log

ComboFix 09-10-20.03 - Compaq_Administrator 10/21/2009 22:01.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1327 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\SubsFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator\Local Settings\Temp\IadHide5.dll
c:\windows\system32\drivers\rotscxyrodulvy.sys
c:\windows\system32\rotscxkepbpjvr.dat
c:\windows\system32\rotscxyqmipqoi.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_rotscxklvdyudo
-------\Service_rotscxklvdyudo


((((((((((((((((((((((((( Files Created from 2009-09-22 to 2009-10-22 )))))))))))))))))))))))))))))))
.

2009-10-20 23:18 . 2009-10-20 23:18 -------- d-----w- c:\program files\ERUNT
2009-10-15 10:36 . 2009-10-15 10:36 -------- d-----w- c:\windows\ie8updates
2009-10-15 07:36 . 2009-08-29 08:08 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-15 07:36 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-15 07:36 . 2009-08-29 08:08 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-15 07:36 . 2009-08-29 08:08 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-15 07:36 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-15 07:36 . 2009-08-29 08:08 11069440 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-10-10 16:47 . 2009-10-10 16:47 -------- d-----w- c:\program files\Trend Micro
2009-10-10 15:57 . 2009-10-10 15:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-10 15:52 . 2009-10-10 15:52 -------- d-sh--w- c:\documents and settings\Compaq_Administrator\IETldCache
2009-10-10 15:39 . 2009-10-10 15:39 -------- dc-h--w- c:\windows\ie8
2009-10-08 20:42 . 2009-10-08 20:42 -------- d-----w- c:\windows\system32\LogFiles
2009-10-05 23:27 . 2009-10-05 23:27 0 ----a-w- c:\documents and settings\Compaq_Administrator\settings.dat
2009-10-05 23:19 . 2009-10-05 23:19 -------- d--h--w- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 23:00 . 2009-08-25 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-10 15:49 . 2009-09-05 18:52 45344 ----a-w- c:\windows\system32\drivers\hoi8fc8.sys
2009-09-11 14:33 . 2004-08-10 04:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 20:18 . 2008-12-02 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-04 20:45 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:16 . 2004-08-10 04:00 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-25 16:14 . 2008-12-02 03:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-25 16:14 . 2008-12-02 03:41 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-25 16:14 . 2008-12-02 03:41 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-25 16:14 . 2008-12-02 03:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-25 16:09 . 2009-08-25 16:09 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\AVG8
2009-08-25 14:25 . 2006-09-26 02:20 90560 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-20 19:09 . 2009-08-20 19:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:11 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:00 . 2004-08-10 11:00 2180352 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13 . 2004-08-10 11:00 2057728 ------w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-10-08_20.54.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-09-26 01:48 . 2009-01-07 22:21 26144 c:\windows\system32\spupdsvc.exe
+ 2006-09-26 01:55 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll
+ 2004-08-10 04:00 . 2009-03-08 08:31 46592 c:\windows\system32\pngfilt.dll
+ 2005-08-31 04:07 . 2009-10-15 10:44 71936 c:\windows\system32\perfc009.dat
- 2005-08-31 04:07 . 2009-08-17 10:50 71936 c:\windows\system32\perfc009.dat
+ 2009-01-07 22:20 . 2009-01-07 22:20 23552 c:\windows\system32\normaliz.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 24576 c:\windows\system32\nlsdl.dll
+ 2004-08-10 04:00 . 2009-03-08 08:31 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-10 04:00 . 2009-03-08 08:31 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-10 04:00 . 2009-03-08 08:31 45568 c:\windows\system32\mshta.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 13312 c:\windows\system32\msfeedssync.exe
+ 2009-03-08 08:31 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-10 04:00 . 2009-03-08 08:34 43008 c:\windows\system32\licmgr10.dll
+ 2004-08-10 04:00 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-10 04:00 . 2009-03-08 08:32 94720 c:\windows\system32\inseng.dll
+ 2004-08-10 04:00 . 2009-03-08 08:31 34816 c:\windows\system32\imgutil.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 36864 c:\windows\system32\ieudinit.exe
+ 2004-08-10 04:00 . 2009-03-08 08:32 71680 c:\windows\system32\iesetup.dll
+ 2004-08-10 04:00 . 2009-03-08 08:32 55808 c:\windows\system32\iernonce.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 26112 c:\windows\system32\idndl.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 59904 c:\windows\system32\icardie.dll
+ 2003-08-18 18:26 . 2003-08-18 18:26 25872 c:\windows\system32\FM20ENU.DLL
+ 2004-08-10 04:00 . 2009-03-08 08:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-10 04:00 . 2009-03-08 08:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2004-08-10 04:00 . 2009-03-08 08:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-10 04:00 . 2009-03-08 08:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2004-08-10 04:00 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2004-08-10 04:00 . 2009-03-08 08:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-10 04:00 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-10 04:00 . 2009-03-08 08:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-10 04:00 . 2009-03-08 08:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2004-08-10 04:00 . 2009-03-08 08:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2004-08-10 04:00 . 2009-03-08 08:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-10 04:00 . 2009-03-08 08:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2004-08-10 04:00 . 2009-03-08 08:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-10 04:00 . 2009-03-08 08:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2004-08-10 04:00 . 2009-03-08 08:33 18944 c:\windows\system32\corpol.dll
+ 2005-08-31 04:02 . 2009-10-10 15:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-31 04:02 . 2009-10-08 20:43 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-30 20:51 . 2009-10-10 15:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-30 20:51 . 2009-10-08 20:43 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-30 20:51 . 2009-10-08 20:43 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-08-30 20:51 . 2009-10-10 15:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-01-29 14:08 . 2004-01-29 14:08 32768 c:\windows\system32\ATHPRXY.DLL
- 2001-01-22 07:25 . 2001-01-22 07:25 32768 c:\windows\system32\ATHPRXY.DLL
+ 2004-08-10 04:00 . 2009-03-08 08:32 72704 c:\windows\system32\admparse.dll
+ 2009-06-24 23:56 . 2009-06-24 23:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 00:58 . 2007-04-14 00:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2007-04-14 01:30 . 2007-04-14 01:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-09-29 23:11 . 2009-06-24 16:56 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
+ 2004-10-07 22:36 . 2009-06-24 16:56 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
+ 2004-08-04 04:12 . 2009-06-24 02:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2004-08-04 04:12 . 2007-01-02 20:29 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2004-08-04 04:12 . 2007-01-02 20:29 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2004-08-04 04:12 . 2009-06-24 02:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2004-08-04 04:11 . 2009-06-24 02:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2004-08-04 04:11 . 2007-01-02 20:34 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2002-06-21 23:31 . 2009-06-24 02:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
- 2002-06-21 23:31 . 2002-06-21 23:31 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2005-11-14 20:38 . 2005-11-14 20:38 72192 c:\windows\Installer\2a8321b.msp
+ 2008-07-02 14:12 . 2009-10-19 07:07 90112 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2008-07-02 14:12 . 2008-07-19 03:38 90112 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-07-02 14:12 . 2009-10-19 07:07 45056 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-07-02 14:12 . 2008-07-19 03:38 45056 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-07-02 14:12 . 2009-10-19 07:07 22528 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-07-02 14:12 . 2008-07-19 03:38 22528 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-07-02 14:12 . 2008-07-19 03:38 30720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-07-02 14:12 . 2009-10-19 07:07 30720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-07-02 14:12 . 2009-10-19 07:07 16384 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-07-02 14:12 . 2008-07-19 03:38 16384 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-07-02 14:12 . 2009-10-19 07:07 34304 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-07-02 14:12 . 2008-07-19 03:38 34304 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-10-15 10:42 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB974455-IE8\xpshims.dll
+ 2009-10-15 10:42 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll
+ 2009-10-15 10:42 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB974455-IE8\jsproxy.dll
+ 2009-10-10 15:39 . 2004-08-10 04:00 37888 c:\windows\ie8\url.dll
+ 2009-10-10 15:39 . 2009-03-08 18:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-10-10 15:39 . 2009-06-26 15:59 39424 c:\windows\ie8\pngfilt.dll
+ 2009-10-10 15:39 . 2004-08-10 04:00 96256 c:\windows\ie8\occache.dll
+ 2009-10-10 15:39 . 2004-08-10 04:00 56832 c:\windows\ie8\mshtmler.dll
+ 2009-10-10 15:39 . 2004-08-10 04:00 29184 c:\windows\ie8\mshta.exe
+ 2009-10-10 15:39 . 2004-08-10 04:00 22016 c:\windows\ie8\licmgr10.dll
+ 2009-10-10 15:39 . 2009-06-26 15:59 16384 c:\windows\ie8\jsproxy.dll
+ 2009-10-10 15:39 . 2009-06-26 15:59 96256 c:\windows\ie8\inseng.dll
+ 2009-10-10 15:39 . 2004-08-10 04:00 35840 c:\windows\ie8\imgutil.dll
+ 2009-10-10 15:39 . 2004-08-10 04:00 93184 c:\windows\ie8\iexplore.exe
+ 2009-10-10 15:39 . 2004-08-10 04:00 62976 c:\windows\ie8\iesetup.dll
+ 2009-10-10 15:39 . 2004-08-10 04:00 48640 c:\windows\ie8\iernonce.dll
+ 2009-10-10 15:39 . 2009-06-26 15:59 81920 c:\windows\ie8\ieencode.dll
+ 2009-10-10 15:39 . 2004-08-10 04:00 34304 c:\windows\ie8\ie4uinit.exe
+ 2009-10-10 15:39 . 2004-08-10 04:00 38912 c:\windows\ie8\hmmapi.dll
+ 2009-10-10 15:39 . 2004-08-10 04:00 35328 c:\windows\ie8\corpol.dll
+ 2009-10-10 15:39 . 2004-08-10 04:00 99840 c:\windows\ie8\advpack.dll
+ 2009-10-10 15:39 . 2004-08-10 04:00 61440 c:\windows\ie8\admparse.dll
+ 2009-10-15 10:38 . 2009-10-15 10:38 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_dcb7ca3e\System.Drawing.Design.dll
+ 2009-10-15 10:38 . 2009-10-15 10:38 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_5a6c4afb\CustomMarshalers.dll
+ 2009-10-15 10:36 . 2009-10-15 10:36 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_2f03ccc9\System.Drawing.Design.dll
+ 2009-10-15 10:35 . 2009-10-15 10:35 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_a723362c\CustomMarshalers.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 24064 c:\windows\assembly\NativeImages_v2.0.50727_32\WiaProxy32\1d86025bdf2fbd985142472c4226a6c0\WiaProxy32.ni.exe
+ 2009-10-15 21:54 . 2009-10-15 21:54 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2009-10-15 21:58 . 2009-10-15 21:58 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2009-10-15 21:51 . 2009-10-15 21:51 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2009-10-15 21:51 . 2009-10-15 21:51 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2009-10-15 21:55 . 2009-10-15 21:55 20992 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.StylusR#\c30af7b32def77590e00a46e0187ec31\PaintDotNet.StylusReader.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-10-15 21:55 . 2009-10-15 21:55 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\3567e9f972165d48ab1ca52739705122\Interop.WIA.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2009-10-15 21:55 . 2009-10-15 21:55 81408 c:\windows\assembly\NativeImages_v2.0.50727_32\DdsFileType\db9e0e8a117126332c9c6f211640696a\DdsFileType.ni.dll
+ 2009-10-15 21:55 . 2009-10-15 21:55 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-10-08 21:11 . 2009-10-08 21:11 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
- 2006-09-26 02:03 . 2006-09-26 02:03 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
+ 2009-10-08 21:11 . 2009-10-08 21:11 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
- 2006-09-26 02:03 . 2006-09-26 02:03 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
- 2006-09-26 02:03 . 2006-09-26 02:03 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
+ 2009-10-08 21:11 . 2009-10-08 21:11 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
- 2006-09-26 02:03 . 2006-09-26 02:03 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
+ 2009-10-08 21:11 . 2009-10-08 21:11 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
- 2006-09-26 02:03 . 2006-09-26 02:03 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
+ 2009-10-08 21:11 . 2009-10-08 21:11 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2004-07-20 00:54 . 2009-06-29 15:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2004-07-20 00:54 . 2007-01-02 20:29 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2008-07-02 14:12 . 2008-07-19 03:38 3584 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-07-02 14:12 . 2009-10-19 07:07 3584 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-07-02 14:12 . 2008-07-19 03:38 8192 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-07-02 14:12 . 2009-10-19 07:07 8192 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-07-02 14:12 . 2009-10-19 07:07 2560 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-07-02 14:12 . 2008-07-19 03:38 2560 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2009-08-17 10:49 . 2009-08-17 10:49 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2006-09-26 02:03 . 2006-09-26 02:03 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
+ 2009-10-08 21:11 . 2009-10-08 21:11 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-01-07 22:21 . 2009-01-07 22:21 121856 c:\windows\system32\xmllite.dll
+ 2004-08-10 04:00 . 2009-04-10 05:01 413544 c:\windows\system32\wmspdmod.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2004-08-10 04:00 . 2009-03-08 08:34 236544 c:\windows\system32\webcheck.dll
+ 2004-08-10 04:00 . 2009-03-08 08:33 420352 c:\windows\system32\vbscript.dll
+ 2004-08-10 04:00 . 2009-03-08 08:34 105984 c:\windows\system32\url.dll
+ 2005-08-31 04:07 . 2009-10-15 10:44 442796 c:\windows\system32\perfh009.dat
- 2005-08-31 04:07 . 2009-08-17 10:50 442796 c:\windows\system32\perfh009.dat
+ 2004-08-10 04:00 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll
+ 2004-08-10 04:00 . 2009-03-08 08:32 611840 c:\windows\system32\mstime.dll
+ 2004-08-10 04:00 . 2009-03-08 08:34 193536 c:\windows\system32\msrating.dll
+ 2004-08-10 04:00 . 2009-03-08 08:22 156160 c:\windows\system32\msls31.dll
+ 2009-03-08 08:32 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 265720 c:\windows\system32\msdbg2.dll
- 2004-08-10 11:00 . 2004-08-10 11:00 112128 c:\windows\system32\mapi32.dll
+ 2004-08-10 11:00 . 2004-08-10 04:00 112128 c:\windows\system32\mapi32.dll
+ 2004-08-10 04:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2009-03-08 08:22 . 2009-03-08 08:22 164352 c:\windows\system32\ieui.dll
+ 2004-08-10 04:00 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 04:00 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll
+ 2009-03-08 08:11 . 2009-03-08 08:11 445952 c:\windows\system32\ieapfltr.dll
+ 2004-08-10 04:00 . 2009-03-08 08:32 163840 c:\windows\system32\ieakui.dll
+ 2004-08-10 04:00 . 2009-03-08 08:33 229376 c:\windows\system32\ieaksie.dll
+ 2004-08-10 04:00 . 2009-03-08 08:33 125952 c:\windows\system32\ieakeng.dll
+ 2004-08-10 04:00 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 04:00 . 2009-03-08 08:31 216064 c:\windows\system32\dxtrans.dll
+ 2004-08-10 04:00 . 2009-03-08 08:31 348160 c:\windows\system32\dxtmsft.dll
+ 2004-08-10 04:00 . 2009-04-10 05:01 413544 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-08-10 04:00 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-10 04:00 . 2009-03-08 08:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-10 04:00 . 2009-03-08 08:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2004-08-10 04:00 . 2009-03-08 08:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-10 04:00 . 2009-03-08 08:34 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-10 04:00 . 2009-06-21 22:04 153088 c:\windows\system32\dllcache\triedit.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 153088 c:\windows\system32\dllcache\triedit.dll
- 2004-08-10 04:00 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-10 04:00 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2004-08-10 04:00 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-10 04:00 . 2009-06-25 08:44 133632 c:\windows\system32\dllcache\msv1_0.dll
+ 2004-08-10 04:00 . 2009-09-11 14:33 133632 c:\windows\system32\dllcache\msv1_0.dll
+ 2004-08-10 04:00 . 2009-03-08 08:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-10 04:00 . 2009-03-08 08:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-10 04:00 . 2009-03-08 08:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2004-08-10 04:00 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-10 04:00 . 2009-03-08 18:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2004-08-10 04:00 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-10 04:00 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-10 04:00 . 2009-03-08 08:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-10 04:00 . 2009-03-08 08:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-10 04:00 . 2009-03-08 08:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-10 04:00 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-10 04:00 . 2009-03-08 08:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-10 04:00 . 2009-03-08 08:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-10 04:00 . 2009-03-08 08:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2009-10-10 15:57 . 2009-10-15 21:55 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2004-08-10 04:00 . 2009-03-08 08:32 128512 c:\windows\system32\advpack.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2007-04-14 00:58 . 2007-04-14 00:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 00:56 . 2007-04-14 00:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 01:30 . 2007-04-14 01:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-20 00:54 . 2004-07-20 00:54 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2004-07-20 00:54 . 2009-06-24 01:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2004-08-04 04:11 . 2007-01-02 20:34 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2004-08-04 04:11 . 2009-06-24 02:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2009-04-20 18:59 . 2009-04-20 18:59 219648 c:\windows\Installer\2a83266.msp
+ 2009-02-10 12:50 . 2009-02-10 12:50 536576 c:\windows\Installer\2a831e3.msp
+ 2008-01-24 14:04 . 2008-01-24 14:04 678400 c:\windows\Installer\2a831a7.msp
+ 2008-07-02 14:12 . 2009-10-19 07:07 114688 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-07-02 14:12 . 2008-07-19 03:38 114688 c:\windows\Installer\{91120409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2009-10-15 10:42 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB974455-IE8\wininet.dll
+ 2009-10-15 10:42 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll
+ 2009-10-15 10:42 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe
+ 2009-10-15 10:42 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB974455-IE8\occache.dll
+ 2009-10-15 10:42 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB974455-IE8\msfeeds.dll
+ 2009-10-15 10:42 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB974455-IE8\ieproxy.dll
+ 2009-10-15 10:42 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB974455-IE8\iepeers.dll
+ 2009-10-15 10:42 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll
+ 2009-10-15 10:42 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe
+ 2009-10-15 10:36 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-10-15 10:36 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-10-15 10:36 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2009-10-10 15:39 . 2009-06-26 15:59 668160 c:\windows\ie8\wininet.dll
+ 2009-10-10 15:39 . 2004-08-10 04:00 276480 c:\windows\ie8\webcheck.dll
+ 2009-10-10 15:39 . 2007-06-26 15:13 851968 c:\windows\ie8\vgx.dll
+ 2009-10-10 15:39 . 2007-12-18 14:40 417792 c:\windows\ie8\vbscript.dll
+ 2009-10-10 15:39 . 2009-06-26 15:59 620032 c:\windows\ie8\urlmon.dll
+ 2009-10-10 15:39 . 2009-01-07 22:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-10-10 15:39 . 2009-01-07 22:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-10-10 15:39 . 2009-06-26 15:59 532480 c:\windows\ie8\mstime.dll
+ 2009-10-10 15:39 . 2009-06-26 15:59 146432 c:\windows\ie8\msrating.dll
+ 2009-10-10 15:39 . 2004-08-10 04:00 146432 c:\windows\ie8\msls31.dll
+ 2009-10-10 15:39 . 2009-06-26 15:59 449024 c:\windows\ie8\mshtmled.dll
+ 2009-10-10 15:39 . 2009-08-21 09:46 450560 c:\windows\ie8\jscript.dll
+ 2009-10-10 15:39 . 2009-06-26 15:59 251904 c:\windows\ie8\iepeers.dll
+ 2009-10-10 15:39 . 2004-08-10 04:00 323584 c:\windows\ie8\iedkcs32.dll
+ 2009-10-10 15:39 . 2004-08-10 04:00 221184 c:\windows\ie8\ieakui.dll
+ 2009-10-10 15:39 . 2004-08-10 04:00 216576 c:\windows\ie8\ieaksie.dll
+ 2009-10-10 15:39 . 2004-08-10 04:00 139264 c:\windows\ie8\ieakeng.dll
+ 2009-10-10 15:39 . 2009-06-26 15:59 205312 c:\windows\ie8\dxtrans.dll
+ 2009-10-10 15:39 . 2009-06-26 15:59 357888 c:\windows\ie8\dxtmsft.dll
+ 2009-10-20 23:18 . 2009-10-20 23:18 110592 c:\windows\ERDNT\10-20-2009\Users\00000002\UsrClass.dat
+ 2009-10-20 23:18 . 2005-10-20 16:02 163328 c:\windows\ERDNT\10-20-2009\ERDNT.EXE
+ 2004-08-10 10:11 . 2009-08-18 14:55 179712 c:\windows\ehome\ehkeyctl.dll
+ 2009-10-15 10:38 . 2009-10-15 10:38 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_9d3b33e3\System.Drawing.dll
+ 2009-10-15 10:38 . 2009-10-15 10:38 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_9c0ef2f1\System.Drawing.Design.dll
+ 2009-10-15 10:38 . 2009-10-15 10:38 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_ae27ae30\CustomMarshalers.dll
+ 2009-10-15 10:36 . 2009-10-15 10:36 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_9fef2c61\System.Drawing.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2009-10-15 21:54 . 2009-10-15 21:54 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2009-10-15 21:54 . 2009-10-15 21:54 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2009-10-15 21:54 . 2009-10-15 21:54 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2009-10-15 21:58 . 2009-10-15 21:58 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2009-10-15 21:58 . 2009-10-15 21:58 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2009-10-15 21:55 . 2009-10-15 21:55 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2009-10-15 21:55 . 2009-10-15 21:55 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2009-10-15 21:54 . 2009-10-15 21:54 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2009-10-15 21:55 . 2009-10-15 21:55 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2009-10-15 21:56 . 2009-10-15 21:56 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2009-10-15 21:53 . 2009-10-15 21:53 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2009-10-15 21:53 . 2009-10-15 21:53 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2009-10-15 21:53 . 2009-10-15 21:53 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2009-10-15 21:53 . 2009-10-15 21:53 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2009-10-15 21:55 . 2009-10-15 21:55 544768 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\dec8b20cd5386c40e8282a9089cd0a2b\PaintDotNet.SystemLayer.ni.dll
+ 2009-10-15 21:55 . 2009-10-15 21:55 317440 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\4a74c42c43e2d4cb1c72b7f64a1d3321\PaintDotNet.Resources.ni.dll
+ 2009-10-15 21:55 . 2009-10-15 21:55 630272 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\951c6dd3d0816fb93e155646b30b735c\PaintDotNet.Effects.ni.dll
+ 2009-10-15 21:55 . 2009-10-15 21:55 692736 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\69bc533e1566efdef7c9d23c72aa4b17\PaintDotNet.Data.ni.dll
+ 2009-10-15 21:55 . 2009-10-15 21:55 223232 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\1d1683f9d6a498e56cdbc94690f1cdec\PaintDotNet.Base.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2009-10-15 21:56 . 2009-10-15 21:56 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-10-15 21:55 . 2009-10-15 21:55 504320 c:\windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\233ce4fa12a27fe43b42d3956043df75\ICSharpCode.SharpZipLib.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2009-10-15 21:55 . 2009-10-15 21:55 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-08 21:11 . 2009-10-08 21:11 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
- 2006-09-26 02:03 . 2006-09-26 02:03 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
- 2006-09-26 02:03 . 2006-09-26 02:03 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
+ 2009-10-08 21:11 . 2009-10-08 21:11 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
- 2006-09-26 02:03 . 2006-09-26 02:03 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
+ 2009-10-08 21:11 . 2009-10-08 21:11 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
+ 2009-10-08 21:11 . 2009-10-08 21:11 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
- 2006-09-26 02:03 . 2006-09-26 02:03 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
+ 2009-10-08 21:11 . 2009-10-08 21:11 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
- 2006-09-26 02:03 . 2006-09-26 02:03 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
- 2006-09-26 02:03 . 2006-09-26 02:03 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
+ 2009-10-08 21:11 . 2009-10-08 21:11 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
- 2006-09-26 02:03 . 2006-09-26 02:03 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
+ 2009-10-08 21:11 . 2009-10-08 21:11 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
+ 2009-10-08 21:11 . 2009-10-08 21:11 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
- 2006-09-26 02:03 . 2006-09-26 02:03 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
+ 2009-10-08 21:11 . 2009-10-08 21:11 864256 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
- 2006-09-26 02:03 . 2006-09-26 02:03 864256 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2009-10-08 21:11 . 2009-10-08 21:11 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
- 2006-09-26 02:03 . 2006-09-26 02:03 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
- 2006-09-26 02:03 . 2006-09-26 02:03 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
+ 2009-10-08 21:11 . 2009-10-08 21:11 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
- 2006-09-26 02:03 . 2006-09-26 02:03 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
+ 2009-10-08 21:11 . 2009-10-08 21:11 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
+ 2009-10-15 07:34 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
- 2004-08-10 04:00 . 2008-06-11 07:58 2330624 c:\windows\system32\WMVCore.dll
+ 2004-08-10 04:00 . 2009-06-09 02:24 2330624 c:\windows\system32\WMVCore.dll
+ 2004-08-10 04:00 . 2009-08-29 08:08 1208832 c:\windows\system32\urlmon.dll
+ 2004-08-10 04:00 . 2009-07-17 16:27 1435648 c:\windows\system32\query.dll
- 2004-08-10 04:00 . 2006-06-22 05:06 1435648 c:\windows\system32\query.dll
+ 2004-08-10 04:00 . 2009-08-29 08:08 5940224 c:\windows\system32\mshtml.dll
+ 2009-03-08 08:32 . 2009-08-29 08:08 1985536 c:\windows\system32\iertutil.dll
+ 2009-02-07 01:07 . 2009-02-07 01:07 3698584 c:\windows\system32\ieapfltr.dat
- 2004-08-10 04:00 . 2008-06-11 07:58 2330624 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-10 04:00 . 2009-06-09 02:24 2330624 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-10 04:00 . 2009-08-29 08:08 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-10 04:00 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll
- 2004-08-10 04:00 . 2006-06-22 05:06 1435648 c:\windows\system32\dllcache\query.dll
+ 2006-12-19 14:17 . 2009-08-04 14:00 2180352 c:\windows\system32\dllcache\ntoskrnl.exe
- 2006-12-19 12:55 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2006-12-19 12:55 . 2009-08-04 13:13 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2006-12-19 12:55 . 2009-08-04 13:13 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2006-12-19 12:55 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2006-12-19 14:15 . 2009-08-04 13:58 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2006-12-19 14:15 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-10 04:00 . 2009-08-29 08:08 5940224 c:\windows\system32\dllcache\mshtml.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2008-11-25 08:59 . 2008-11-25 08:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2007-04-14 00:50 . 2007-04-14 00:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2004-07-20 00:54 . 2007-01-02 20:40 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2004-07-20 00:54 . 2009-06-29 15:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2004-07-20 00:54 . 2009-06-24 02:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2004-07-20 00:54 . 2007-01-02 20:28 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2004-07-20 00:54 . 2007-01-02 20:28 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2004-07-20 00:54 . 2009-06-24 02:00 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2004-07-20 00:54 . 2007-01-02 20:21 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2004-07-20 00:54 . 2009-06-29 15:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2009-05-01 03:02 . 2009-05-01 03:02 9628672 c:\windows\Installer\2a83254.msp
+ 2009-09-04 19:31 . 2009-09-04 19:31 7972864 c:\windows\Installer\2a83240.msp
+ 2008-09-04 19:52 . 2008-09-04 19:52 4337664 c:\windows\Installer\2a8322d.msp
+ 2008-01-14 18:26 . 2008-01-14 18:26 4478464 c:\windows\Installer\2a83208.msp
+ 2006-02-27 20:31 . 2006-02-27 20:31 1269248 c:\windows\Installer\2a831f5.msp
+ 2006-03-28 19:37 . 2006-03-28 19:37 6956032 c:\windows\Installer\2a831cf.msp
+ 2006-08-29 21:50 . 2006-08-29 21:50 3210240 c:\windows\Installer\2a831ba.msp
+ 2004-03-10 13:13 . 2004-03-10 13:13 2602496 c:\windows\Installer\2a83179.msp
+ 2009-04-29 19:03 . 2009-04-29 19:03 8404992 c:\windows\Installer\2a83167.msp
+ 2004-09-13 04:35 . 2004-09-13 04:35 1452544 c:\windows\Installer\2a83154.msp
+ 2009-08-20 19:27 . 2009-08-20 19:27 3622400 c:\windows\Installer\2a8310c.msp
+ 2009-09-11 02:44 . 2009-09-11 02:44 6704640 c:\windows\Installer\2a830f9.msp
+ 2008-03-31 20:35 . 2008-03-31 20:35 8309760 c:\windows\Installer\2a830d3.msp
+ 2006-02-22 13:41 . 2006-02-22 13:41 2815488 c:\windows\Installer\2a830c1.msp
+ 2009-10-15 10:42 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB974455-IE8\urlmon.dll
+ 2009-10-15 10:42 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB974455-IE8\mshtml.dll
+ 2009-10-15 10:42 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB974455-IE8\iertutil.dll
+ 2009-10-10 15:39 . 2009-07-18 16:00 3069440 c:\windows\ie8\mshtml.dll
+ 2009-10-20 23:18 . 2009-10-20 23:18 3420160 c:\windows\ERDNT\10-20-2009\Users\00000001\NTUSER.DAT
+ 2005-03-02 00:59 . 2009-08-04 14:00 2180352 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-02 00:34 . 2009-08-04 13:13 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 00:34 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 00:34 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 00:34 . 2009-08-04 13:13 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 00:57 . 2009-08-04 13:58 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2005-03-02 00:57 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-10-15 10:38 . 2009-10-15 10:38 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_a4170395\System.dll
+ 2009-10-15 10:38 . 2009-10-15 10:38 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_9f9846bb\System.dll
+ 2009-10-15 10:38 . 2009-10-15 10:38 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_61c9fca2\System.Xml.dll
+ 2009-10-15 10:38 . 2009-10-15 10:38 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_2d2c7180\System.Xml.dll
+ 2009-10-15 10:38 . 2009-10-15 10:38 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b58f7332\System.Windows.Forms.dll
+ 2009-10-15 10:38 . 2009-10-15 10:38 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_51d54a1a\System.Windows.Forms.dll
+ 2009-10-15 10:38 . 2009-10-15 10:38 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_d77eb90a\System.Drawing.dll
+ 2009-10-15 10:38 . 2009-10-15 10:38 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_d80f8dc5\System.Design.dll
+ 2009-10-15 10:38 . 2009-10-15 10:38 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_88401a9a\System.Design.dll
+ 2009-10-15 10:38 . 2009-10-15 10:38 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d90ddba2\mscorlib.dll
+ 2009-10-15 10:38 . 2009-10-15 10:38 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_85442629\mscorlib.dll
+ 2009-10-15 10:35 . 2009-10-15 10:35 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_647f6548\System.dll
+ 2009-10-15 10:36 . 2009-10-15 10:36 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_2f28e291\System.Xml.dll
+ 2009-10-15 10:36 . 2009-10-15 10:36 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_fc3b2e88\System.Windows.Forms.dll
+ 2009-10-15 10:36 . 2009-10-15 10:36 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_afa10a69\System.Design.dll
+ 2009-10-15 10:35 . 2009-10-15 10:35 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_ae452cc1\mscorlib.dll
+ 2009-10-15 21:52 . 2009-10-15 21:52 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2009-10-15 21:54 . 2009-10-15 21:54 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2009-10-15 21:51 . 2009-10-15 21:51 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2009-10-15 21:54 . 2009-10-15 21:54 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2009-10-15 21:58 . 2009-10-15 21:58 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2009-10-15 21:58 . 2009-10-15 21:58 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2009-10-15 21:58 . 2009-10-15 21:58 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2009-10-15 21:58 . 2009-10-15 21:58 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2009-10-15 21:58 . 2009-10-15 21:58 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2009-10-15 21:58 . 2009-10-15 21:58 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2009-10-15 21:54 . 2009-10-15 21:54 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2009-10-15 21:54 . 2009-10-15 21:54 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2009-10-15 21:55 . 2009-10-15 21:55 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2009-10-15 21:53 . 2009-10-15 21:53 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2009-10-15 21:55 . 2009-10-15 21:55 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2009-10-15 21:53 . 2009-10-15 21:53 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2009-10-15 21:53 . 2009-10-15 21:53 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2009-10-15 21:53 . 2009-10-15 21:53 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2009-10-15 21:53 . 2009-10-15 21:53 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2009-10-15 21:51 . 2009-10-15 21:51 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 2008576 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet\ab7ffd4d171273689a411e499bdeb5cd\PaintDotNet.ni.exe
+ 2009-10-15 21:55 . 2009-10-15 21:55 1841152 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Core\bb385342601c94623a78685d60ed252f\PaintDotNet.Core.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-17 10:49 . 2009-08-17 10:49 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-15 10:44 . 2009-10-15 10:44 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-15 10:37 . 2009-10-15 10:37 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2007-07-13 07:01 . 2007-07-13 07:01 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2007-07-13 07:01 . 2007-07-13 07:01 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-15 10:37 . 2009-10-15 10:37 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-07-13 07:00 . 2007-07-13 07:00 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-15 10:35 . 2009-10-15 10:35 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-08 21:11 . 2009-10-08 21:11 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
- 2006-09-26 02:03 . 2006-09-26 02:03 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
+ 2009-10-10 15:42 . 2009-10-02 18:01 25198016 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2009-08-29 08:08 11069440 c:\windows\system32\ieframe.dll
+ 2009-08-11 01:08 . 2009-08-11 01:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-05-05 22:06 . 2009-05-05 22:06 17515008 c:\windows\Installer\2a83283.msp
+ 2009-08-15 00:32 . 2009-08-15 00:32 11110912 c:\windows\Installer\2a83270.msp
+ 2009-08-10 18:09 . 2009-08-10 18:09 17254912 c:\windows\Installer\2a83191.msp
+ 2004-01-30 07:19 . 2004-01-30 07:19 56269996 c:\windows\Installer\2945a.msp
+ 2005-09-25 15:46 . 2005-09-25 15:46 16084480 c:\windows\Installer\25977e8.msp
+ 2009-07-20 16:03 . 2009-07-20 16:03 16465408 c:\windows\Installer\25977d6.msp
+ 2009-10-15 10:42 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB974455-IE8\ieframe.dll
+ 2009-10-15 21:54 . 2009-10-15 21:54 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2009-10-15 21:57 . 2009-10-15 21:57 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2009-10-15 21:56 . 2009-10-15 21:56 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2009-10-15 21:54 . 2009-10-15 21:54 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2009-10-15 21:53 . 2009-10-15 21:53 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2009-10-15 21:52 . 2009-10-15 21:52 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2009-10-15 21:51 . 2009-10-15 21:51 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"RCHotKey"="c:\progra~1\RINGCE~1\RINGCE~1\RCHotKey.exe" [2008-12-18 32768]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-15 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-26 180269]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-18 2025752]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-11-17 827904]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-15 68592]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-14 16239616]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-05-09 1519616]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-25 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-25 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-9-25 36903]
hp psc 2000 Series.lnk - c:\program files\HP\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]
hpoddt01.exe.lnk - c:\program files\HP\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-12-20 54776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-25 16:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\RingCentral\\RingCentral Call Controller\\RCUI.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/1/2008 11:41 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/1/2008 11:41 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/1/2008 11:41 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/1/2008 11:41 PM 297752]
S0 hoi8fc8;hoi8fc8;\SystemRoot\\SystemRoot\System32\drivers\hoi8fc8.sys --> \SystemRoot\\SystemRoot\System32\drivers\hoi8fc8.sys [?]
S1 6e928da3.sys;6e928da3.sys;\??\c:\windows\System32\drivers\6e928da3.sys --> c:\windows\System32\drivers\6e928da3.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*http://www.yahoo.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: microsoft.com\office
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\842l7v6b.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 22:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3788)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\progra~1\RINGCE~1\RINGCE~1\RCHotKeyHook.dll
c:\program files\Google\Quick Search Box\bin\1.2.1150.158\qsb.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\subsfix\CF21087.exe
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\HP\Digital Imaging\bin\hpoevm08.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\program files\HP\Digital Imaging\Bin\hpoSTS08.exe
c:\windows\eHome\ehmsas.exe
c:\subsfix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-22 22:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-22 02:10
ComboFix2.txt 2009-10-08 20:57

Pre-Run: 221,017,182,208 bytes free
Post-Run: 220,903,071,744 bytes free

- - End Of File - - EBF439A577E7169E37DAC86FD17CB60B

#8 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 22 October 2009 - 07:07 PM

Hi,

Please do the following:

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty in properly disabling your protective programs, refer to this link - How to Disable your Security Programs
--------------------------------------------------------------------

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

http://forums.whatth...=...st&p=604722

Collect::
c:\windows\system32\drivers\hoi8fc8.sys

Driver::
hoi8fc8
6e928da3.sys

DDS::
uStart Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/stp/yme/*http://www.yahoo.com
Trusted Zone: microsoft.com\office
Trusted Zone: trymedia.com

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#9 StephS

StephS

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 22 October 2009 - 07:30 PM

Combofix Log

ComboFix 09-10-20.03 - Compaq_Administrator 10/22/2009 21:18.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1481 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\SubsFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

file zipped: c:\windows\system32\drivers\hoi8fc8.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator\Local Settings\Temp\IadHide5.dll
c:\windows\system32\drivers\hoi8fc8.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_6e928da3.sys
-------\Service_hoi8fc8


((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.

2009-10-23 01:11 . 2009-10-23 01:11 -------- d-sh--w- c:\documents and settings\Compaq_Administrator\PrivacIE
2009-10-22 01:59 . 2009-10-22 02:10 -------- d-----w- C:\SubsFix
2009-10-20 23:18 . 2009-10-20 23:18 -------- d-----w- c:\program files\ERUNT
2009-10-15 10:36 . 2009-10-15 10:36 -------- d-----w- c:\windows\ie8updates
2009-10-15 07:36 . 2009-08-29 08:08 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-15 07:36 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-15 07:36 . 2009-08-29 08:08 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-15 07:36 . 2009-08-29 08:08 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-15 07:36 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-15 07:36 . 2009-08-29 08:08 11069440 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-10-10 16:47 . 2009-10-10 16:47 -------- d-----w- c:\program files\Trend Micro
2009-10-10 15:57 . 2009-10-10 15:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-10 15:52 . 2009-10-10 15:52 -------- d-sh--w- c:\documents and settings\Compaq_Administrator\IETldCache
2009-10-10 15:39 . 2009-10-10 15:39 -------- dc-h--w- c:\windows\ie8
2009-10-08 20:42 . 2009-10-08 20:42 -------- d-----w- c:\windows\system32\LogFiles
2009-10-05 23:27 . 2009-10-05 23:27 0 ----a-w- c:\documents and settings\Compaq_Administrator\settings.dat
2009-10-05 23:19 . 2009-10-05 23:19 -------- d--h--w- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 23:00 . 2009-08-25 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-11 14:33 . 2004-08-10 04:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 20:18 . 2008-12-02 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-04 20:45 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-10 04:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:16 . 2004-08-10 04:00 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-25 16:14 . 2008-12-02 03:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-25 16:14 . 2008-12-02 03:41 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-25 16:14 . 2008-12-02 03:41 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-25 16:14 . 2008-12-02 03:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-25 16:09 . 2009-08-25 16:09 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\AVG8
2009-08-25 14:25 . 2006-09-26 02:20 90560 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-20 19:09 . 2009-08-20 19:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:11 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:00 . 2004-08-10 11:00 2180352 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13 . 2004-08-10 11:00 2057728 ------w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 15:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"RCHotKey"="c:\progra~1\RINGCE~1\RINGCE~1\RCHotKey.exe" [2008-12-18 32768]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-15 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-26 180269]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-18 2025752]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-11-17 827904]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-15 68592]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-14 16239616]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-05-09 1519616]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-25 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-25 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-9-25 36903]
hp psc 2000 Series.lnk - c:\program files\HP\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]
hpoddt01.exe.lnk - c:\program files\HP\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-12-20 54776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-25 16:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\RingCentral\\RingCentral Call Controller\\RCUI.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/1/2008 11:41 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/1/2008 11:41 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/1/2008 11:41 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/1/2008 11:41 PM 297752]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\842l7v6b.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-22 21:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1992)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\progra~1\RINGCE~1\RINGCE~1\RCHotKeyHook.dll
c:\program files\Google\Quick Search Box\bin\1.2.1150.158\qsb.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\subsfix12553s\CF22030.exe
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\HP\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\program files\HP\Digital Imaging\Bin\hpoSTS08.exe
c:\windows\eHome\ehmsas.exe
c:\subsfix12553s\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-23 21:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-23 01:27
ComboFix2.txt 2009-10-22 02:10
ComboFix3.txt 2009-10-08 20:57

Pre-Run: 220,886,085,632 bytes free
Post-Run: 220,849,823,744 bytes free

- - End Of File - - EE92FBB248DEDE968973B382019B125D

#10 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 22 October 2009 - 11:54 PM

Hi,

Please open this link HERE in a new window.

In the box marked Link to topic where this file was requested: please paste in the following text
http://forums.whatthetech.com/Multiple_Trojan_Horses_found_AVG_scan_t107779.html&view=findpost&p=605000

Click the Browse button and navigate to C:\Qoobox\Quarantine

There should be a zip file there called [4]-Submit_****-**-**_**.**.**.zip ( the * denotes Date and Time stamp )
Select this file and click Open
In the Largest box please put
File Requested By inzanity
Failed Submit::

Finally click SendFile

Please return here and let me know when that file has been uploaded.

--Next--

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post back the log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.

--Next--

Please do a scan with Kaspersky Online Scanner or from Here.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Once the scan is complete, click on View scan report To obtain the report:
  • Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop
  • In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
  • Then, click: Save
  • Please post the Kaspersky Online Scanner Report in your reply.

--Next--

Please run another DDS scan for me please and post the DDS log and Attach.txt in your next reply.

To post in your next reply:
1. Has the file benn uploaded?
2. Malwarebytes' log.
3. Kaspersky log.
4. DDS and attach.txt logs.


Also, please describe how your computer is doing at the moment. Thank you.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!

    Advertisements

Register to Remove


#11 StephS

StephS

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 23 October 2009 - 09:11 PM

Hi!

The file has been uploaded

Malwarebytes' log

Malwarebytes' Anti-Malware 1.41
Database version: 3021
Windows 5.1.2600 Service Pack 2

10/23/2009 7:26:19 PM
mbam-log-2009-10-23 (19-26-19).txt

Scan type: Quick Scan
Objects scanned: 111709
Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Kaspersky log
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, October 23, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 24, 2009 00:44:40
Records in database: 3052268
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 110379
Threats found: 2
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 02:32:40


File name / Threat / Threats count
C:\hp\bin\wbug\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\logon.exe.vir Infected: Trojan-Dropper.Win32.WormDrop.r 1
D:\I386\APPS\APP21680\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1
D:\I386\APPS\APP21680\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1

Selected area has been scanned.



DDS log

=============== Created Last 30 ================

2009-10-23 19:17 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Malwarebytes
2009-10-23 19:17 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-23 19:17 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-23 19:17 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 19:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-22 21:16 <DIR> --d----- C:\SubsFix12553S
2009-10-22 21:11 <DIR> --dsh--- c:\documents and settings\compaq_administrator\PrivacIE
2009-10-21 21:59 <DIR> --d----- C:\SubsFix
2009-10-15 06:36 <DIR> --d----- c:\windows\ie8updates
2009-10-15 03:36 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-10-15 03:36 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-10-15 03:36 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-15 03:36 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-10-15 03:36 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-10-15 03:36 11,069,440 -------- c:\windows\system32\dllcache\ieframe.dll
2009-10-10 12:47 <DIR> --d----- c:\program files\Trend Micro
2009-10-10 11:52 <DIR> --dsh--- c:\documents and settings\compaq_administrator\IETldCache
2009-10-10 11:47 118 a------- c:\windows\system32\MRT.INI
2009-10-10 11:39 <DIR> -cd-h--- c:\windows\ie8
2009-10-08 16:42 <DIR> --d----- c:\windows\system32\LogFiles
2009-10-08 16:36 236,544 a------- c:\windows\PEV.exe
2009-10-08 16:36 161,792 a------- c:\windows\SWREG.exe
2009-10-08 16:36 98,816 a------- c:\windows\sed.exe
2009-10-05 19:27 0 a------- c:\documents and settings\compaq_administrator\settings.dat
2009-10-05 19:19 <DIR> --d-h--- c:\windows\PIF

==================== Find3M ====================

2009-09-11 10:33 133,632 a------- c:\windows\system32\msv1_0.dll
2009-09-11 10:33 133,632 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 16:45 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 16:45 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-29 04:08 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-08-29 04:08 916,480 a------- c:\windows\system32\dllcache\wininet.dll
2009-08-29 04:08 916,480 -------- c:\windows\system32\wininet.dll
2009-08-29 04:08 5,940,224 a------- c:\windows\system32\dllcache\mshtml.dll
2009-08-29 04:08 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-08-29 04:08 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-08-29 04:08 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-08-29 04:08 387,584 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-08-28 06:35 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 04:16 247,326 -------- c:\windows\system32\strmdll.dll
2009-08-26 04:16 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-25 12:14 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-25 12:14 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-08-25 12:14 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-20 15:09 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-05 05:11 204,800 -------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 10:00 2,180,352 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 10:00 2,180,352 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 09:58 2,136,064 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 09:13 2,015,744 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 09:13 2,057,728 -------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 09:13 2,057,728 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-07-10 00:02 90,168 a------- c:\docume~1\compaq~1\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 23:05:42.65 ===============

Attached Files



#12 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 23 October 2009 - 11:43 PM

Hi, Much of the DDS log has been cut off...would you mind posting the entire log, thanks.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#13 StephS

StephS

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 24 October 2009 - 02:13 AM

Sorry about that! DDS Log DDS (Ver_09-06-26.01) - NTFSx86 Run by Compaq_Administrator at 23:05:08.98 on Fri 10/23/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1209 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE svchost.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\dvd43\dvd43_tray.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\RINGCE~1\RINGCE~1\RCHotKey.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe C:\WINDOWS\arservice.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\HP\KBD\KBD.EXE C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\wuauclt.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\DISC\DISCover.exe C:\Program Files\DISC\DiscUpdMgr.exe C:\Program Files\DISC\DiscStreamHub.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [RCHotKey] "c:\progra~1\ringce~1\ringce~1\RCHotKey.exe" uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode mRun: [RTHDCPL] RTHDCPL.EXE mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hp\digital imaging\bin\hpobnz08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hp\digital imaging\bin\hpotdd01.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000 IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238559975125 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\842l7v6b.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-1 335240] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-1 27784] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-1 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-1 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-1 297752] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-9-25 1247600] =============== Created Last 30 ================ 2009-10-23 19:17 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Malwarebytes 2009-10-23 19:17 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-23 19:17 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-10-23 19:17 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-23 19:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-10-22 21:16 <DIR> --d----- C:\SubsFix12553S 2009-10-22 21:11 <DIR> --dsh--- c:\documents and settings\compaq_administrator\PrivacIE 2009-10-21 21:59 <DIR> --d----- C:\SubsFix 2009-10-15 06:36 <DIR> --d----- c:\windows\ie8updates 2009-10-15 03:36 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll 2009-10-15 03:36 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll 2009-10-15 03:36 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll 2009-10-15 03:36 12,800 -------- c:\windows\system32\dllcache\xpshims.dll 2009-10-15 03:36 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll 2009-10-15 03:36 11,069,440 -------- c:\windows\system32\dllcache\ieframe.dll 2009-10-10 12:47 <DIR> --d----- c:\program files\Trend Micro 2009-10-10 11:52 <DIR> --dsh--- c:\documents and settings\compaq_administrator\IETldCache 2009-10-10 11:47 118 a------- c:\windows\system32\MRT.INI 2009-10-10 11:39 <DIR> -cd-h--- c:\windows\ie8 2009-10-08 16:42 <DIR> --d----- c:\windows\system32\LogFiles 2009-10-08 16:36 236,544 a------- c:\windows\PEV.exe 2009-10-08 16:36 161,792 a------- c:\windows\SWREG.exe 2009-10-08 16:36 98,816 a------- c:\windows\sed.exe 2009-10-05 19:27 0 a------- c:\documents and settings\compaq_administrator\settings.dat 2009-10-05 19:19 <DIR> --d-h--- c:\windows\PIF ==================== Find3M ==================== 2009-09-11 10:33 133,632 a------- c:\windows\system32\msv1_0.dll 2009-09-11 10:33 133,632 -------- c:\windows\system32\dllcache\msv1_0.dll 2009-09-04 16:45 58,880 a------- c:\windows\system32\msasn1.dll 2009-09-04 16:45 58,880 -------- c:\windows\system32\dllcache\msasn1.dll 2009-08-29 04:08 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll 2009-08-29 04:08 916,480 a------- c:\windows\system32\dllcache\wininet.dll 2009-08-29 04:08 916,480 -------- c:\windows\system32\wininet.dll 2009-08-29 04:08 5,940,224 a------- c:\windows\system32\dllcache\mshtml.dll 2009-08-29 04:08 206,848 a------- c:\windows\system32\dllcache\occache.dll 2009-08-29 04:08 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll 2009-08-29 04:08 184,320 a------- c:\windows\system32\dllcache\iepeers.dll 2009-08-29 04:08 387,584 a------- c:\windows\system32\dllcache\iedkcs32.dll 2009-08-28 06:35 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe 2009-08-26 04:16 247,326 -------- c:\windows\system32\strmdll.dll 2009-08-26 04:16 247,326 -------- c:\windows\system32\dllcache\strmdll.dll 2009-08-25 12:14 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-08-25 12:14 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-08-25 12:14 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-08-20 15:09 1,193,832 a------- c:\windows\system32\FM20.DLL 2009-08-05 05:11 204,800 -------- c:\windows\system32\mswebdvd.dll 2009-08-05 05:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-04 10:00 2,180,352 -------- c:\windows\system32\ntoskrnl.exe 2009-08-04 10:00 2,180,352 -------- c:\windows\system32\dllcache\ntoskrnl.exe 2009-08-04 09:58 2,136,064 -------- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-08-04 09:13 2,015,744 -------- c:\windows\system32\dllcache\ntkrpamp.exe 2009-08-04 09:13 2,057,728 -------- c:\windows\system32\ntkrnlpa.exe 2009-08-04 09:13 2,057,728 -------- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-07-10 00:02 90,168 a------- c:\docume~1\compaq~1\applic~1\GDIPFONTCACHEV1.DAT ============= FINISH: 23:05:42.65 ===============

#14 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 24 October 2009 - 07:13 PM

Hi,

Weather bug is a known adware, I would recommend that you uninstall it via Add/Remove Programs.
Click on Start then Control Panel
Open Add or Remove Programs then uninstall the following:
  • Remove WeatherBug Installer
Close Control Panel.

Here's a good alternative for WeatherBug, it is a firefox add on that displays weather forcasts on specified regions.
https://addons.mozil...refox/addon/398

--Next--

Please delete RootRepeal, DDS and all the logs we've created.

--Next--

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

--Next--

Your computer now looks clean! :thumbup:

You can keep Malwarebytes, it is an excellent malware removal tool. Update atleast once a week then run a complete scan.

--Next--

Adobe
You can get the latest version here.
Or you can download and install Foxit Reader.

Java
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Now to Clean out the Java cache:

Go into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Settings... button
  • click the Delete Files button.
  • There are two options in the window to clear the cache - Leave both Checked
    Applications and Applets
    Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Settings
  • Click OK to leave the Java Control Panel.
To keep your operating system up to date visit

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer More Secure
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab.
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.

    • Change the Download signed ActiveX controls to Prompt.
    • Change the Download unsigned ActiveX controls to Disable.
    • Change the Initialise and script ActiveX controls not marked as safe to Disable.
    • Change the Installation of desktop items to Prompt.
    • Change the Launching programs and files in an IFRAME to Prompt.
    • Change the Navigate sub-frames across different domains to Prompt.
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
2. Update your Anti-Virus Software - I can not overemphasize the need for you to update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

3. Make sure you keep your Windows OS current by visiting Windows update regularly to download and install any critical updates and service packs. Without these you are leaving the back door open.

4. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

5. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

6. SpywareBlaster - Download and install SpywareBlaster. This program prevents the installation of ActiveX-based spyware and other potentially unwanted programs.

7. Protect your computer from internet threats with SandboxIE. This program isolates Internet Explorer from the rest of your operating system, 'sandboxing' it away - so malicious websites can't do damage to the rest of your system. There is a Getting Started guide on their website.

8. Some excellent free firewalls. Note: Use only one firewall at a time.
Agnitum Outpost Firewall
Comodo Firewall - If you are installing this and already have an anti spyware then please do not install Comodo's anti spyware program.
Online Armor Personal Firewall

9. And finally, please read these excellent articles:
Malware: Help prevent the Infection by Sandi Hardmeier,
Preventing Malware - Tools and Practices for Safe Computing

For more safe computing tips please read the guide by Rorschach112 on how to prevent malware and about safe computing here.



Goodluck, happy computing and stay clean! ^_^
[/quote]

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#15 StephS

StephS

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 24 October 2009 - 08:17 PM

WOW! :woot: I have done everything that you have suggested in your last post. Thank you sooooo much for your help, I truly appreciate it! You have been awesome to work with, I cannot thank you enough!!!!!! :woot:

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users