Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot run any .exe to get rid of virus


  • This topic is locked This topic is locked

#31
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now run combofix please
  • 0

Advertisements


#32
p.ave

p.ave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here is Combofix


ComboFix 11-08-12.01 - TEST 08/12/2011 16:08:33.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.204 [GMT -4:00]
Running from: c:\documents and settings\TEST\My Documents\Downloads\ComboFix.exe
AV: Charter Security Suite 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\8579.tmp
c:\documents and settings\All Users\Desktop\Security Protection.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-07-12 to 2011-08-12 )))))))))))))))))))))))))))))))
.
.
2011-08-12 19:43 . 2011-08-12 19:55 -------- d-----w- c:\windows\LastGood
2011-08-12 19:37 . 2011-08-12 19:37 11264 ----a-w- c:\windows\system32\drivers\uzixmzc5.sys
2011-08-11 19:27 . 2011-08-12 01:09 133208 ----a-w- c:\windows\system32\drivers\00084936.sys
2011-08-11 19:23 . 2011-08-11 19:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-08-10 21:42 . 2011-08-10 21:42 -------- d--h--w- c:\windows\$hf_mig$
2011-08-10 15:16 . 2011-08-10 15:16 -------- d-----w- C:\Adobe
2011-08-10 14:47 . 2011-08-10 14:47 -------- d-----w- C:\_OTL
2011-08-10 01:18 . 2011-08-10 01:18 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2011-08-09 20:09 . 2011-08-09 20:09 218624 ----a-w- c:\windows\system32\terdsw32.dll
2011-08-09 18:45 . 2011-08-10 00:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-08-07 13:03 . 2011-08-07 13:03 -------- d-----w- c:\documents and settings\TEST\Application Data\vmntemplate
2011-08-04 12:16 . 2011-08-04 12:25 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
2011-08-04 12:16 . 2011-08-04 12:53 82120 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2011-08-04 11:55 . 2011-08-12 19:56 -------- d-----w- c:\windows\system32\wbem\Logs
2011-08-04 11:51 . 2011-08-07 13:04 -------- d-----w- c:\documents and settings\TEST\Application Data\somototoolbar
2011-08-04 11:51 . 2011-08-04 11:51 -------- d-----w- c:\program files\somototoolbar
2011-08-04 11:51 . 2011-08-04 11:51 -------- d-----w- c:\program files\Temp File Cleaner FileBulldog Toolbar
2011-08-04 11:51 . 2011-08-04 11:51 -------- d-----w- c:\program files\Temp File Cleaner
2011-08-03 16:06 . 2011-08-03 16:06 -------- d-----w- c:\documents and settings\TEST\DoctorWeb
2011-08-02 20:48 . 2011-08-02 20:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2011-08-01 19:50 . 2011-08-01 19:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-08-01 17:23 . 2011-08-01 17:43 -------- d-----w- c:\documents and settings\TEST\Local Settings\Application Data\NPE
2011-08-01 16:58 . 2011-08-02 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-07-29 15:19 . 2011-07-29 15:19 -------- d-----w- c:\documents and settings\TEST\Application Data\F-Secure
2011-07-27 23:08 . 2011-07-27 23:08 -------- d-----w- c:\program files\Microsoft Silverlight
2011-07-21 20:23 . 2011-07-21 20:23 -------- d-----w- c:\documents and settings\TEST\Local Settings\Application Data\magicJack
2011-07-21 20:23 . 2011-07-21 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\magicJack
2011-07-21 20:13 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-07-21 20:13 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-07-21 12:23 . 2011-07-21 12:23 -------- d-----w- c:\documents and settings\TEST\Application Data\CANON INC
2011-07-21 12:21 . 2011-07-21 12:21 -------- d-----w- c:\documents and settings\TEST\Application Data\ZoomBrowser EX
2011-07-21 12:19 . 2011-07-21 12:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-21 12:07 . 2011-07-21 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2011-07-21 11:37 . 2011-07-21 11:37 -------- d-----w- c:\program files\Common Files\Canon
2011-07-18 17:38 . 2011-07-18 17:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-07-18 17:21 . 2011-07-18 17:21 -------- d-----w- c:\program files\iPod
2011-07-18 17:21 . 2011-07-18 17:22 -------- d-----w- c:\program files\iTunes
2011-07-18 17:21 . 2011-07-18 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-07-18 17:09 . 2011-07-18 17:09 -------- d-----w- c:\program files\Apple Software Update
2011-07-18 17:01 . 2011-07-18 17:02 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 23:52 . 2010-03-04 01:53 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-03-04 01:53 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 14:02 . 2006-03-16 04:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-30 02:14 . 2011-05-09 00:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{652853ad-5592-4231-88c6-706613a52e61}]
2011-07-21 16:40 81920 ----a-w- c:\program files\somototoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{652853ad-5592-4231-88c6-706613a52e61}"= "c:\program files\somototoolbar\vmntemplateX.dll" [2011-07-21 81920]
.
[HKEY_CLASSES_ROOT\clsid\{652853ad-5592-4231-88c6-706613a52e61}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-31 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-06-03 251240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
"nwiz"="nwiz.exe" [2006-08-18 1617920]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ActivControl"="c:\program files\Activ Software\ActivDriver\ActivControl2.exe" [2010-06-10 1092896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"F-Secure Manager"="c:\program files\Charter Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2008-7-16 98304]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\TEST\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 00084936;00084936;c:\windows\system32\drivers\00084936.sys [8/11/2011 3:27 PM 133208]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [8/4/2011 8:16 AM 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [8/4/2011 8:16 AM 82120]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [8/4/2011 8:15 AM 68064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R1 uzixmzc5;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzixmzc5.sys [8/12/2011 3:37 PM 11264]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [3/31/2010 5:39 AM 583640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/3/2009 8:46 AM 92008]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [8/4/2011 8:15 AM 148648]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 8:30 PM 135664]
S2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);"f:\hitmanpro35.exe" /crusader:boot --> f:\HitmanPro35.exe [?]
S2 TermServices;Remote Desktop Services;c:\windows\System32\svchost.exe -k termfsc [3/16/2006 14336]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 4:39 PM 61952]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [6/16/2008 2:38 PM 57088]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\TEST\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\TEST\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [8/4/2011 8:15 AM 61088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 8:30 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/3/2010 9:53 PM 41272]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys --> c:\windows\system32\DRIVERS\activmouse.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 2:15 PM 12872]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [8/4/2011 8:15 AM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [8/4/2011 8:15 AM 25184]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 54271884
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 00:30]
.
2011-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 00:30]
.
2011-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4020052512-1902659552-4142755142-1005Core.job
- c:\documents and settings\TEST\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 20:40]
.
2011-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4020052512-1902659552-4142755142-1005UA.job
- c:\documents and settings\TEST\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 20:40]
.
2011-08-12 c:\windows\Tasks\User_Feed_Synchronization-{ACBB0E90-5ACE-40E0-B1A7-18F8264DEDF2}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.2.1 66.189.0.100 24.159.64.23 24.247.24.53
FF - ProfilePath - c:\documents and settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc887fc&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
.
.
------- File Associations -------
.
exefile="c:\documents and settings\NetworkService\Local Settings\Application Data\tah.exe" -a "%1" %*
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-12 16:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<[email protected]? ???(][email protected]?????<[email protected]
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HitmanPro35CrusaderBoot]
"ImagePath"="\"f:\hitmanpro35.exe\" /crusader:boot"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\CLBCATQ.DLL
c:\program files\charter security suite\hips\fshook32.dll
.
- - - - - - - > 'lsass.exe'(984)
c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
c:\program files\charter security suite\hips\fshook32.dll
.
Completion time: 2011-08-12 16:28:27
ComboFix-quarantined-files.txt 2011-08-12 20:28
ComboFix2.txt 2011-08-11 17:44
ComboFix3.txt 2011-08-10 21:55
.
Pre-Run: 25,287,434,240 bytes free
Post-Run: 26,147,262,464 bytes free
.
- - End Of File - - 5475A44905E192C66DBA6DFCCB295A8C
  • 0

#33
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Okey dokey to proceed

First download the attached zip file and extract the reg file inside to your desktop
Right click the reg file and select merge, accept the warning


THEN

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\00084936.sys

Driver::
Wdawghzrrzch
00084936

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#34
p.ave

p.ave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here's the combofix log


ComboFix 11-08-12.01 - TEST 08/12/2011 22:53:44.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.602 [GMT -4:00]
Running from: c:\documents and settings\TEST\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\TEST\Desktop\CFScript.txt
AV: Charter Security Suite 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
FILE ::
"c:\windows\system32\drivers\00084936.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\00084936.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_00084936
-------\Service_00084936
.
.
((((((((((((((((((((((((( Files Created from 2011-07-13 to 2011-08-13 )))))))))))))))))))))))))))))))
.
.
2011-08-12 19:37 . 2011-08-12 19:37 11264 ----a-w- c:\windows\system32\drivers\uzixmzc5.sys
2011-08-11 19:23 . 2011-08-11 19:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-08-10 21:42 . 2011-08-10 21:42 -------- d--h--w- c:\windows\$hf_mig$
2011-08-10 15:16 . 2011-08-10 15:16 -------- d-----w- C:\Adobe
2011-08-10 14:47 . 2011-08-10 14:47 -------- d-----w- C:\_OTL
2011-08-10 01:18 . 2011-08-10 01:18 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2011-08-09 20:09 . 2011-08-09 20:09 218624 ----a-w- c:\windows\system32\terdsw32.dll
2011-08-09 18:45 . 2011-08-10 00:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-08-07 13:03 . 2011-08-07 13:03 -------- d-----w- c:\documents and settings\TEST\Application Data\vmntemplate
2011-08-04 12:16 . 2011-08-12 20:55 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
2011-08-04 12:16 . 2009-08-05 15:57 80000 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2011-08-04 11:55 . 2011-08-12 23:03 -------- d-----w- c:\windows\system32\wbem\Logs
2011-08-04 11:51 . 2011-08-07 13:04 -------- d-----w- c:\documents and settings\TEST\Application Data\somototoolbar
2011-08-04 11:51 . 2011-08-04 11:51 -------- d-----w- c:\program files\somototoolbar
2011-08-04 11:51 . 2011-08-04 11:51 -------- d-----w- c:\program files\Temp File Cleaner FileBulldog Toolbar
2011-08-04 11:51 . 2011-08-04 11:51 -------- d-----w- c:\program files\Temp File Cleaner
2011-08-03 16:06 . 2011-08-03 16:06 -------- d-----w- c:\documents and settings\TEST\DoctorWeb
2011-08-02 20:48 . 2011-08-02 20:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2011-08-01 19:50 . 2011-08-01 19:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-08-01 17:23 . 2011-08-01 17:43 -------- d-----w- c:\documents and settings\TEST\Local Settings\Application Data\NPE
2011-08-01 16:58 . 2011-08-02 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-07-29 15:19 . 2011-07-29 15:19 -------- d-----w- c:\documents and settings\TEST\Application Data\F-Secure
2011-07-27 23:08 . 2011-07-27 23:08 -------- d-----w- c:\program files\Microsoft Silverlight
2011-07-21 20:23 . 2011-07-21 20:23 -------- d-----w- c:\documents and settings\TEST\Local Settings\Application Data\magicJack
2011-07-21 20:23 . 2011-07-21 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\magicJack
2011-07-21 20:13 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-07-21 20:13 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-07-21 12:23 . 2011-07-21 12:23 -------- d-----w- c:\documents and settings\TEST\Application Data\CANON INC
2011-07-21 12:21 . 2011-07-21 12:21 -------- d-----w- c:\documents and settings\TEST\Application Data\ZoomBrowser EX
2011-07-21 12:19 . 2011-07-21 12:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-21 12:07 . 2011-07-21 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2011-07-21 11:37 . 2011-07-21 11:37 -------- d-----w- c:\program files\Common Files\Canon
2011-07-18 17:38 . 2011-07-18 17:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-07-18 17:21 . 2011-07-18 17:21 -------- d-----w- c:\program files\iPod
2011-07-18 17:21 . 2011-07-18 17:22 -------- d-----w- c:\program files\iTunes
2011-07-18 17:21 . 2011-07-18 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-07-18 17:09 . 2011-07-18 17:09 -------- d-----w- c:\program files\Apple Software Update
2011-07-18 17:01 . 2011-07-18 17:02 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 23:52 . 2010-03-04 01:53 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-03-04 01:53 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 14:02 . 2006-03-16 04:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-30 02:14 . 2011-05-09 00:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_21.34.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-13 03:07 . 2011-08-13 03:07 16384 c:\windows\temp\Perflib_Perfdata_cd8.dat
+ 2011-08-13 03:08 . 2011-08-13 03:08 16384 c:\windows\temp\Perflib_Perfdata_9e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{652853ad-5592-4231-88c6-706613a52e61}]
2011-07-21 16:40 81920 ----a-w- c:\program files\somototoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{652853ad-5592-4231-88c6-706613a52e61}"= "c:\program files\somototoolbar\vmntemplateX.dll" [2011-07-21 81920]
.
[HKEY_CLASSES_ROOT\clsid\{652853ad-5592-4231-88c6-706613a52e61}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-31 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-06-03 251240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
"nwiz"="nwiz.exe" [2006-08-18 1617920]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ActivControl"="c:\program files\Activ Software\ActivDriver\ActivControl2.exe" [2010-06-10 1092896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"F-Secure Manager"="c:\program files\Charter Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2008-7-16 98304]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\TEST\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [8/4/2011 8:16 AM 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [8/4/2011 8:16 AM 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [8/4/2011 8:15 AM 68064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R1 uzixmzc5;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzixmzc5.sys [8/12/2011 3:37 PM 11264]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [3/31/2010 5:39 AM 583640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/3/2009 8:46 AM 92008]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [8/4/2011 8:15 AM 148648]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [8/4/2011 8:15 AM 61088]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 8:30 PM 135664]
S2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);"f:\hitmanpro35.exe" /crusader:boot --> f:\HitmanPro35.exe [?]
S2 TermServices;Remote Desktop Services;c:\windows\System32\svchost.exe -k termfsc [3/16/2006 14336]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 4:39 PM 61952]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [6/16/2008 2:38 PM 57088]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\TEST\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\TEST\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 8:30 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/3/2010 9:53 PM 41272]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys --> c:\windows\system32\DRIVERS\activmouse.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 2:15 PM 12872]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [8/4/2011 8:15 AM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [8/4/2011 8:15 AM 25184]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 00:30]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 00:30]
.
2011-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4020052512-1902659552-4142755142-1005Core.job
- c:\documents and settings\TEST\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 20:40]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4020052512-1902659552-4142755142-1005UA.job
- c:\documents and settings\TEST\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 20:40]
.
2011-08-13 c:\windows\Tasks\User_Feed_Synchronization-{ACBB0E90-5ACE-40E0-B1A7-18F8264DEDF2}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.2.1 66.189.0.100 24.159.64.23 24.247.24.53
FF - ProfilePath - c:\documents and settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc887fc&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-12 23:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<[email protected]? ???(][email protected]?????<[email protected]
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HitmanPro35CrusaderBoot]
"ImagePath"="\"f:\hitmanpro35.exe\" /crusader:boot"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\charter security suite\hips\fshook32.dll
.
- - - - - - - > 'lsass.exe'(988)
c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
c:\program files\charter security suite\hips\fshook32.dll
.
- - - - - - - > 'explorer.exe'(2380)
c:\windows\system32\WININET.dll
c:\program files\charter security suite\hips\fshook32.dll
c:\program files\Charter Security Suite\Spam Control\fsscoepl.dll
c:\documents and settings\All Users\Application Data\ACTIV Software\ActivApplications\ActivFocusHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\RUNDLL32.EXE
c:\program files\Activ Software\ActivDriver\activmgr.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Charter Security Suite\Anti-Virus\fsgk32st.exe
c:\program files\Charter Security Suite\Common\FSMA32.EXE
c:\program files\Charter Security Suite\Anti-Virus\FSGK32.EXE
c:\program files\Charter Security Suite\Common\FSHDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Charter Security Suite\Anti-Virus\fssm32.exe
c:\program files\Charter Security Suite\FWES\Program\fsdfwd.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\program files\Charter Security Suite\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Completion time: 2011-08-12 23:14:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-13 03:13
ComboFix2.txt 2011-08-12 20:28
ComboFix3.txt 2011-08-11 17:44
ComboFix4.txt 2011-08-10 21:55
.
Pre-Run: 25,908,482,048 bytes free
Post-Run: 25,884,319,744 bytes free
.
- - End Of File - - DD227706AA22BEA3F482846975659570
  • 0

#35
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK a possible final run to kill it

First we will fix the MBR

Re-Run aswMBR

Click Scan

On completion of the scan

Click the FIXMBR Button

Posted Image

Save the log as before and post in your next reply

THEN

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\terdsw32.dll

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#36
p.ave

p.ave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Screwed up. Thought the MBR scan was complete and hit fix MBR. Scan was not complete. Did I just cause a major problem?
  • 0

#37
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Should not have, did it confirm the mbr replacement and ask for a reboot ?
  • 0

#38
p.ave

p.ave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Did not ask for reboot. I tried run it just now...steppped away from the computer and when I came back it was rebooting.
  • 0

#39
p.ave

p.ave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Not sure if it ran fully or just shut down. Cannot believe I did that. Any hope?
  • 0

#40
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If it rebooted normally then run the combofix script and then let me know what problems remain
  • 0

Advertisements


#41
p.ave

p.ave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here is the MBR fix log


aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-13 07:42:46
-----------------------------
07:42:46.890 OS Version: Windows 5.1.2600 Service Pack 3
07:42:46.890 Number of processors: 2 586 0x4802
07:42:46.906 ComputerName: YOUR-0CDC4F5844 UserName: TEST
07:42:47.359 Initialize success
07:42:53.734 AVAST engine defs: 11081201
07:42:56.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000088
07:42:56.265 Disk 0 Vendor: Size: 0MB BusType: 0
07:42:56.281 Disk 0 MBR read successfully
07:42:56.296 Disk 0 MBR scan
07:42:56.359 Disk 0 Windows XP default MBR code
07:42:56.359 Disk 0 MBR hidden
07:42:56.390 Disk 0 scanning C:\WINDOWS\system32\drivers
07:43:09.562 Service scanning
07:43:11.203 Modules scanning
07:43:18.171 Disk 0 trace - called modules:
07:43:18.187
07:43:18.609 AVAST engine scan C:\WINDOWS
07:43:25.937 AVAST engine scan C:\WINDOWS\system32
07:45:18.937 AVAST engine scan C:\WINDOWS\system32\drivers
07:45:34.265 AVAST engine scan C:\Documents and Settings\TEST
07:53:47.625 AVAST engine scan C:\Documents and Settings\All Users
07:55:51.671 Scan finished successfully
08:00:17.765 Verifying
08:00:27.812 Disk 0 Windows 501 MBR fixed successfully
08:00:49.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\TEST\Desktop\MBR.dat"
08:00:49.750 The log file has been saved successfully to "C:\Documents and Settings\TEST\Desktop\aswMBR8-13.txt"

Should I complete the combofix next?
  • 0

#42
p.ave

p.ave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Combofix log


ComboFix 11-08-13.02 - TEST 08/13/2011 8:29.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.440 [GMT -4:00]
Running from: c:\documents and settings\TEST\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\TEST\Desktop\CFScript.txt
AV: Charter Security Suite 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
FILE ::
"c:\windows\system32\terdsw32.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\terdsw32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TermServices
-------\Service_TermServices
.
.
((((((((((((((((((((((((( Files Created from 2011-07-13 to 2011-08-13 )))))))))))))))))))))))))))))))
.
.
2011-08-12 19:37 . 2011-08-12 19:37 11264 ----a-w- c:\windows\system32\drivers\uzixmzc5.sys
2011-08-11 19:23 . 2011-08-11 19:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-08-10 21:42 . 2011-08-13 07:24 -------- d--h--w- c:\windows\$hf_mig$
2011-08-10 21:42 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 21:41 . 2011-06-23 18:36 105984 ------w- c:\windows\system32\dllcache\url.dll
2011-08-10 21:41 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-10 15:16 . 2011-08-10 15:16 -------- d-----w- C:\Adobe
2011-08-10 14:47 . 2011-08-10 14:47 -------- d-----w- C:\_OTL
2011-08-10 01:18 . 2011-08-10 01:18 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2011-08-09 18:45 . 2011-08-10 00:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-08-07 13:03 . 2011-08-07 13:03 -------- d-----w- c:\documents and settings\TEST\Application Data\vmntemplate
2011-08-04 12:16 . 2011-08-12 20:55 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
2011-08-04 12:16 . 2009-08-05 15:57 80000 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2011-08-04 11:55 . 2011-08-13 07:45 -------- d-----w- c:\windows\system32\wbem\Logs
2011-08-04 11:51 . 2011-08-07 13:04 -------- d-----w- c:\documents and settings\TEST\Application Data\somototoolbar
2011-08-04 11:51 . 2011-08-04 11:51 -------- d-----w- c:\program files\somototoolbar
2011-08-04 11:51 . 2011-08-04 11:51 -------- d-----w- c:\program files\Temp File Cleaner FileBulldog Toolbar
2011-08-04 11:51 . 2011-08-04 11:51 -------- d-----w- c:\program files\Temp File Cleaner
2011-08-03 16:06 . 2011-08-03 16:06 -------- d-----w- c:\documents and settings\TEST\DoctorWeb
2011-08-02 20:48 . 2011-08-02 20:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2011-08-01 19:50 . 2011-08-01 19:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-08-01 17:23 . 2011-08-01 17:43 -------- d-----w- c:\documents and settings\TEST\Local Settings\Application Data\NPE
2011-08-01 16:58 . 2011-08-02 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-07-29 15:19 . 2011-07-29 15:19 -------- d-----w- c:\documents and settings\TEST\Application Data\F-Secure
2011-07-27 23:08 . 2011-07-27 23:08 -------- d-----w- c:\program files\Microsoft Silverlight
2011-07-21 20:23 . 2011-07-21 20:23 -------- d-----w- c:\documents and settings\TEST\Local Settings\Application Data\magicJack
2011-07-21 20:23 . 2011-07-21 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\magicJack
2011-07-21 20:13 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-07-21 20:13 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-07-21 12:23 . 2011-07-21 12:23 -------- d-----w- c:\documents and settings\TEST\Application Data\CANON INC
2011-07-21 12:21 . 2011-07-21 12:21 -------- d-----w- c:\documents and settings\TEST\Application Data\ZoomBrowser EX
2011-07-21 12:19 . 2011-07-21 12:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-21 12:07 . 2011-07-21 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2011-07-21 11:37 . 2011-07-21 11:37 -------- d-----w- c:\program files\Common Files\Canon
2011-07-18 17:38 . 2011-07-18 17:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-07-18 17:21 . 2011-07-18 17:21 -------- d-----w- c:\program files\iPod
2011-07-18 17:21 . 2011-07-18 17:22 -------- d-----w- c:\program files\iTunes
2011-07-18 17:21 . 2011-07-18 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-07-18 17:09 . 2011-07-18 17:09 -------- d-----w- c:\program files\Apple Software Update
2011-07-18 17:01 . 2011-07-18 17:02 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2005-01-19 12:26 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2006-03-16 04:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52 . 2010-03-04 01:53 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-03-04 01:53 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10 . 2006-03-16 04:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2006-03-16 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2006-03-16 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2006-03-16 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2006-03-16 04:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2006-03-16 04:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2006-03-16 04:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-30 02:14 . 2011-05-09 00:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_21.34.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-13 12:39 . 2011-08-13 12:39 16384 c:\windows\temp\Perflib_Perfdata_ddc.dat
+ 2011-08-13 12:40 . 2011-08-13 12:40 16384 c:\windows\temp\Perflib_Perfdata_d24.dat
+ 2006-06-29 18:27 . 2011-08-13 07:27 79404 c:\windows\system32\perfc009.dat
- 2006-06-29 18:27 . 2011-08-04 12:16 79404 c:\windows\system32\perfc009.dat
+ 2005-07-03 10:11 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll
- 2005-07-03 10:11 . 2011-04-25 16:11 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 08:31 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 08:31 . 2011-04-25 16:11 55296 c:\windows\system32\msfeedsbs.dll
- 2006-03-16 04:00 . 2011-04-25 16:11 25600 c:\windows\system32\jsproxy.dll
+ 2006-03-16 04:00 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll
- 2011-02-10 00:13 . 2011-04-25 16:11 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2011-02-10 00:13 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2011-02-10 00:13 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2011-02-10 00:13 . 2011-04-25 16:11 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2011-02-10 00:13 . 2011-04-25 16:11 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2011-02-10 00:13 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2011-02-10 00:13 . 2011-04-25 16:11 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2011-02-10 00:13 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2011-02-10 00:13 . 2011-04-25 16:11 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2011-02-10 00:13 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2011-08-13 07:19 . 2011-04-25 16:11 12800 c:\windows\ie8updates\KB2559049-IE8\xpshims.dll
+ 2011-08-13 07:19 . 2011-04-25 16:11 66560 c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll
+ 2011-08-13 07:19 . 2011-04-25 16:11 55296 c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll
+ 2011-08-13 07:19 . 2011-04-25 16:11 43520 c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll
+ 2011-08-13 07:19 . 2011-04-25 16:11 25600 c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll
+ 2011-08-13 07:32 . 2011-08-13 07:32 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\47e0dd4fe04c9e5ac5191967d85d6931\WindowsLiveWriter.ni.exe
+ 2011-08-13 07:33 . 2011-08-13 07:33 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8379dc38b3fd1cbcb00b46e92b086848\WindowsLive.Writer.Api.ni.dll
+ 2011-08-13 07:30 . 2011-08-13 07:30 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll
- 2011-06-19 10:25 . 2011-06-19 10:25 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll
+ 2011-08-13 07:37 . 2011-08-13 07:37 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\343c52b741531ce9ae874ea7508831a7\System.Windows.Presentation.ni.dll
+ 2011-08-13 07:36 . 2011-08-13 07:36 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\246110974e3c48733458819b07464b23\System.Web.DynamicData.Design.ni.dll
+ 2011-08-13 07:36 . 2011-08-13 07:36 94720 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\dd87623fa34f756f7eb2d6560a4ac494\System.ComponentModel.DataAnnotations.ni.dll
- 2011-06-19 10:30 . 2011-06-19 10:30 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\177a17af98d803ab79006d6785706462\System.AddIn.Contract.ni.dll
+ 2011-08-13 07:34 . 2011-08-13 07:34 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\177a17af98d803ab79006d6785706462\System.AddIn.Contract.ni.dll
+ 2011-08-13 07:28 . 2011-08-13 07:28 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\40ee65aacd9d7472cd6f8dddbfca604b\PresentationFontCache.ni.exe
+ 2011-08-13 07:28 . 2011-08-13 07:28 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\12c424eed7ee0e9c017bf72ff09eb78c\PresentationCFFRasterizer.ni.dll
+ 2011-08-13 07:35 . 2011-08-13 07:35 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f9c514544c8e23220493cd42a0e20678\Microsoft.Vsa.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll
- 2011-06-19 10:30 . 2011-06-19 10:30 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-06-19 10:14 . 2011-06-19 10:14 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2006-03-16 04:00 . 2011-06-23 18:36 105984 c:\windows\system32\url.dll
- 2006-03-16 04:00 . 2009-03-08 08:34 105984 c:\windows\system32\url.dll
+ 2006-06-29 18:27 . 2011-08-13 07:27 462682 c:\windows\system32\perfh009.dat
- 2006-06-29 18:27 . 2011-08-04 12:16 462682 c:\windows\system32\perfh009.dat
+ 2006-03-16 04:00 . 2011-06-23 18:36 206848 c:\windows\system32\occache.dll
- 2006-03-16 04:00 . 2011-04-25 16:11 206848 c:\windows\system32\occache.dll
- 2006-03-16 04:00 . 2011-04-25 16:11 611840 c:\windows\system32\mstime.dll
+ 2006-03-16 04:00 . 2011-06-23 18:36 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 08:32 . 2011-06-23 18:36 602112 c:\windows\system32\msfeeds.dll
- 2009-03-08 08:32 . 2011-04-25 16:11 602112 c:\windows\system32\msfeeds.dll
- 2006-01-25 10:54 . 2011-04-25 16:11 184320 c:\windows\system32\iepeers.dll
+ 2006-01-25 10:54 . 2011-06-23 18:36 184320 c:\windows\system32\iepeers.dll
+ 2006-03-16 04:00 . 2011-06-23 18:36 387584 c:\windows\system32\iedkcs32.dll
- 2006-03-16 04:00 . 2011-04-25 16:11 387584 c:\windows\system32\iedkcs32.dll
+ 2006-03-16 04:00 . 2011-06-23 12:05 173568 c:\windows\system32\ie4uinit.exe
- 2006-03-16 04:00 . 2011-04-25 12:01 173568 c:\windows\system32\ie4uinit.exe
+ 2011-04-26 11:07 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
- 2011-04-26 11:07 . 2011-04-26 11:07 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-02-10 00:13 . 2011-06-23 18:36 916480 c:\windows\system32\dllcache\wininet.dll
- 2011-02-10 00:13 . 2011-04-25 16:11 916480 c:\windows\system32\dllcache\wininet.dll
- 2011-02-10 00:13 . 2011-04-25 16:11 206848 c:\windows\system32\dllcache\occache.dll
+ 2011-02-10 00:13 . 2011-06-23 18:36 206848 c:\windows\system32\dllcache\occache.dll
+ 2011-02-10 00:13 . 2011-06-23 18:36 611840 c:\windows\system32\dllcache\mstime.dll
- 2011-02-10 00:13 . 2011-04-25 16:11 611840 c:\windows\system32\dllcache\mstime.dll
- 2011-02-10 00:13 . 2011-04-25 16:11 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2011-02-10 00:13 . 2011-06-23 18:36 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2011-04-14 21:10 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
- 2011-04-14 21:10 . 2011-04-29 16:19 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2011-02-10 00:13 . 2011-06-23 18:36 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2011-02-10 00:13 . 2011-04-25 16:11 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2011-02-10 00:13 . 2011-06-23 18:36 184320 c:\windows\system32\dllcache\iepeers.dll
- 2011-02-10 00:13 . 2011-04-25 16:11 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2011-02-10 00:13 . 2011-06-23 18:36 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2011-02-10 00:13 . 2011-04-25 16:11 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2011-02-10 00:13 . 2011-04-25 16:11 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2011-02-10 00:13 . 2011-06-23 18:36 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2011-02-10 00:13 . 2011-04-25 12:01 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-02-10 00:13 . 2011-06-23 12:05 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-08-13 07:19 . 2011-04-25 16:11 916480 c:\windows\ie8updates\KB2559049-IE8\wininet.dll
+ 2011-08-13 07:19 . 2009-03-08 08:34 105984 c:\windows\ie8updates\KB2559049-IE8\url.dll
+ 2011-08-13 07:19 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
+ 2011-08-13 07:19 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
+ 2011-08-13 07:19 . 2011-04-25 16:11 206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll
+ 2011-08-13 07:19 . 2011-04-25 16:11 611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll
+ 2011-08-13 07:19 . 2011-04-25 16:11 602112 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
+ 2011-08-13 07:19 . 2011-04-25 16:11 247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
+ 2011-08-13 07:19 . 2011-04-25 16:11 184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
+ 2011-08-13 07:19 . 2011-04-25 16:11 743424 c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
+ 2011-08-13 07:19 . 2011-04-25 16:11 387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
+ 2011-08-13 07:19 . 2011-04-25 12:01 173568 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
- 2008-11-11 19:57 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-11-11 19:57 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-08-13 07:33 . 2011-08-13 07:33 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\cc14c69205b984edba1db26fd5e421ac\WsatConfig.ni.exe
+ 2011-08-13 07:33 . 2011-08-13 07:33 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\be230222afc4ac16af2745c66a9b5014\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fc0df76553f27dbe81b44e1feff6241a\WindowsLive.Writer.HtmlParser.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f56e04e5688b837d1da24f16c7bd23c1\WindowsLive.Writer.Mshtml.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ed2c16c41895f3ca9a221c54ef0afb95\WindowsLive.Writer.BlogClient.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b732fc4a98715dc49365641879c7cde0\WindowsLive.Writer.Localization.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b6a4d3bddbbafbcc633e7d09a3b3b7c0\WindowsLive.Writer.FileDestinations.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b2fa3d80779829ca0d29b039eba7b6c8\WindowsLive.Writer.Instrumentation.ni.dll
+ 2011-08-13 07:32 . 2011-08-13 07:32 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b1408a406bf6cedf6dabd8bb91b10933\WindowsLive.Writer.Controls.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a46a0c3a6f9cdd29bc9e1518ddfff1cf\WindowsLive.Writer.Passport.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8c5e2af7f9432f5937528be8eca7e74f\WindowsLive.Writer.BrowserControl.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6303299e64ab859f46036cfbf2426d11\WindowsLive.Writer.Interop.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\51cf4e293cd48162a780437877102c77\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\17a0bb4a638ab04b49710aa1976adfbd\WindowsLive.Writer.SpellChecker.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\03b22b0e79cac36b7d600f7759fcea32\WindowsLive.Writer.Extensibility.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\6ccef8f8ef1459d95a24a40f6ca4e138\WindowsLive.Client.ni.dll
+ 2011-08-13 07:30 . 2011-08-13 07:30 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\39ce0c9c9cc294c0ee26c4ff01522961\WindowsFormsIntegration.ni.dll
+ 2011-08-13 07:30 . 2011-08-13 07:30 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\3740d6db28af31a6523a79fcdd71fbeb\UIAutomationTypes.ni.dll
- 2011-06-19 10:25 . 2011-06-19 10:25 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\3740d6db28af31a6523a79fcdd71fbeb\UIAutomationTypes.ni.dll
+ 2011-08-13 07:30 . 2011-08-13 07:30 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\431e918aee8da919f5b9e3a5195ccf93\UIAutomationClient.ni.dll
+ 2011-08-13 07:37 . 2011-08-13 07:37 420864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\26efc5fe041f2cef193b01f67d8934f8\System.Xml.Linq.ni.dll
+ 2011-08-13 07:37 . 2011-08-13 07:37 130048 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\cc7af5514efff39bd03b93e7b7ee8e72\System.Web.Routing.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\203c148c913357bfc2ae9d209101f2b3\System.Web.RegularExpressions.ni.dll
+ 2011-08-13 07:37 . 2011-08-13 07:37 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f89fe39468ea6faf71c4257c89cf3c54\System.Web.Extensions.Design.ni.dll
+ 2011-08-13 07:36 . 2011-08-13 07:36 329216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\d3fb1eb7555715da164d08aeb8973413\System.Web.Entity.ni.dll
+ 2011-08-13 07:36 . 2011-08-13 07:36 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f99ae85f0ed3643740e6c5a39a969f89\System.Web.Entity.Design.ni.dll
+ 2011-08-13 07:36 . 2011-08-13 07:36 551936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\928067080470fbff36fe662cc27a0c62\System.Web.DynamicData.ni.dll
+ 2011-08-13 07:36 . 2011-08-13 07:36 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5f8e87b47465a038403e73012c6d102a\System.Web.Abstractions.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
+ 2011-08-13 07:32 . 2011-08-13 07:32 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\de9cd25ccb24bcf8a0316756e766721f\System.Security.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\21248037960cf6dfa2ce401d355bd6c9\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b7e0214a811f81e09041864081139641\System.Runtime.Remoting.ni.dll
+ 2011-08-13 07:35 . 2011-08-13 07:35 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\480ea914e13fe41cdd8fb542bb1f7e81\System.Net.ni.dll
+ 2011-08-13 07:35 . 2011-08-13 07:35 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
+ 2011-08-13 07:35 . 2011-08-13 07:35 331264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\9ce265b0f650716be6ee28cebe3b700c\System.Management.Instrumentation.ni.dll
+ 2011-08-13 07:35 . 2011-08-13 07:35 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\fcf8612a210d1f76e0b37dc8467b4696\System.IO.Log.ni.dll
+ 2011-08-13 07:35 . 2011-08-13 07:35 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\ec017b5a95d02fccaefd835490ef1e14\System.IdentityModel.Selectors.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.Wrapper.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
+ 2011-08-13 07:30 . 2011-08-13 07:30 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\f7cd3d07c15366b76fe4c38d24455d6b\System.Drawing.Design.ni.dll
+ 2011-08-13 07:35 . 2011-08-13 07:35 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\822c996e6ad4901219b7de399a6f78bf\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1ffe911e62f482e42be2c4428bd08c10\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-13 07:35 . 2011-08-13 07:35 944128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\9517dcb4a209285a67577c012de09de0\System.Data.Services.Client.ni.dll
+ 2011-08-13 07:35 . 2011-08-13 07:35 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\69d003e5b2e52cdb65e643f6188b57a8\System.Data.Services.Design.ni.dll
+ 2011-08-13 07:35 . 2011-08-13 07:35 759296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\ccaae44c6003742dabace6952958ab8f\System.Data.Entity.Design.ni.dll
+ 2011-08-13 07:34 . 2011-08-13 07:34 136704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\a7cd205773e55921f28ac30c84fb067b\System.Data.DataSetExtensions.ni.dll
+ 2011-08-13 07:32 . 2011-08-13 07:32 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\585e68739b2a8aff61ee6b2786513245\System.Configuration.Install.ni.dll
+ 2011-08-13 07:37 . 2011-08-13 07:37 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\fbf6ef12d1456058acde29f2640092fb\System.AddIn.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\896e42071939e038008b0bbbfed1213c\SMSvcHost.ni.exe
+ 2011-08-13 07:33 . 2011-08-13 07:33 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca07e9cf488af1290d2340d682574a24\SMDiagnostics.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a5aa977dd575a6beb3a416bd480b98a7\ServiceModelReg.ni.exe
+ 2011-08-13 07:29 . 2011-08-13 07:29 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f52e48f55258d0a04fbab3a1f93752e9\PresentationFramework.Classic.ni.dll
+ 2011-08-13 07:29 . 2011-08-13 07:29 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\cf812b99f587ab514afb36fa9d4c1567\PresentationFramework.Aero.ni.dll
+ 2011-08-13 07:29 . 2011-08-13 07:29 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b7795999cc67f3a6cec40f5b24005e00\PresentationFramework.Luna.ni.dll
+ 2011-08-13 07:29 . 2011-08-13 07:29 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09f5af61ea2af04eb32c04b3091ffc86\PresentationFramework.Royale.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\2d89c7b72bc8e527b26d5b6f3b931012\MSBuild.ni.exe
+ 2011-08-13 07:34 . 2011-08-13 07:34 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\39e9d172f0cf5eec30b1b67212cc032b\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-13 07:34 . 2011-08-13 07:34 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\f1b0ec3ccde9142e67ac681fb521ac66\Microsoft.Build.Utilities.ni.dll
+ 2011-08-13 07:34 . 2011-08-13 07:34 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9250f038410f0d6432e3ccb0b046862b\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a4672179aba638cd78bdfe268391b47b\Microsoft.Build.Engine.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\37db660a84ee52b61a7ca55812581bbd\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\fe9a21b94803f74697bb42b9d1fdea5b\ComSvcConfig.ni.exe
+ 2011-08-13 07:32 . 2011-08-13 07:32 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\f160c8e40b60edd47ae74b0b911fece1\AspNetMMCExt.ni.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2006-03-16 04:00 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll
+ 2006-03-16 04:00 . 2011-07-25 15:17 5969920 c:\windows\system32\mshtml.dll
+ 2009-03-08 08:32 . 2011-06-23 18:36 1991680 c:\windows\system32\iertutil.dll
- 2009-03-08 08:32 . 2011-04-25 16:11 1991680 c:\windows\system32\iertutil.dll
+ 2011-02-10 00:13 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2011-02-10 00:13 . 2011-07-25 15:17 5969920 c:\windows\system32\dllcache\mshtml.dll
- 2011-02-10 00:13 . 2011-04-25 16:11 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-02-10 00:13 . 2011-06-23 18:36 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-04-29 01:50 . 2011-04-29 01:50 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-05-02 04:06 . 2011-05-02 04:06 2705920 c:\windows\Installer\ec04bd.msp
+ 2011-08-13 07:19 . 2011-04-25 16:11 1211904 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
+ 2011-08-13 07:19 . 2011-05-30 22:19 5964800 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
+ 2011-08-13 07:19 . 2011-04-25 16:11 1991680 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
+ 2011-08-13 07:32 . 2011-08-13 07:32 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\cc51b3dd4d9c89a2c0c1280de68948ce\WindowsLive.Writer.PostEditor.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\95c198599047f7c9253cd76b5abd8d10\WindowsLive.Writer.CoreServices.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7d8a845118aca7d541ce818b367540f8\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2011-08-13 07:28 . 2011-08-13 07:28 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd6e0cd6f124a6d041ef1b4c9a5f080b\WindowsBase.ni.dll
+ 2011-08-13 07:30 . 2011-08-13 07:30 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\162600dde59fbaa0c048a949158ecba3\UIAutomationClientsideProviders.ni.dll
+ 2011-08-13 07:28 . 2011-08-13 07:28 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
+ 2011-08-13 07:30 . 2011-08-13 07:30 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
+ 2011-08-13 07:37 . 2011-08-13 07:37 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\22229a30650a9afbac984e1093898b13\System.WorkflowServices.ni.dll
+ 2011-08-13 07:37 . 2011-08-13 07:37 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\4d6b3cc1fc7a4788612241af7966715a\System.Workflow.Runtime.ni.dll
+ 2011-08-13 07:37 . 2011-08-13 07:37 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\e4c9853af945c9cfede19f3faf18af6e\System.Workflow.ComponentModel.ni.dll
+ 2011-08-13 07:37 . 2011-08-13 07:37 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\ab4b50c7c789e46a485903365765fde8\System.Workflow.Activities.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a2392c995b1bb6b63079091259222357\System.Web.Services.ni.dll
+ 2011-08-13 07:37 . 2011-08-13 07:37 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\3da92a0b9b8ac97e11ca8bf4df671a78\System.Web.Mobile.ni.dll
+ 2011-08-13 07:37 . 2011-08-13 07:37 2407936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\fe63bc1e04dfa2d2f798ced316bc18a8\System.Web.Extensions.ni.dll
+ 2011-08-13 07:30 . 2011-08-13 07:30 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e1208f0d981c420fc59f806bfbaa713b\System.Speech.ni.dll
+ 2011-08-13 07:36 . 2011-08-13 07:36 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\27e1b8dfd5e1ccf2c5b9efc51f674c69\System.ServiceModel.Web.ni.dll
+ 2011-08-13 07:32 . 2011-08-13 07:32 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dece01bd9e9c32e47630fdfc78d3bd32\System.Runtime.Serialization.ni.dll
+ 2011-08-13 07:30 . 2011-08-13 07:30 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\90b444d02047ef27921153d46967ef0e\System.Printing.ni.dll
+ 2011-08-13 07:32 . 2011-08-13 07:32 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a50e2fc92db32751857fb8d297f9d7bc\System.IdentityModel.ni.dll
+ 2011-08-13 07:30 . 2011-08-13 07:30 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\259ecf480769f4e60514b7ae2abaa6f1\System.DirectoryServices.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\71cf3eb40fc38e6ac8fba09e872d2878\System.Deployment.ni.dll
+ 2011-08-13 07:29 . 2011-08-13 07:29 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll
+ 2011-08-13 07:32 . 2011-08-13 07:32 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0b16305773369cf740c6a2b1f1d785b2\System.Data.SqlXml.ni.dll
+ 2011-08-13 07:35 . 2011-08-13 07:35 1330176 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\cfdbe8867f1eb2a5e1d3c921ed0c2353\System.Data.Services.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\c729750d54f6e7427230622bcccd4709\System.Data.OracleClient.ni.dll
+ 2011-08-13 07:30 . 2011-08-13 07:30 2526720 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\272123f4a76ea5d3873b04731048e3f1\System.Data.Linq.ni.dll
+ 2011-08-13 07:35 . 2011-08-13 07:35 9926656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\ea6b043b5880320410cf353e206af60d\System.Data.Entity.ni.dll
+ 2011-08-13 07:37 . 2011-08-13 07:37 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e54e013315849f5e34d8f2a8e7fdb450\System.Core.ni.dll
+ 2011-08-13 07:29 . 2011-08-13 07:29 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\24ab0cacc77e8696ceff3157942a2de4\ReachFramework.ni.dll
+ 2011-08-13 07:29 . 2011-08-13 07:29 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\fac1ca86f4fea17de40d7fdaba38563e\PresentationUI.ni.dll
+ 2011-08-13 07:28 . 2011-08-13 07:28 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b187becbc388c4ce7f33ede4da76e7b1\PresentationBuildTasks.ni.dll
+ 2011-08-13 07:34 . 2011-08-13 07:34 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c6b19db2534042d435ede580f92bc75c\Microsoft.VisualBasic.ni.dll
+ 2011-08-13 07:34 . 2011-08-13 07:34 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\08594c4ba9ea0253a836fe1d8d341984\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-13 07:35 . 2011-08-13 07:35 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\345abd035c9378667b1cac54c1f21c97\Microsoft.JScript.ni.dll
+ 2011-08-13 07:34 . 2011-08-13 07:34 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\906cd5555b79e4e0486dc8ef2a748b13\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-08-13 07:34 . 2011-08-13 07:34 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7baff7d694394aaba490082c88d48fd2\Microsoft.Build.Tasks.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\235a22e1ae9742bb724d411629dd99d5\Microsoft.Build.Engine.ni.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-08-13 07:27 . 2011-08-13 07:27 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-06-19 10:14 . 2011-06-19 10:14 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-08-13 07:26 . 2011-08-13 07:26 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-04-08 17:19 . 2011-08-13 07:20 52390856 c:\windows\system32\MRT.exe
- 2009-03-08 08:39 . 2011-04-26 14:11 11081728 c:\windows\system32\ieframe.dll
+ 2009-03-08 08:39 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll
- 2010-12-21 10:29 . 2011-04-26 14:11 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2010-12-21 10:29 . 2011-06-23 18:36 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-08-13 07:19 . 2011-04-26 14:11 11081728 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
+ 2011-08-13 07:30 . 2011-08-13 07:30 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
+ 2011-08-13 07:33 . 2011-08-13 07:33 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
+ 2011-08-13 07:36 . 2011-08-13 07:36 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3a0205acab2215fbad7927d9d483aeb\System.ServiceModel.ni.dll
+ 2011-08-13 07:30 . 2011-08-13 07:30 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\63ad0cd9b5e038c8e2e41415657db8fc\System.Design.ni.dll
+ 2011-08-13 07:29 . 2011-08-13 07:29 14615552 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e441e6115f04e1ad5bddda88f3bbaa55\PresentationFramework.ni.dll
+ 2011-08-13 07:29 . 2011-08-13 07:29 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5f332c48d03eca57419c4f0e884092ee\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{652853ad-5592-4231-88c6-706613a52e61}]
2011-07-21 16:40 81920 ----a-w- c:\program files\somototoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{652853ad-5592-4231-88c6-706613a52e61}"= "c:\program files\somototoolbar\vmntemplateX.dll" [2011-07-21 81920]
.
[HKEY_CLASSES_ROOT\clsid\{652853ad-5592-4231-88c6-706613a52e61}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-31 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-06-03 251240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
"nwiz"="nwiz.exe" [2006-08-18 1617920]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ActivControl"="c:\program files\Activ Software\ActivDriver\ActivControl2.exe" [2010-06-10 1092896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"F-Secure Manager"="c:\program files\Charter Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2008-7-16 98304]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\TEST\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [8/4/2011 8:16 AM 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [8/4/2011 8:16 AM 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [8/4/2011 8:15 AM 68064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R1 uzixmzc5;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzixmzc5.sys [8/12/2011 3:37 PM 11264]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [3/31/2010 5:39 AM 583640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/3/2009 8:46 AM 92008]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [8/4/2011 8:15 AM 148648]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [8/4/2011 8:15 AM 61088]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 8:30 PM 135664]
S2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);"f:\hitmanpro35.exe" /crusader:boot --> f:\HitmanPro35.exe [?]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 4:39 PM 61952]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [6/16/2008 2:38 PM 57088]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\TEST\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\TEST\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 8:30 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/3/2010 9:53 PM 41272]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys --> c:\windows\system32\DRIVERS\activmouse.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 2:15 PM 12872]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [8/4/2011 8:15 AM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [8/4/2011 8:15 AM 25184]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 00:30]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 00:30]
.
2011-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4020052512-1902659552-4142755142-1005Core.job
- c:\documents and settings\TEST\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 20:40]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4020052512-1902659552-4142755142-1005UA.job
- c:\documents and settings\TEST\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 20:40]
.
2011-08-13 c:\windows\Tasks\User_Feed_Synchronization-{ACBB0E90-5ACE-40E0-B1A7-18F8264DEDF2}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.2.1 66.189.0.100 24.159.64.23 24.247.24.53
FF - ProfilePath - c:\documents and settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc887fc&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-13 08:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<[email protected]? ???(][email protected]?????<[email protected]
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HitmanPro35CrusaderBoot]
"ImagePath"="\"f:\hitmanpro35.exe\" /crusader:boot"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\charter security suite\hips\fshook32.dll
.
- - - - - - - > 'lsass.exe'(988)
c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
c:\program files\charter security suite\hips\fshook32.dll
.
- - - - - - - > 'explorer.exe'(844)
c:\windows\system32\WININET.dll
c:\program files\charter security suite\hips\fshook32.dll
c:\program files\Charter Security Suite\Spam Control\fsscoepl.dll
c:\documents and settings\All Users\Application Data\ACTIV Software\ActivApplications\ActivFocusHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\RUNDLL32.EXE
c:\program files\Activ Software\ActivDriver\activmgr.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Charter Security Suite\Anti-Virus\fsgk32st.exe
c:\program files\Charter Security Suite\Common\FSMA32.EXE
c:\program files\Charter Security Suite\Anti-Virus\FSGK32.EXE
c:\program files\Charter Security Suite\Common\FSHDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Charter Security Suite\FWES\Program\fsdfwd.exe
c:\program files\Charter Security Suite\Anti-Virus\fssm32.exe
c:\windows\system32\dllhost.exe
c:\program files\Charter Security Suite\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Completion time: 2011-08-13 08:46:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-13 12:45
ComboFix2.txt 2011-08-13 03:14
ComboFix3.txt 2011-08-12 20:28
ComboFix4.txt 2011-08-11 17:44
ComboFix5.txt 2011-08-13 12:27
.
Pre-Run: 25,562,030,080 bytes free
Post-Run: 25,628,303,360 bytes free
.
- - End Of File - - BCF24E70A3D3C67D14CBA32FCC9BC40B
  • 0

#43
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
MBR is now reporting good, how is the computer behaving ?
  • 0

#44
p.ave

p.ave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Like normal...much thanks!!!
  • 0

#45
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check
Posted Image

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :unsure:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP