|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
06-29-2009, 09:24 AM
|
#21 (permalink) | |
|
Registered User
Join Date: May 2006
Location: Boston, MA
Posts: 56
OS: Win XP SP3
|
Re: Suspected Malware
Quote:
My router is a Cisco Linksys WRT54G.
__________________
i know just enough about computers to screw things up royally... |
|
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
06-29-2009, 12:36 PM
|
#22 (permalink) |
|
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Jun 2006
Location: USA
Posts: 7,441
OS: XP SP3
|
Re: Suspected Malware
Perform a hard reset of the router and see if that helps.
This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. While still powered, press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). You may also want to ask your ISP for help in case there are custom settings that need to be maintained. Then change your admin login and password--make it a strong password. The the following links explain how to get to your router's page, how to change your default router login credentials and how to secure your router. <http://linksys.custhelp.com/cgi-bin/...hp?p_faqid=598> If you don't feel comfortable about doing this yourself, call your internet service provider and ask them to walk you through it. Make sure that you note the new login ID and password somewhere safe for future use. The following link explains how to secure your wireless router: http://www.onguardonline.gov/tools/p...-password.aspx When you're done, again make sure to keep a record of the changes you've made, in case you need to access them again. ========================== Also, lately, the firewalls have become very aggressive, causing more trouble than usefulness. Your wireless router has a built-in hardware firewall. You don't really need a third party firewall. If the above procedure doesn't solve the problem, it's likely to be a ZoneAlarm issue. The choice is yours, but if I were you, I would uninstall it, reboot and turn the Windows firewall on. ========================== Let me know how all that worked out.
__________________
My services are free. However, you can donate to TSF to help keep it running.   Member of ASAP since 2005 Member of UNITE since 2006 |
|
|
|
|
06-30-2009, 07:39 AM
|
#23 (permalink) |
|
Registered User
Join Date: May 2006
Location: Boston, MA
Posts: 56
OS: Win XP SP3
|
Re: Suspected Malware
Ok, I reset the router, put in a password, uninstalled ZoneAlarm, turned on Windows Firewall, and I still can't connect to the MS Update page. I'm still getting this "Google Error: Not Found The requested URL /microsoftupdate was not found on this server" page, which I've never seen anywhere else.
Edit: I'm also being blocked from accessing the Spybot S&D homepage when I do a google search for it, and even when I type the URL directly into my address bar it won't connect. I'm also unable to connect to the Malwarebytes homepage, either through a google search or directly.
__________________
i know just enough about computers to screw things up royally... Last edited by raj1439; 06-30-2009 at 07:47 AM. |
|
|
|
|
06-30-2009, 07:46 AM
|
#24 (permalink) |
|
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Jun 2006
Location: USA
Posts: 7,441
OS: XP SP3
|
Re: Suspected Malware
Hi,
I asked this question earlier and I don't think I got the reply. Is this happening only with the Microsoft update page? Combofix has recently been updated. Please run Combofix again, as per my previous instructions, and allow it to update when prompted. Post the new log please.
__________________
My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006 |
|
|
|
|
06-30-2009, 08:14 AM
|
#25 (permalink) |
|
Registered User
Join Date: May 2006
Location: Boston, MA
Posts: 56
OS: Win XP SP3
|
Re: Suspected Malware
Hi:
As I said in my post above (not sure if you saw the edit addition), I'm unable to connect to the Spybot home page or the Malwarebytes homepage...I can try others if you need me to. Here's the log from the latest ComboFix run - I'm going to have to post it in 2 posts because I'm getting a 'too many characters' error: ComboFix 09-06-29.04 - Gaming 06/30/2009 9:49.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1654 [GMT -4:00] Running from: c:\documents and settings\Gaming\Desktop\CompFix 09\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090629-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 ))))))))))))))))))))))))))))))) . 2009-06-29 19:55 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-06-29 19:55 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys 2009-06-29 19:54 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-06-29 19:54 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys 2009-06-29 19:54 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-06-29 19:54 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys 2009-06-29 13:26 . 2009-06-29 13:26 -------- d-----w- c:\windows\system32\XPSViewer 2009-06-29 13:25 . 2009-06-29 13:25 -------- d-----w- c:\program files\MSBuild 2009-06-29 13:25 . 2009-06-29 13:25 -------- d-----w- c:\program files\Reference Assemblies 2009-06-29 13:25 . 2009-06-29 13:25 -------- d-----w- C:\3f2f85fd56c287c18d608d6c5a76ca7e 2009-06-29 13:25 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-06-29 13:25 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-06-29 13:25 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-06-29 13:25 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-06-29 13:25 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-06-29 13:25 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-06-29 13:25 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-06-29 13:24 . 2009-06-29 13:40 -------- d-----w- c:\windows\SxsCaPendDel 2009-06-29 13:18 . 2009-06-29 13:18 -------- d-----w- c:\windows\ie8updates 2009-06-29 13:13 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-06-29 13:13 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-29 13:10 . 2009-06-29 13:10 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-06-29 13:03 . 2009-06-29 13:03 -------- d-----w- c:\program files\Zone Labs 2009-06-26 21:56 . 2009-06-30 13:39 -------- d-----w- c:\program files\SpywareBlaster 2009-06-25 20:28 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-06-25 20:28 . 2009-06-25 20:28 -------- d-----w- c:\program files\Panda Security 2009-06-25 05:05 . 2009-06-25 05:05 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2009-06-25 05:03 . 2009-06-25 05:03 152576 ----a-w- c:\documents and settings\Gaming\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-06-24 14:02 . 2009-06-24 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-06-23 14:30 . 2009-06-23 15:40 -------- d-----w- c:\documents and settings\Gaming\Application Data\dvdcss 2009-06-23 14:30 . 2009-06-23 15:48 -------- d-----w- c:\documents and settings\Gaming\Application Data\vlc 2009-06-23 14:28 . 2009-06-23 14:28 -------- d-----w- c:\program files\VideoLAN 2009-06-21 20:09 . 2009-06-21 20:09 -------- d-sh--w- c:\documents and settings\Gaming\IECompatCache 2009-06-19 17:47 . 2009-06-19 17:47 -------- d-sh--w- c:\documents and settings\Gaming\PrivacIE 2009-06-19 17:24 . 2009-06-19 17:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-06-19 17:23 . 2009-06-19 17:23 -------- d-sh--w- c:\documents and settings\Gaming\IETldCache 2009-06-19 17:17 . 2009-06-19 17:20 -------- dc-h--w- c:\windows\ie8 2009-06-09 00:22 . 2009-06-09 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-09 00:19 . 2009-06-09 00:19 -------- d-----w- c:\program files\Bonjour 2009-06-09 00:14 . 2009-06-09 00:15 -------- d-----w- c:\program files\QuickTime 2009-06-09 00:07 . 2009-06-09 00:07 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-06-03 22:41 . 2009-06-03 22:42 -------- d-----w- C:\OutputFolder . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-30 13:39 . 2007-10-14 13:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-29 14:31 . 2006-12-22 20:14 132960 ----a-w- c:\documents and settings\Gaming\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-29 13:38 . 2005-04-27 01:16 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-06-29 13:24 . 2006-05-13 19:14 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-06-29 13:24 . 2006-05-13 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-06-25 05:04 . 2005-04-21 23:06 -------- d-----w- c:\program files\Java 2009-06-25 04:58 . 2005-04-21 23:08 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-25 04:58 . 2005-05-10 09:42 -------- d-----w- c:\program files\iPod 2009-06-19 22:47 . 2006-06-16 05:00 -------- d-----w- c:\program files\Agent 2009-06-19 22:46 . 2005-04-27 03:14 -------- d-----w- c:\documents and settings\Rich\Application Data\Lavasoft 2009-06-19 18:07 . 2006-09-20 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-06-18 22:19 . 2005-04-27 09:28 -------- d-----w- c:\program files\FirstClass 2009-06-09 00:23 . 2006-09-17 01:09 -------- d-----w- c:\program files\iTunes 2009-06-09 00:22 . 2007-09-02 17:05 -------- d-----w- c:\program files\Common Files\Apple 2009-06-08 22:44 . 2008-02-13 22:47 -------- d-----w- c:\documents and settings\Gaming\Application Data\uTorrent 2009-05-13 05:15 . 2004-08-10 17:51 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:32 . 2004-08-10 17:51 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-17 12:26 . 2004-08-10 17:51 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-08-10 17:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_13.43.23 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-30 13:31 . 2009-06-30 13:31 16384 c:\windows\Temp\Perflib_Perfdata_74c.dat + 2009-06-30 13:30 . 2009-06-30 13:30 16384 c:\windows\Temp\Perflib_Perfdata_59c.dat + 2008-07-30 01:10 . 2008-07-30 01:10 26112 c:\windows\system32\TsWpfWrp.exe + 2009-06-29 13:25 . 2008-07-06 12:06 89088 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll + 2008-07-29 23:59 . 2008-07-29 23:59 43544 c:\windows\system32\PresentationHostProxy.dll + 2004-08-10 17:51 . 2009-06-29 13:30 71732 c:\windows\system32\perfc009.dat - 2007-10-24 05:47 . 2007-10-24 05:47 15360 c:\windows\system32\mui\0409\mscorees.dll + 2008-07-25 15:17 . 2008-07-25 15:17 15360 c:\windows\system32\mui\0409\mscorees.dll + 2008-07-25 15:16 . 2008-07-25 15:16 83968 c:\windows\system32\mscories.dll - 2004-08-10 17:51 . 2009-03-08 08:33 25600 c:\windows\system32\jsproxy.dll + 2004-08-10 17:51 . 2009-04-30 21:22 25600 c:\windows\system32\jsproxy.dll + 2008-07-29 23:24 . 2008-07-29 23:24 97800 c:\windows\system32\infocardapi.dll + 2008-07-29 23:24 . 2008-07-29 23:24 11264 c:\windows\system32\icardres.dll + 2008-07-30 01:10 . 2008-07-30 01:10 73720 c:\windows\system32\dxva2.dll + 2006-05-10 05:25 . 2009-04-30 21:22 25600 c:\windows\system32\dllcache\jsproxy.dll - 2006-05-10 05:25 . 2009-03-08 08:33 25600 c:\windows\system32\dllcache\jsproxy.dll + 2008-07-25 15:16 . 2008-07-25 15:16 96760 c:\windows\system32\dfshim.dll - 2007-10-24 05:47 . 2007-10-24 05:47 96760 c:\windows\system32\dfshim.dll + 2008-07-30 03:40 . 2008-07-30 03:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll + 2008-07-30 03:40 . 2008-07-30 03:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe + 2008-07-30 03:40 . 2008-07-30 03:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll + 2008-07-30 03:40 . 2008-07-30 03:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll + 2008-07-29 22:47 . 2008-07-29 22:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll + 2008-07-29 22:47 . 2008-07-29 22:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll + 2008-07-29 22:47 . 2008-07-29 22:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll + 2008-07-29 22:47 . 2008-07-29 22:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll + 2008-07-29 22:47 . 2008-07-29 22:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll + 2008-07-29 22:47 . 2008-07-29 22:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll + 2008-07-29 22:47 . 2008-07-29 22:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll + 2008-07-29 22:47 . 2008-07-29 22:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll + 2008-07-29 22:47 . 2008-07-29 22:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe + 2008-07-30 03:40 . 2008-07-30 03:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe + 2008-07-30 03:40 . 2008-07-30 03:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe + 2008-07-30 03:40 . 2008-07-30 03:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe + 2008-07-30 03:40 . 2008-07-30 03:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe + 2008-07-30 03:40 . 2008-07-30 03:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe + 2008-07-30 01:10 . 2008-07-30 01:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe + 2008-07-29 23:59 . 2008-07-29 23:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll + 2008-07-30 01:10 . 2008-07-30 01:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll + 2008-07-29 23:32 . 2008-07-29 23:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe + 2008-07-29 23:16 . 2008-07-29 23:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll + 2008-07-29 23:16 . 2008-07-29 23:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll + 2008-07-29 23:16 . 2008-07-29 23:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll + 2008-07-29 23:16 . 2008-07-29 23:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll + 2008-07-25 15:17 . 2008-07-25 15:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll - 2007-10-24 05:47 . 2007-10-24 05:47 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll - 2007-10-24 05:47 . 2007-10-24 05:47 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL + 2008-07-25 15:17 . 2008-07-25 15:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL + 2008-07-25 15:17 . 2008-07-25 15:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll - 2007-10-24 05:47 . 2007-10-24 05:47 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll + 2008-07-25 15:17 . 2008-07-25 15:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll - 2007-10-24 05:47 . 2007-10-24 05:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll + 2008-07-25 15:17 . 2008-07-25 15:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll + 2008-07-25 15:17 . 2008-07-25 15:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll - 2007-10-24 05:47 . 2007-10-24 05:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll + 2008-07-25 15:17 . 2008-07-25 15:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll - 2007-10-24 05:47 . 2007-10-24 05:47 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll - 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll + 2008-07-25 15:17 . 2008-07-25 15:17 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll + 2008-07-25 15:17 . 2008-07-25 15:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe - 2007-10-24 05:47 . 2007-10-24 05:47 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe - 2007-10-24 05:47 . 2007-10-24 05:47 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe + 2008-07-25 15:17 . 2008-07-25 15:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe - 2007-10-24 05:47 . 2007-10-24 05:47 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe + 2008-07-25 15:17 . 2008-07-25 15:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe + 2008-07-25 15:17 . 2008-07-25 15:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll - 2007-10-24 05:47 . 2007-10-24 05:47 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll + 2008-07-25 15:17 . 2008-07-25 15:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll + 2008-07-25 15:17 . 2008-07-25 15:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll - 2007-10-24 05:47 . 2007-10-24 05:47 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll + 2008-07-25 15:17 . 2008-07-25 15:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll - 2007-10-24 05:47 . 2007-10-24 05:47 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll + 2008-07-25 15:17 . 2008-07-25 15:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - 2007-10-24 05:47 . 2007-10-24 05:47 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll + 2008-07-25 15:16 . 2008-07-25 15:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll - 2007-10-24 05:47 . 2007-10-24 05:47 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll + 2008-07-25 15:17 . 2008-07-25 15:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll + 2008-07-25 15:17 . 2008-07-25 15:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll - 2007-10-24 05:47 . 2007-10-24 05:47 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll + 2008-07-25 15:17 . 2008-07-25 15:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll + 2008-07-25 15:17 . 2008-07-25 15:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll - 2007-10-24 05:47 . 2007-10-24 05:47 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll - 2007-10-24 05:47 . 2007-10-24 05:47 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe + 2008-07-25 15:16 . 2008-07-25 15:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe + 2008-07-25 15:16 . 2008-07-25 15:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll - 2007-10-24 05:47 . 2007-10-24 05:47 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll - 2007-10-24 05:47 . 2007-10-24 05:47 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2008-07-25 15:16 . 2008-07-25 15:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2008-07-25 15:16 . 2008-07-25 15:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll - 2007-10-24 05:47 . 2007-10-24 05:47 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll - 2007-10-24 05:47 . 2007-10-24 05:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll + 2008-07-25 15:16 . 2008-07-25 15:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll - 2007-10-24 05:47 . 2007-10-24 05:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll + 2008-07-25 15:16 . 2008-07-25 15:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll + 2008-07-25 15:16 . 2008-07-25 15:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll - 2007-10-24 05:47 . 2007-10-24 05:47 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll - 2007-10-24 05:47 . 2007-10-24 05:47 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe + 2008-07-25 15:16 . 2008-07-25 15:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe - 2007-10-24 05:47 . 2007-10-24 05:47 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll + 2008-07-25 15:17 . 2008-07-25 15:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll + 2008-07-25 15:17 . 2008-07-25 15:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll - 2007-10-24 05:47 . 2007-10-24 05:47 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll + 2008-07-25 15:17 . 2008-07-25 15:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe - 2007-10-24 05:47 . 2007-10-24 05:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe - 2007-10-24 05:47 . 2007-10-24 05:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll + 2008-07-25 15:17 . 2008-07-25 15:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll - 2007-10-24 05:47 . 2007-10-24 05:47 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll + 2008-07-25 15:16 . 2008-07-25 15:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll + 2008-07-25 15:16 . 2008-07-25 15:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll + 2008-07-25 15:16 . 2008-07-25 15:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe - 2007-10-24 05:47 . 2007-10-24 05:47 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe + 2008-07-25 15:17 . 2008-07-25 15:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll - 2007-10-24 05:47 . 2007-10-24 05:47 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll + 2008-07-25 15:17 . 2008-07-25 15:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - 2007-10-24 05:47 . 2007-10-24 05:47 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - 2007-10-24 05:47 . 2007-10-24 05:47 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll + 2008-07-25 15:16 . 2008-07-25 15:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll + 2008-07-25 15:16 . 2008-07-25 15:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe - 2007-10-24 05:47 . 2007-10-24 05:47 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe + 2008-07-25 15:17 . 2008-07-25 15:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll + 2008-11-25 08:59 . 2008-11-25 08:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe + 2008-07-25 15:16 . 2008-07-25 15:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe + 2008-07-25 15:16 . 2008-07-25 15:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe + 2008-07-25 15:16 . 2008-07-25 15:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe - 2007-10-24 05:47 . 2007-10-24 05:47 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe + 2008-07-25 15:16 . 2008-07-25 15:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll - 2007-10-24 05:47 . 2007-10-24 05:47 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll + 2008-07-25 15:16 . 2008-07-25 15:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll + 2008-07-25 15:16 . 2008-07-25 15:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll + 2008-07-25 15:16 . 2008-07-25 15:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll - 2007-10-24 05:47 . 2007-10-24 05:47 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll - 2007-10-24 05:47 . 2007-10-24 05:47 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe + 2008-07-25 15:16 . 2008-07-25 15:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe + 2008-07-25 15:17 . 2008-07-25 15:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe + 2008-07-25 15:16 . 2008-07-25 15:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll - 2007-10-24 05:47 . 2007-10-24 05:47 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll + 2008-07-25 15:17 . 2008-07-25 15:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll - 2007-10-24 05:47 . 2007-10-24 05:47 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll + 2008-07-25 15:16 . 2008-07-25 15:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll + 2008-07-25 15:16 . 2008-07-25 15:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll - 2007-10-24 05:47 . 2007-10-24 05:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll + 2008-07-25 15:16 . 2008-07-25 15:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll + 2008-07-25 15:17 . 2008-07-25 15:17 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll - 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll + 2008-07-25 15:17 . 2008-07-25 15:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll - 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll + 2008-07-25 15:17 . 2008-07-25 15:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll - 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll - 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll + 2008-07-25 15:16 . 2008-07-25 15:16 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll + 2008-07-25 15:16 . 2008-07-25 15:16 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe - 2007-10-24 05:47 . 2007-10-24 05:47 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe + 2009-06-29 13:18 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll + 2009-06-29 13:18 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll + 2009-06-29 13:25 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\i386\filterpipelineprintproc.dll + 2009-06-29 13:36 . 2009-06-29 13:36 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll + 2009-06-29 21:17 . 2009-06-29 21:17 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll + 2009-06-29 21:17 . 2009-06-29 21:17 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll + 2009-06-29 18:07 . 2009-06-29 18:07 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll + 2009-06-29 18:07 . 2009-06-29 18:07 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll + 2009-06-29 13:33 . 2009-06-29 13:33 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe + 2009-06-29 13:33 . 2009-06-29 13:33 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll + 2009-06-29 21:16 . 2009-06-29 21:16 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll + 2009-06-29 18:07 . 2009-06-29 18:07 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll + 2009-06-29 18:06 . 2009-06-29 18:06 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll + 2009-06-29 18:06 . 2009-06-29 18:06 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe + 2009-06-29 18:06 . 2009-06-29 18:06 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll + 2009-06-29 13:25 . 2009-06-29 13:25 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll + 2009-06-29 13:25 . 2009-06-29 13:25 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll + 2009-06-29 13:25 . 2009-06-29 13:25 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll + 2009-06-29 13:27 . 2009-06-29 13:27 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll + 2009-06-29 13:27 . 2009-06-29 13:27 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll + 2009-06-29 13:30 . 2009-06-29 13:30 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2009-06-29 13:27 . 2009-06-29 13:27 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll + 2009-06-29 13:27 . 2009-06-29 13:27 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll + 2009-06-29 13:25 . 2009-06-29 13:25 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll + 2009-06-29 13:25 . 2009-06-29 13:25 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll - 2008-04-19 23:27 . 2008-04-19 23:27 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2009-06-29 13:30 . 2009-06-29 13:30 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2009-06-29 13:27 . 2009-06-29 13:27 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll - 2008-04-19 23:27 . 2008-04-19 23:27 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2009-06-29 13:30 . 2009-06-29 13:30 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2009-06-29 13:27 . 2009-06-29 13:27 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll + 2009-06-29 13:27 . 2009-06-29 13:27 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll + 2009-06-29 13:25 . 2009-06-29 13:25 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe + 2009-06-29 13:25 . 2009-06-29 13:25 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll - 2008-04-19 23:27 . 2008-04-19 23:27 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll + 2009-06-29 13:30 . 2009-06-29 13:30 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll + 2009-06-29 13:30 . 2009-06-29 13:30 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2008-04-19 23:27 . 2008-04-19 23:27 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2009-06-29 13:27 . 2009-06-29 13:27 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll + 2009-06-29 13:30 . 2009-06-29 13:30 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll - 2008-04-19 23:27 . 2008-04-19 23:27 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2009-06-29 13:30 . 2009-06-29 13:30 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll - 2008-04-19 23:28 . 2008-04-19 23:28 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll + 2009-06-29 13:27 . 2009-06-29 13:27 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll + 2009-06-29 13:27 . 2009-06-29 13:27 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2008-04-19 23:28 . 2008-04-19 23:28 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll + 2009-06-29 13:30 . 2009-06-29 13:30 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll + 2009-06-29 13:30 . 2009-06-29 13:30 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll - 2008-04-19 23:27 . 2008-04-19 23:27 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll + 2009-06-29 13:30 . 2009-06-29 13:30 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll - 2008-04-19 23:27 . 2008-04-19 23:27 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll + 2009-06-29 13:30 . 2009-06-29 13:30 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2008-04-19 23:27 . 2008-04-19 23:27 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2009-06-29 13:30 . 2009-06-29 13:30 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2008-04-19 23:27 . 2008-04-19 23:27 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2009-06-29 13:30 . 2009-06-29 13:30 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2008-04-19 23:27 . 2008-04-19 23:27 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2008-04-19 23:27 . 2008-04-19 23:27 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2009-06-29 13:30 . 2009-06-29 13:30 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2008-07-30 03:40 . 2008-07-30 03:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll - 2007-10-24 05:47 . 2007-10-24 05:47 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll + 2008-07-25 15:16 . 2008-07-25 15:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll - 2007-10-24 05:47 . 2007-10-24 05:47 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll + 2008-07-25 15:17 . 2008-07-25 15:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll - 2007-10-24 05:47 . 2007-10-24 05:47 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll + 2008-07-25 15:17 . 2008-07-25 15:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll - 2007-10-24 05:47 . 2007-10-24 05:47 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll + 2008-07-25 15:17 . 2008-07-25 15:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll - 2007-10-24 05:47 . 2007-10-24 05:47 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe + 2008-07-25 15:17 . 2008-07-25 15:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe - 2007-10-24 05:47 . 2007-10-24 05:47 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe + 2008-07-25 15:16 . 2008-07-25 15:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe + 2009-06-29 13:27 . 2009-06-29 13:27 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll - 2008-04-19 23:27 . 2008-04-19 23:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2009-06-29 13:30 . 2009-06-29 13:30 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2009-06-29 13:30 . 2009-06-29 13:30 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2008-04-19 23:26 . 2008-04-19 23:26 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2008-04-19 23:27 . 2008-04-19 23:27 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll + 2009-06-29 13:30 . 2009-06-29 13:30 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll + 2009-06-29 13:30 . 2009-06-29 13:30 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll - 2008-04-19 23:27 . 2008-04-19 23:27 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2009-06-29 13:30 . 2009-06-29 13:30 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2008-04-19 23:28 . 2008-04-19 23:28 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2008-04-19 23:28 . 2008-04-19 23:28 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2009-06-29 13:30 . 2009-06-29 13:30 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2007-11-07 05:19 . 2007-11-07 05:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll + 2007-11-07 05:19 . 2007-11-07 05:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll + 2007-11-07 00:23 . 2007-11-07 00:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll + 2008-07-25 15:17 . 2008-07-25 15:17 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll + 2008-07-25 15:17 . 2008-07-25 15:17 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll + 2008-07-25 15:17 . 2008-07-25 15:17 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll + 2008-07-29 09:23 . 2008-07-29 09:23 626688 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcr90.dll + 2008-07-29 09:23 . 2008-07-29 09:23 856576 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcp90.dll + 2008-07-29 07:51 . 2008-07-29 07:51 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcm90.dll + 2008-07-30 01:26 . 2008-07-30 01:26 301568 c:\windows\system32\XPSViewer\XPSViewer.exe + 2008-07-29 23:59 . 2008-07-29 23:59 161296 c:\windows\system32\UIAutomationCore.dll + 2009-06-29 13:25 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll + 2009-06-29 13:25 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll + 2009-06-29 13:25 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll + 2009-06-29 13:25 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll + 2009-06-29 13:25 . 2008-07-06 12:06 147456 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll + 2009-06-29 13:25 . 2008-07-06 10:50 597504 c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe - 2005-04-26 23:00 . 2007-05-15 08:08 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll + 2005-04-26 23:00 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll + 2005-04-26 23:00 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll - 2005-04-26 23:00 . 2008-04-14 00:12 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll + 2005-04-26 23:00 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll + 2009-06-29 13:25 . 2008-07-06 12:06 198656 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll + 2009-06-29 13:25 . 2008-07-06 12:06 765440 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll + 2006-08-24 20:15 . 2006-08-24 20:15 150808 c:\windows\system32\rgb9rast_2.dll + 2008-07-29 23:59 . 2008-07-29 23:59 781344 c:\windows\system32\PresentationNative_v0300.dll + 2008-07-30 00:35 . 2008-07-30 00:35 326160 c:\windows\system32\PresentationHost.exe + 2008-07-29 23:59 . 2008-07-29 23:59 105016 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll + 2004-08-10 17:51 . 2009-06-29 13:30 442466 c:\windows\system32\perfh009.dat + 2008-07-25 15:16 . 2008-07-25 15:16 158720 c:\windows\system32\mscorier.dll - 2007-10-24 05:47 . 2007-10-24 05:47 158720 c:\windows\system32\mscorier.dll - 2007-10-24 05:47 . 2007-10-24 05:47 282112 c:\windows\system32\mscoree.dll + 2008-07-25 15:16 . 2008-07-25 15:16 282112 c:\windows\system32\mscoree.dll + 2009-06-25 05:04 . 2009-03-09 09:19 148888 c:\windows\system32\javaws.exe - 2008-12-09 23:04 . 2008-12-09 23:03 148888 c:\windows\system32\javaws.exe + 2009-06-25 05:04 . 2009-03-09 09:19 144792 c:\windows\system32\javaw.exe - 2008-12-09 23:04 . 2008-12-09 23:03 144792 c:\windows\system32\javaw.exe + 2009-06-25 05:04 . 2009-03-09 09:19 144792 c:\windows\system32\java.exe - 2008-12-09 23:04 . 2008-12-09 23:03 144792 c:\windows\system32\java.exe + 2004-08-10 17:51 . 2009-04-30 21:22 385536 c:\windows\system32\iedkcs32.dll + 2004-08-10 17:51 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe - 2004-08-10 17:51 . 2009-03-08 08:32 173056 c:\windows\system32\ie4uinit.exe + 2008-07-29 23:24 . 2008-07-29 23:24 622080 c:\windows\system32\icardagt.exe + 2004-08-10 17:57 . 2009-06-29 13:40 445312 c:\windows\system32\FNTCACHE.DAT + 2008-07-30 01:10 . 2008-07-30 01:10 493048 c:\windows\system32\evr.dll + 2006-05-10 05:25 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\wininet.dll + 2006-10-27 07:44 . 2009-04-30 21:22 385536 c:\windows\system32\dllcache\iedkcs32.dll + 2006-10-27 07:44 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe - 2006-10-27 07:44 . 2009-03-08 08:32 173056 c:\windows\system32\dllcache\ie4uinit.exe + 2008-12-09 23:04 . 2009-03-09 09:19 410984 c:\windows\system32\deploytk.dll - 2008-12-09 23:04 . 2008-12-09 23:03 410984 c:\windows\system32\deploytk.dll + 2008-07-30 03:40 . 2008-07-30 03:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe + 2008-07-30 03:40 . 2008-07-30 03:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll + 2008-07-29 22:47 . 2008-07-29 22:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll + 2008-07-29 22:47 . 2008-07-29 22:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll + 2008-07-29 22:47 . 2008-07-29 22:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll + 2008-07-29 22:47 . 2008-07-29 22:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll + 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll + 2008-07-29 22:47 . 2008-07-29 22:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll + 2008-07-29 22:47 . 2008-07-29 22:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll + 2008-07-29 22:47 . 2008-07-29 22:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll + 2008-07-29 22:47 . 2008-07-29 22:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll + 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll + 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll + 2008-07-29 22:47 . 2008-07-29 22:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll + 2008-07-29 22:47 . 2008-07-29 22:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll + 2008-07-29 22:47 . 2008-07-29 22:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
__________________
i know just enough about computers to screw things up royally... |
|
|
|
|
06-30-2009, 08:14 AM
|
#26 (permalink) |
|
Registered User
Join Date: May 2006
Location: Boston, MA
Posts: 56
OS: Win XP SP3
|
Re: Suspected Malware
ComboFix log, continued:
+ 2008-07-29 22:47 . 2008-07-29 22:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll + 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll + 2008-07-29 22:47 . 2008-07-29 22:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll + 2008-07-29 22:47 . 2008-07-29 22:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll + 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll + 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll + 2008-07-29 22:47 . 2008-07-29 22:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll + 2008-07-29 22:47 . 2008-07-29 22:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll + 2008-07-29 22:47 . 2008-07-29 22:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll + 2008-07-29 22:47 . 2008-07-29 22:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll + 2008-07-29 22:47 . 2008-07-29 22:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll + 2008-07-29 22:47 . 2008-07-29 22:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll + 2008-07-29 22:47 . 2008-07-29 22:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll + 2008-07-29 22:47 . 2008-07-29 22:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll + 2008-07-29 22:47 . 2008-07-29 22:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll + 2008-07-29 22:47 . 2008-07-29 22:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll + 2008-07-29 22:47 . 2008-07-29 22:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll + 2008-07-29 22:47 . 2008-07-29 22:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll + 2008-07-29 22:47 . 2008-07-29 22:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll + 2008-07-29 22:47 . 2008-07-29 22:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll + 2008-07-29 22:47 . 2008-07-29 22:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll + 2008-07-29 22:47 . 2008-07-29 22:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll + 2008-07-29 22:47 . 2008-07-29 22:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll + 2008-07-29 22:47 . 2008-07-29 22:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll + 2008-07-29 22:47 . 2008-07-29 22:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll + 2008-07-29 22:47 . 2008-07-29 22:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll + 2008-07-29 22:47 . 2008-07-29 22:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll + 2008-07-29 22:47 . 2008-07-29 22:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll + 2008-07-29 22:47 . 2008-07-29 22:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll + 2008-07-29 22:47 . 2008-07-29 22:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll + 2008-07-29 22:47 . 2008-07-29 22:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe + 2008-07-29 22:47 . 2008-07-29 22:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll + 2008-07-29 22:47 . 2008-07-29 22:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll + 2008-07-30 03:15 . 2008-07-30 03:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat + 2008-07-30 03:40 . 2008-07-30 03:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll + 2008-07-30 03:40 . 2008-07-30 03:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll + 2008-07-30 00:35 . 2008-07-30 00:35 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll + 2008-07-29 23:59 . 2008-07-29 23:59 132120 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll + 2008-07-30 01:10 . 2008-07-30 01:10 806928 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll + 2008-07-29 23:16 . 2008-07-29 23:16 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe + 2008-07-29 23:16 . 2008-07-29 23:16 966656 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll + 2008-07-29 23:16 . 2008-07-29 23:16 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe + 2008-07-29 23:16 . 2008-07-29 23:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll + 2008-07-29 23:16 . 2008-07-29 23:16 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe + 2008-07-29 23:16 . 2008-07-29 23:16 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll + 2008-07-29 23:16 . 2008-07-29 23:16 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll + 2008-07-29 23:24 . 2008-07-29 23:24 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe + 2008-07-29 23:16 . 2008-07-29 23:16 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe + 2008-11-25 08:59 . 2008-11-25 08:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll - 2007-10-24 05:47 . 2007-10-24 05:47 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll + 2008-07-25 15:17 . 2008-07-25 15:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll + 2008-07-25 15:17 . 2008-07-25 15:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll + 2008-07-25 15:17 . 2008-07-25 15:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll + 2008-07-25 15:17 . 2008-07-25 15:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll - 2007-10-24 05:47 . 2007-10-24 05:47 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll + 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll - 2007-10-24 05:47 . 2007-10-24 05:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll + 2008-07-25 15:17 . 2008-07-25 15:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll - 2007-10-24 05:47 . 2007-10-24 05:47 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll + 2008-07-25 15:17 . 2008-07-25 15:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll - 2007-10-24 05:47 . 2007-10-24 05:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll + 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll + 2008-07-25 15:17 . 2008-07-25 15:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll - 2007-10-24 05:47 . 2007-10-24 05:47 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll + 2008-07-25 15:17 . 2008-07-25 15:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll - 2007-10-24 05:47 . 2007-10-24 05:47 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll - 2007-10-24 05:47 . 2007-10-24 05:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll + 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll + 2008-07-25 15:17 . 2008-07-25 15:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll + 2008-07-25 15:17 . 2008-07-25 15:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll - 2007-10-24 05:47 . 2007-10-24 05:47 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll + 2008-07-25 15:17 . 2008-07-25 15:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll - 2007-10-24 05:47 . 2007-10-24 05:47 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll + 2008-07-25 15:16 . 2008-07-25 15:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll + 2008-07-25 15:17 . 2008-07-25 15:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll + 2008-11-25 08:59 . 2008-11-25 08:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll + 2008-07-25 15:17 . 2008-07-25 15:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll - 2007-10-24 05:47 . 2007-10-24 05:47 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll - 2007-10-24 05:47 . 2007-10-24 05:47 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll + 2008-07-25 15:17 . 2008-07-25 15:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll + 2008-07-25 15:17 . 2008-07-25 15:17 392184 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll + 2008-07-25 15:17 . 2008-07-25 15:17 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll + 2008-07-25 15:16 . 2008-07-25 15:16 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll + 2008-07-25 15:17 . 2008-07-25 15:17 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe + 2008-07-25 15:17 . 2008-07-25 15:17 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll + 2008-07-25 15:17 . 2008-07-25 15:17 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll + 2008-07-25 15:17 . 2008-07-25 15:17 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll + 2008-11-25 08:59 . 2008-11-25 08:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - 2007-10-24 05:47 . 2007-10-24 05:47 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll + 2008-07-25 15:17 . 2008-07-25 15:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll + 2008-11-25 08:59 . 2008-11-25 08:59 990032 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll + 2008-07-25 15:17 . 2008-07-25 15:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll - 2007-10-24 05:47 . 2007-10-24 05:47 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll + 2008-07-25 15:17 . 2008-07-25 15:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll - 2007-10-24 05:47 . 2007-10-24 05:47 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll + 2008-07-25 15:17 . 2008-07-25 15:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll + 2008-07-25 15:16 . 2008-07-25 15:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll - 2007-10-24 05:47 . 2007-10-24 05:47 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll + 2008-07-25 15:16 . 2008-07-25 15:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll - 2007-10-24 05:47 . 2007-10-24 05:47 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll + 2008-07-25 15:16 . 2008-07-25 15:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll - 2007-10-24 05:47 . 2007-10-24 05:47 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll - 2007-10-24 05:47 . 2007-10-24 05:47 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe + 2008-07-25 15:17 . 2008-07-25 15:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe + 2008-07-25 15:17 . 2008-07-25 15:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll - 2007-10-24 05:47 . 2007-10-24 05:47 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll + 2008-07-25 15:17 . 2008-07-25 15:17 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll + 2008-07-25 15:17 . 2008-07-25 15:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe - 2007-10-24 05:47 . 2007-10-24 05:47 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe - 2007-10-24 05:47 . 2007-10-24 05:47 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll + 2008-07-25 15:16 . 2008-07-25 15:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll - 2007-10-24 05:47 . 2007-10-24 05:47 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe + 2008-07-25 15:16 . 2008-07-25 15:16 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe - 2007-10-24 05:47 . 2007-10-24 05:47 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll + 2008-07-25 15:17 . 2008-07-25 15:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll + 2008-07-25 15:16 . 2008-07-25 15:16 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll - 2007-10-24 05:47 . 2007-10-24 05:47 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll - 2007-10-24 05:47 . 2007-10-24 05:47 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll + 2008-07-25 15:17 . 2008-07-25 15:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll - 2007-10-24 05:47 . 2007-10-24 05:47 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll + 2008-07-25 15:16 . 2008-07-25 15:16 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll + 2009-06-29 13:18 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll + 2009-06-29 13:18 . 2008-07-09 07:38 382840 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll + 2009-06-29 13:18 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe + 2009-06-29 13:18 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll + 2009-06-29 13:18 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll + 2009-06-29 13:18 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe + 2009-06-29 13:25 . 2008-03-13 04:52 761344 c:\windows\Driver Cache\i386\unires.dll + 2009-06-29 13:25 . 2008-07-06 12:06 744960 c:\windows\Driver Cache\i386\unidrvui.dll + 2009-06-29 13:25 . 2008-07-06 12:06 373248 c:\windows\Driver Cache\i386\unidrv.dll + 2009-06-29 13:25 . 2008-07-06 12:06 198656 c:\windows\Driver Cache\i386\mxdwdui.dll + 2009-06-29 13:25 . 2008-07-06 12:06 765440 c:\windows\Driver Cache\i386\mxdwdrv.dll + 2009-04-17 12:59 . 2009-04-17 12:59 128256 c:\windows\Downloaded Program Files\as2stubie.dll + 2009-06-29 18:06 . 2009-06-29 18:06 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe + 2009-06-29 13:36 . 2009-06-29 13:36 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll + 2009-06-29 13:36 . 2009-06-29 13:36 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll + 2009-06-29 13:36 . 2009-06-29 13:36 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll + 2009-06-29 21:18 . 2009-06-29 21:18 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll + 2009-06-29 21:17 . 2009-06-29 21:17 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll + 2009-06-29 21:17 . 2009-06-29 21:17 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll + 2009-06-29 21:17 . 2009-06-29 21:17 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll + 2009-06-29 21:17 . 2009-06-29 21:17 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll + 2009-06-29 21:17 . 2009-06-29 21:17 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll + 2009-06-29 21:17 . 2009-06-29 21:17 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll + 2009-06-29 21:17 . 2009-06-29 21:17 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll + 2009-06-29 21:17 . 2009-06-29 21:17 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll + 2009-06-29 21:17 . 2009-06-29 21:17 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll + 2009-06-29 18:07 . 2009-06-29 18:07 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll + 2009-06-29 21:16 . 2009-06-29 21:16 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2009-06-29 21:16 . 2009-06-29 21:16 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll + 2009-06-29 21:16 . 2009-06-29 21:16 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll + 2009-06-29 21:16 . 2009-06-29 21:16 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll + 2009-06-29 18:04 . 2009-06-29 18:04 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll + 2009-06-29 18:04 . 2009-06-29 18:04 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll + 2009-06-29 21:16 . 2009-06-29 21:16 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll + 2009-06-29 21:16 . 2009-06-29 21:16 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll + 2009-06-29 13:35 . 2009-06-29 13:35 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll + 2009-06-29 21:16 . 2009-06-29 21:16 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll + 2009-06-29 21:16 . 2009-06-29 21:16 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll + 2009-06-29 18:09 . 2009-06-29 18:09 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll + 2009-06-29 18:09 . 2009-06-29 18:09 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll + 2009-06-29 18:09 . 2009-06-29 18:09 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll + 2009-06-29 18:07 . 2009-06-29 18:07 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll + 2009-06-29 18:07 . 2009-06-29 18:07 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll + 2009-06-29 21:16 . 2009-06-29 21:16 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll + 2009-06-29 18:07 . 2009-06-29 18:07 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll + 2009-06-29 18:06 . 2009-06-29 18:06 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe + 2009-06-29 18:06 . 2009-06-29 18:06 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll + 2009-06-29 18:06 . 2009-06-29 18:06 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe + 2009-06-29 13:34 . 2009-06-29 13:34 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll + 2009-06-29 13:34 . 2009-06-29 13:34 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll + 2009-06-29 13:34 . 2009-06-29 13:34 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll + 2009-06-29 13:34 . 2009-06-29 13:34 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll + 2009-06-29 18:06 . 2009-06-29 18:06 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe + 2009-06-29 18:06 . 2009-06-29 18:06 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2009-06-29 18:07 . 2009-06-29 18:07 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll + 2009-06-29 18:07 . 2009-06-29 18:07 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll + 2009-06-29 18:07 . 2009-06-29 18:07 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll + 2009-06-29 18:07 . 2009-06-29 18:07 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll + 2009-06-29 18:07 . 2009-06-29 18:07 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll + 2009-06-29 18:06 . 2009-06-29 18:06 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe + 2009-06-29 18:06 . 2009-06-29 18:06 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll + 2009-06-29 13:25 . 2009-06-29 13:25 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll + 2009-06-29 13:25 . 2009-06-29 13:25 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll + 2009-06-29 13:27 . 2009-06-29 13:27 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll + 2009-06-29 13:27 . 2009-06-29 13:27 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll + 2009-06-29 13:25 . 2009-06-29 13:25 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll - 2008-04-19 23:27 . 2008-04-19 23:27 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2009-06-29 13:30 . 2009-06-29 13:30 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2009-06-29 13:30 . 2009-06-29 13:30 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2009-06-29 13:27 . 2009-06-29 13:27 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll + 2009-06-29 13:32 . 2009-06-29 13:32 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll + 2009-06-29 13:27 . 2009-06-29 13:27 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll + 2009-06-29 13:32 . 2009-06-29 13:32 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll + 2009-06-29 13:25 . 2009-06-29 13:25 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll - 2008-04-19 23:26 . 2008-04-19 23:26 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2009-06-29 13:30 . 2009-06-29 13:30 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2009-06-29 13:27 . 2009-06-29 13:27 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll - 2008-04-19 23:26 . 2008-04-19 23:26 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2009-06-29 13:30 . 2009-06-29 13:30 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2009-06-29 13:25 . 2009-06-29 13:25 966656 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll - 2008-04-19 23:27 . 2008-04-19 23:27 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2009-06-29 13:30 . 2009-06-29 13:30 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2009-06-29 13:30 . 2009-06-29 13:30 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2009-06-29 13:27 . 2009-06-29 13:27 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll + 2009-06-29 13:30 . 2009-06-29 13:30 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2008-04-19 23:27 . 2008-04-19 23:27 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2008-04-19 23:27 . 2008-04-19 23:27 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2009-06-29 13:30 . 2009-06-29 13:30 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2009-06-29 13:27 . 2009-06-29 13:27 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll + 2009-06-29 13:25 . 2009-06-29 13:25 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll + 2009-06-29 13:25 . 2009-06-29 13:25 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll + 2009-06-29 13:26 . 2009-06-29 13:26 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll + 2009-06-29 13:30 . 2009-06-29 13:30 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2009-06-29 13:30 . 2009-06-29 13:30 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2008-04-19 23:27 . 2008-04-19 23:27 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2008-04-19 23:28 . 2008-04-19 23:28 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2009-06-29 13:30 . 2009-06-29 13:30 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2009-06-29 13:27 . 2009-06-29 13:27 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll + 2009-06-29 13:30 . 2009-06-29 13:30 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2009-06-29 13:30 . 2009-06-29 13:30 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2009-06-29 13:32 . 2009-06-29 13:32 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll + 2009-06-29 13:27 . 2009-06-29 13:27 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll + 2009-06-29 13:32 . 2009-06-29 13:32 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll + 2009-06-29 13:27 . 2009-06-29 13:27 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll + 2009-06-29 13:27 . 2009-06-29 13:27 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll + 2009-06-29 13:27 . 2009-06-29 13:27 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll + 2009-06-29 13:30 . 2009-06-29 13:30 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2008-04-19 23:26 . 2008-04-19 23:26 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2009-06-29 13:27 . 2009-06-29 13:27 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll + 2009-06-29 13:30 . 2009-06-29 13:30 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2008-04-19 23:27 . 2008-04-19 23:27 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2009-06-29 13:25 . 2009-06-29 13:25 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll + 2009-06-29 13:25 . 2009-06-29 13:25 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll + 2009-06-29 13:25 . 2009-06-29 13:25 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll + 2009-06-29 13:25 . 2009-06-29 13:25 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll + 2009-06-29 13:25 . 2009-06-29 13:25 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll + 2009-06-29 13:25 . 2009-06-29 13:25 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll + 2009-06-29 13:25 . 2009-06-29 13:25 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll + 2009-06-29 13:25 . 2009-06-29 13:25 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll + 2009-06-29 13:30 . 2009-06-29 13:30 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2009-06-29 13:30 . 2009-06-29 13:30 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2008-04-19 23:27 . 2008-04-19 23:27 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2008-04-19 23:27 . 2008-04-19 23:27 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2009-06-29 13:30 . 2009-06-29 13:30 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2009-06-29 13:25 . 2009-06-29 13:25 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll - 2008-04-19 23:27 . 2008-04-19 23:27 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2009-06-29 13:30 . 2009-06-29 13:30 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2009-06-29 13:30 . 2009-06-29 13:30 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2008-04-19 23:28 . 2008-04-19 23:28 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll + 2009-06-29 13:27 . 2009-06-29 13:27 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll + 2009-06-29 13:27 . 2009-06-29 13:27 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2009-06-29 13:30 . 2009-06-29 13:30 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll - 2008-04-19 23:28 . 2008-04-19 23:28 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2009-06-29 13:27 . 2009-06-29 13:27 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll - 2008-04-19 23:26 . 2008-04-19 23:26 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll + 2009-06-29 13:30 . 2009-06-29 13:30 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll + 2009-06-29 13:30 . 2009-06-29 13:30 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2009-06-29 13:25 . 2009-06-29 13:25 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll - 2008-04-19 23:28 . 2008-04-19 23:28 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2009-06-29 13:30 . 2009-06-29 13:30 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2008-04-19 23:28 . 2008-04-19 23:28 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2009-06-29 13:30 . 2009-06-29 13:30 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2009-06-29 13:30 . 2009-06-29 13:30 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2009-06-29 13:25 . 2009-06-29 13:25 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2004-08-10 17:51 . 2009-04-30 21:22 1207808 c:\windows\system32\urlmon.dll + 2009-06-29 13:25 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll + 2009-06-29 13:25 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll + 2009-06-29 13:25 . 2008-07-06 21:36 2936832 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll + 2009-06-29 13:25 . 2008-07-06 21:36 2936832 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll + 2009-06-29 13:25 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll + 2004-08-10 17:51 . 2009-05-13 05:15 5936128 c:\windows\system32\mshtml.dll - 2006-10-17 17:57 . 2009-03-08 08:32 1985024 c:\windows\system32\iertutil.dll + 2006-10-17 17:57 . 2009-04-30 21:22 1985024 c:\windows\system32\iertutil.dll + 2006-05-10 05:25 . 2009-04-30 21:22 1207808 c:\windows\system32\dllcache\urlmon.dll + 2006-05-19 15:06 . 2009-05-13 05:15 5936128 c:\windows\system32\dllcache\mshtml.dll - 2007-05-08 23:35 . 2009-03-08 08:32 1985024 c:\windows\system32\dllcache\iertutil.dll + 2007-05-08 23:35 . 2009-04-30 21:22 1985024 c:\windows\system32\dllcache\iertutil.dll + 2008-07-30 03:40 . 2008-07-30 03:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe + 2008-07-29 22:47 . 2008-07-29 22:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll + 2008-07-29 22:47 . 2008-07-29 22:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll + 2008-07-29 22:47 . 2008-07-29 22:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll + 2008-07-30 03:40 . 2008-07-30 03:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe + 2008-12-05 23:35 . 2008-12-05 23:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll + 2008-07-30 01:10 . 2008-07-30 01:10 2637840 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll + 2008-07-30 01:10 . 2008-07-30 01:10 4883464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll + 2008-12-06 00:12 . 2008-12-06 00:12 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll - 2007-10-24 05:47 . 2007-10-24 05:47 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll + 2008-07-25 15:16 . 2008-07-25 15:16 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll - 2007-10-24 05:47 . 2007-10-24 05:47 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe + 2008-07-25 15:17 . 2008-07-25 15:17 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe + 2008-11-25 08:59 . 2008-11-25 08:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll + 2008-07-25 15:17 . 2008-07-25 15:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll + 2008-11-25 08:59 . 2008-11-25 08:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll + 2008-07-25 15:17 . 2008-07-25 15:17 3149824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll + 2008-07-25 15:17 . 2008-07-25 15:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll + 2008-07-25 15:17 . 2008-07-25 15:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll + 2008-11-25 08:59 . 2008-11-25 08:59 5813576 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll + 2008-11-25 08:59 . 2008-11-25 08:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll + 2008-07-25 15:16 . 2008-07-25 15:16 1163768 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll + 2009-06-29 13:18 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll + 2009-06-29 13:18 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll + 2009-06-29 13:18 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll + 2009-06-29 13:33 . 2009-06-29 13:33 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll + 2009-06-29 13:36 . 2009-06-29 13:36 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll + 2009-06-29 17:24 . 2009-06-29 17:24 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP18.tmp\System.IdentityModel.dll + 2009-06-29 13:32 . 2009-06-29 13:32 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll + 2009-06-29 13:36 . 2009-06-29 13:36 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll + 2009-06-29 21:18 . 2009-06-29 21:18 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll + 2009-06-29 21:18 . 2009-06-29 21:18 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll + 2009-06-29 21:18 . 2009-06-29 21:18 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll + 2009-06-29 21:18 . 2009-06-29 21:18 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll + 2009-06-29 21:17 . 2009-06-29 21:17 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll + 2009-06-29 21:17 . 2009-06-29 21:17 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll + 2009-06-29 21:17 . 2009-06-29 21:17 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll + 2009-06-29 13:35 . 2009-06-29 13:35 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll + 2009-06-29 21:17 . 2009-06-29 21:17 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll + 2009-06-29 18:05 . 2009-06-29 18:05 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll + 2009-06-29 13:35 . 2009-06-29 13:35 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll + 2009-06-29 18:04 . 2009-06-29 18:04 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll + 2009-06-29 13:35 . 2009-06-29 13:35 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll + 2009-06-29 18:09 . 2009-06-29 18:09 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll + 2009-06-29 18:09 . 2009-06-29 18:09 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll + 2009-06-29 13:35 . 2009-06-29 13:35 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll + 2009-06-29 18:07 . 2009-06-29 18:07 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll + 2009-06-29 18:09 . 2009-06-29 18:09 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll + 2009-06-29 13:35 . 2009-06-29 13:35 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\0bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll + 2009-06-29 18:09 . 2009-06-29 18:09 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll + 2009-06-29 13:35 . 2009-06-29 13:35 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll + 2009-06-29 13:34 . 2009-06-29 13:34 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll + 2009-06-29 13:34 . 2009-06-29 13:34 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll + 2009-06-29 13:33 . 2009-06-29 13:33 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll + 2009-06-29 18:07 . 2009-06-29 18:07 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll + 2009-06-29 18:06 . 2009-06-29 18:06 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll + 2009-06-29 21:16 . 2009-06-29 21:16 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll + 2009-06-29 18:07 . 2009-06-29 18:07 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll + 2009-06-29 18:07 . 2009-06-29 18:07 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll + 2009-06-29 18:06 . 2009-06-29 18:06 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll + 2009-06-29 13:25 . 2009-06-29 13:25 1245184 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll + 2009-06-29 13:30 . 2009-06-29 13:30 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2009-06-29 13:30 . 2009-06-29 13:30 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll + 2009-06-29 13:25 . 2009-06-29 13:25 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll + 2009-06-29 13:25 . 2009-06-29 13:25 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll + 2009-06-29 13:30 . 2009-06-29 13:30 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2009-06-29 13:32 . 2009-06-29 13:32 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll + 2009-06-29 13:31 . 2009-06-29 13:31 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll + 2009-06-29 13:30 . 2009-06-29 13:30 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2009-06-29 13:27 . 2009-06-29 13:27 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll + 2009-06-29 13:31 . 2009-06-29 13:31 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll + 2009-06-29 13:30 . 2009-06-29 13:30 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll + 2009-06-29 13:30 . 2009-06-29 13:30 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll + 2009-06-29 13:25 . 2009-06-29 13:25 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll + 2009-06-29 13:30 . 2009-06-29 13:30 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2006-10-27 20:09 . 2009-04-30 21:22 11064832 c:\windows\system32\ieframe.dll + 2007-05-08 23:35 . 2009-04-30 21:22 11064832 c:\windows\system32\dllcache\ieframe.dll + 2009-06-29 13:18 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll + 2009-06-29 13:36 . 2009-06-29 13:36 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll + 2009-06-29 21:17 . 2009-06-29 21:17 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll + 2009-06-29 18:06 . 2009-06-29 18:06 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll + 2009-06-29 13:35 . 2009-06-29 13:35 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8ee220bc3cce4f7bbd7818946519ed7f\System.Design.ni.dll + 2009-06-29 13:34 . 2009-06-29 13:34 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll + 2009-06-29 13:33 . 2009-06-29 13:33 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll + 2009-06-29 13:32 . 2009-06-29 13:32 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-09-12 196608] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-12 7630848] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0stera [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "Viewpoint Manager Service"=2 (0x2) "ose"=3 (0x3) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"= "c:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"= "c:\\Program Files\\FirstClass\\fcc32.exe"= "c:\\Program Files\\SpywareBlaster\\spywareblaster.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/25/2009 4:28 PM 28544] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/1/2008 5:53 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/1/2008 5:53 PM 20560] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] . . ------- Supplementary Scan ------- . Trusted Zone: zonelabs.com\update DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-30 09:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3232) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-06-30 10:00 ComboFix-quarantined-files.txt 2009-06-30 13:59 ComboFix2.txt 2009-06-26 21:33 ComboFix3.txt 2009-06-24 13:51 Pre-Run: 18,081,230,848 bytes free Post-Run: 18,208,538,624 bytes free 839 --- E O F --- 2009-06-19 17:20
__________________
i know just enough about computers to screw things up royally... |
|
|
|
|
06-30-2009, 12:49 PM
|
#27 (permalink) |
|
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Jun 2006
Location: USA
Posts: 7,441
OS: XP SP3
|
Re: Suspected Malware
Hi,
The log is clean. Let me understand it clearly. The auto update for Windows is working, but IE's Tools>windows update doesn't work. You cannot access Malwarebyte's when you type their address in the address bar, correct? You don't know if you have the same problem with other web sites. Have you cleared your cache? http://www.microsoft.com/windows/ie/...learcache.mspx http://kb.iu.edu/data/ahic.html#ie8 Can you ping them? open dos box (Start>All Programs>Accessories>cmd prompt) copy/paste the following text: ping safer-networking.org Then, copy/paste the results please. (select all>CTRL+C, >CTRL+V) Do the same for Malwarebytes' ping malwarebytes.org ======================= Open notepad and copy and paste the following text inside the codebox: Code:
regedit /e drivers32.txt "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32" start notepad drivers32.txt It should look like this:  Doubleclick on look.bat. A notepad should open. Copy and paste the contents of it in your next reply. By the way, your security center is set not to notify you of the windows updates and if your antivirus is disabled. Did you set it yourself? If not, please go to Start>Control Panel>Security Center (classic view)>Change the way Security Center alerts me (on the left pane) and check all three.
__________________
My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006 |
|
|
|
|
07-01-2009, 05:20 PM
|
#28 (permalink) | ||||
|
Registered User
Join Date: May 2006
Location: Boston, MA
Posts: 56
OS: Win XP SP3
|
Re: Suspected Malware
Quote:
Auto update for Windows seems to be working (you mentioned it had run just before one of my scans, according to that scan). I have the MSUpdate on my Start menu (Start > All Programs > MSUpdate), and that's what gives me the Google error page. When I tried the Tools > Windows Update in IE, it sent me to Google; this is also what happens any time I try to access the MSUpdate site from the MS home page. Funny thing about the site I get sent to, though: it looks exactly like the Google home page, but it says 'English' next to the Google logo, and the options for 'iGoogle' and 'Sign In' in the upper right-hand corner aren't there. Is there some sort of fake Google site that's putting redirect malware on people's computers? When I try to access the Spybot or Malwarebytes homepages, I simply get the 'Internet Explorer Cannot Display this Webpage' error page, with the option to diagnose the problem. Quote:
Ping request could not find host safer-networking.org. Please check the name and try again. C:\ping malwarebytes.org Ping request could not find host malwarebytes.org. Please check the name and try again. C:\ping yahoo.com Pinging yahoo.com [209.131.36.159] with 32 bytes of data: Reply from 209.131.36.159: bytes=32 time=131ms TTL=54 Reply from 209.131.36.159: bytes=32 time=124ms TTL=54 Reply from 209.131.36.159: bytes=32 time=124ms TTL=54 Reply from 209.131.36.159: bytes=32 time=124ms TTL=54 Ping statistics for 209.131.36.159: Packets: sent = 4, Received = 4, Lost = 0 <0% loss> Approximate round trip times in milli-seconds: Minimum = 124 ms, Maximum = 131ms, Average = 125ms Quote:
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midimapper"="midimap.dll" "msacm.imaadpcm"="imaadp32.acm" "msacm.msadpcm"="msadp32.acm" "msacm.msg711"="msg711.acm" "msacm.msgsm610"="msgsm32.acm" "msacm.trspch"="tssoft32.acm" "vidc.cvid"="iccvid.dll" "vidc.I420"="msh263.drv" "vidc.iv31"="ir32_32.dll" "vidc.iv32"="ir32_32.dll" "vidc.iv41"="ir41_32.ax" "vidc.iyuv"="iyuv_32.dll" "vidc.mrle"="msrle32.dll" "vidc.msvc"="msvidc32.dll" "vidc.uyvy"="msyuv.dll" "vidc.yuy2"="msyuv.dll" "vidc.yvu9"="tsbyuv.dll" "vidc.yvyu"="msyuv.dll" "wavemapper"="msacm32.drv" "msacm.msg723"="msg723.acm" "vidc.M263"="msh263.drv" "vidc.M261"="msh261.drv" "msacm.msaudio1"="msaud32.acm" "msacm.sl_anet"="sl_anet.acm" "msacm.iac2"="C:\\WINDOWS\\system32\\iac25_32.ax" "vidc.iv50"="ir50_32.dll" "msacm.l3acm"="C:\\WINDOWS\\system32\\l3codeca.acm" "wave"="wdmaud.drv" "midi"="wdmaud.drv" "mixer"="wdmaud.drv" "vidc.DIVX"="DivX.dll" "vidc.yv12"="DivX.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server\RDP] "wave"="rdpsnd.dll" "mixer"="rdpsnd.dll" "MaxBandwidth"=dword:000056b9 "wavemapper"="msacm32.drv" "EnableMP3Codec"=dword:00000001 "midimapper"="midimap.dll" Quote:
__________________
i know just enough about computers to screw things up royally... Last edited by raj1439; 07-01-2009 at 05:22 PM. |
||||
|
|
|
|
07-01-2009, 06:06 PM
|
#29 (permalink) |
|
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Jun 2006
Location: USA
Posts: 7,441
OS: XP SP3
|
Re: Suspected Malware
Let's have a new GMER log.
Download GMER Rootkit Scanner from here to your desktop.
**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
__________________
My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006 Last edited by amateur; 07-01-2009 at 06:34 PM. |
|
|
|
|
07-01-2009, 06:54 PM
|
#30 (permalink) |
|
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Jun 2006
Location: USA
Posts: 7,441
OS: XP SP3
|
Re: Suspected Malware
Please post a fresh DDS.txt as well.
__________________
My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006 |
|
|
|
|
07-02-2009, 05:45 AM
|
#31 (permalink) |
|
Registered User
Join Date: May 2006
Location: Boston, MA
Posts: 56
OS: Win XP SP3
|
Re: Suspected Malware
New DDS.txt:
DDS (Ver_09-05-14.01) - NTFSx86 Run by Gaming at 7:39:56.34 on Thu 07/02/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1453 [GMT -4:00] AV: avast! antivirus 4.8.1335 [VPS 090701-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\UStorSrv.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\explorer.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Documents and Settings\Gaming\Desktop\nrrijyl8.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\control.exe C:\Documents and Settings\Gaming\Desktop\CompFix 09\dds.scr ============== Pseudo HJT Report =============== BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: This BHO has been enabled by BHODemon. - No File BHO: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - No File BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll__BHODemonDisabled BHO: This BHO has been disabled by BHODemon. - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe" mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL Trusted Zone: zonelabs.com\update DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120580575171 DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {64D01C7F-810D-446E-A07E-16C764235644} - hxxp://zone.msn.com/bingame/amad/default/atomaders.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220663692046 DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www3.ca.com/securityadvisor/virusinfo/webscan.cab DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/luxr/default/mjolauncher.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab45837.cab DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - hxxp://www.linksysfix.com/netcheck/67/install/gtdownls.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab41227.cab DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4754/mcfscan.cab TCP: {9ECAE540-BB66-4639-A8A5-F1ABAA718B5C} = 85.255.115.99 85.255.112.90 Notify: igfxcui - igfxdev.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-6-25 28544] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-1 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-1 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-8-7 138680] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-8-7 254040] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-8-7 352920] =============== Created Last 30 ================ 2009-06-29 15:55 12,160 a------- c:\windows\system32\drivers\mouhid.sys 2009-06-29 15:55 12,160 a------- c:\windows\system32\dllcache\mouhid.sys 2009-06-29 15:54 10,368 a------- c:\windows\system32\drivers\hidusb.sys 2009-06-29 15:54 10,368 a------- c:\windows\system32\dllcache\hidusb.sys 2009-06-29 15:54 32,128 a------- c:\windows\system32\drivers\usbccgp.sys 2009-06-29 15:54 32,128 a------- c:\windows\system32\dllcache\usbccgp.sys 2009-06-29 09:26 <DIR> --d----- c:\windows\system32\XPSViewer 2009-06-29 09:25 <DIR> --d----- C:\3f2f85fd56c287c18d608d6c5a76ca7e 2009-06-29 09:25 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-06-29 09:25 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll 2009-06-29 09:25 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-06-29 09:25 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-06-29 09:25 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll 2009-06-29 09:25 117,760 -------- c:\windows\system32\prntvpt.dll 2009-06-29 09:25 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-06-29 09:24 <DIR> --d----- c:\windows\SxsCaPendDel 2009-06-29 09:18 <DIR> --d----- c:\windows\ie8updates 2009-06-29 09:13 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll 2009-06-29 09:13 12,800 -------- c:\windows\system32\dllcache\xpshims.dll 2009-06-29 09:03 <DIR> --d----- c:\program files\Zone Labs 2009-06-26 17:56 <DIR> --d----- c:\program files\SpywareBlaster 2009-06-25 16:28 28,544 a------- c:\windows\system32\drivers\pavboot.sys 2009-06-25 16:28 <DIR> --d----- c:\program files\Panda Security 2009-06-24 10:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller 2009-06-24 09:49 <DIR> --d----- c:\windows\system32\dllcache\cache 2009-06-24 09:30 <DIR> a-dshr-- C:\cmdcons 2009-06-24 09:28 161,792 a------- c:\windows\SWREG.exe 2009-06-24 09:28 155,136 a------- c:\windows\PEV.exe 2009-06-24 09:28 98,816 a------- c:\windows\sed.exe 2009-06-23 10:28 <DIR> --d----- c:\program files\VideoLAN 2009-06-21 16:09 <DIR> --dsh--- c:\documents and settings\gaming\IECompatCache 2009-06-19 13:47 <DIR> --dsh--- c:\documents and settings\gaming\PrivacIE 2009-06-19 13:23 <DIR> --dsh--- c:\documents and settings\gaming\IETldCache 2009-06-19 13:17 <DIR> -cd-h--- c:\windows\ie8 2009-06-08 20:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-08 20:19 <DIR> --d----- c:\program files\Bonjour 2009-06-03 18:41 <DIR> --d----- C:\OutputFolder ==================== Find3M ==================== 2009-06-29 09:38 4,212 a---h--- c:\windows\system32\zllictbl.dat 2009-05-13 01:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll 2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll 2009-05-13 01:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll 2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll 2009-04-30 17:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll 2009-04-30 17:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll 2009-04-30 17:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll 2009-04-30 17:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll 2009-04-30 17:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll 2009-04-30 07:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe 2009-04-29 00:55 133,120 a------- c:\windows\system32\dllcache\extmgr.dll 2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys 2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll 2008-09-05 16:42 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat ============= FINISH: 7:40:10.17 =============== The new GMER and DDS logs are attached. Thanks.
__________________
i know just enough about computers to screw things up royally... |
|
|
|
|
07-02-2009, 08:04 PM
|
#32 (permalink) |
|
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Jun 2006
Location: USA
Posts: 7,441
OS: XP SP3
|
Re: Suspected Malware
Hi,
Please run Combofix with the following script again. Please allow Combofix to update when prompted.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Code:
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/387175-suspected-malware-2.html#post2218587
Collect::
C:\Documents and Settings\Gaming\Desktop\nrrijyl8.exe
DDS::
BHO: This BHO has been enabled by BHODemon. - No File
BHO: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - No File
BHO: This BHO has been disabled by BHODemon. - No File
TCP: {9ECAE540-BB66-4639-A8A5-F1ABAA718B5C} = 85.255.115.99 85.255.112.90
 Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you. Post that log in your next reply. **Note** When CF finishes running, it pops out with the CF log and this message box:  Clicking OK will begin the auto-upload of the zipped file.  ----------- If you do not get a message box, please do the following: There should be a file named [4]-Submit_date@time.zip with today's date, located here: C:\QooBox\Quarantine\[4]-Submit_date@time.zip Using the 'Browse' button, please submit it to this site ==> http://www.bleepingcomputer.com/subm....php?channel=4 Please let me know if you successfully submitted the file. Thanks.
__________________
My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006 |
|
|
|
|
07-03-2009, 08:43 AM
|
#33 (permalink) |
|
Registered User
Join Date: May 2006
Location: Boston, MA
Posts: 56
OS: Win XP SP3
|
Re: Suspected Malware
Here's the latest ComboFix log.
I was able to submit the file to BleepingComputer, although it was not a .zip file, so I submitted it as a .zip file as well. ComboFix 09-07-02.02 - Gaming 07/03/2009 10:09.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1564 [GMT -4:00] Running from: c:\documents and settings\Gaming\Desktop\CompFix 09\ComboFix.exe Command switches used :: c:\documents and settings\Gaming\Desktop\CompFix 09\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090702-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\2e086.msi c:\windows\Installer\d1127.msp . ((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 ))))))))))))))))))))))))))))))) . 2009-06-29 19:55 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-06-29 19:55 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys 2009-06-29 19:54 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-06-29 19:54 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys 2009-06-29 19:54 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-06-29 19:54 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys 2009-06-29 13:26 . 2009-06-29 13:26 -------- d-----w- c:\windows\system32\XPSViewer 2009-06-29 13:25 . 2009-06-29 13:25 -------- d-----w- c:\program files\MSBuild 2009-06-29 13:25 . 2009-06-29 13:25 -------- d-----w- c:\program files\Reference Assemblies 2009-06-29 13:25 . 2009-06-29 13:25 -------- d-----w- C:\3f2f85fd56c287c18d608d6c5a76ca7e 2009-06-29 13:25 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-06-29 13:25 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-06-29 13:25 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-06-29 13:25 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-06-29 13:25 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-06-29 13:25 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-06-29 13:25 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-06-29 13:24 . 2009-06-29 13:40 -------- d-----w- c:\windows\SxsCaPendDel 2009-06-29 13:18 . 2009-06-29 13:18 -------- d-----w- c:\windows\ie8updates 2009-06-29 13:13 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-06-29 13:13 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-29 13:10 . 2009-06-29 13:10 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-06-29 13:03 . 2009-06-29 13:03 -------- d-----w- c:\program files\Zone Labs 2009-06-26 21:56 . 2009-06-30 13:39 -------- d-----w- c:\program files\SpywareBlaster 2009-06-25 20:28 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-06-25 20:28 . 2009-06-25 20:28 -------- d-----w- c:\program files\Panda Security 2009-06-25 05:05 . 2009-06-25 05:05 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2009-06-25 05:03 . 2009-06-25 05:03 152576 ----a-w- c:\documents and settings\Gaming\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-06-24 14:02 . 2009-06-24 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-06-23 14:30 . 2009-06-23 15:40 -------- d-----w- c:\documents and settings\Gaming\Application Data\dvdcss 2009-06-23 14:30 . 2009-06-23 15:48 -------- d-----w- c:\documents and settings\Gaming\Application Data\vlc 2009-06-23 14:28 . 2009-06-23 14:28 -------- d-----w- c:\program files\VideoLAN 2009-06-21 20:09 . 2009-06-21 20:09 -------- d-sh--w- c:\documents and settings\Gaming\IECompatCache 2009-06-19 17:47 . 2009-06-19 17:47 -------- d-sh--w- c:\documents and settings\Gaming\PrivacIE 2009-06-19 17:24 . 2009-06-19 17:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-06-19 17:23 . 2009-06-19 17:23 -------- d-sh--w- c:\documents and settings\Gaming\IETldCache 2009-06-19 17:17 . 2009-06-19 17:20 -------- dc-h--w- c:\windows\ie8 2009-06-09 00:22 . 2009-06-09 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-09 00:19 . 2009-06-09 00:19 -------- d-----w- c:\program files\Bonjour 2009-06-09 00:14 . 2009-06-09 00:15 -------- d-----w- c:\program files\QuickTime 2009-06-09 00:07 . 2009-06-09 00:07 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-06-03 22:41 . 2009-06-03 22:42 -------- d-----w- C:\OutputFolder . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-03 14:06 . 2007-10-14 13:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-29 14:31 . 2006-12-22 20:14 132960 ----a-w- c:\documents and settings\Gaming\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-29 13:38 . 2005-04-27 01:16 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-06-29 13:24 . 2006-05-13 19:14 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-06-29 13:24 . 2006-05-13 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-06-25 05:04 . 2005-04-21 23:06 -------- d-----w- c:\program files\Java 2009-06-25 04:58 . 2005-04-21 23:08 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-25 04:58 . 2005-05-10 09:42 -------- d-----w- c:\program files\iPod 2009-06-19 22:47 . 2006-06-16 05:00 -------- d-----w- c:\program files\Agent 2009-06-19 22:46 . 2005-04-27 03:14 -------- d-----w- c:\documents and settings\Rich\Application Data\Lavasoft 2009-06-19 18:07 . 2006-09-20 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-06-18 22:19 . 2005-04-27 09:28 -------- d-----w- c:\program files\FirstClass 2009-06-09 00:23 . 2006-09-17 01:09 -------- d-----w- c:\program files\iTunes 2009-06-09 00:22 . 2007-09-02 17:05 -------- d-----w- c:\program files\Common Files\Apple 2009-06-08 22:44 . 2008-02-13 22:47 -------- d-----w- c:\documents and settings\Gaming\Application Data\uTorrent 2009-05-13 05:15 . 2004-08-10 17:51 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:32 . 2004-08-10 17:51 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-17 12:26 . 2004-08-10 17:51 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-08-10 17:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((( SnapShot_2009-06-30_13.57.43 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-29 13:23 . 2009-06-29 13:23 88576 c:\windows\Installer\bb15d.msi + 2009-06-29 13:03 . 2009-06-29 13:03 62464 c:\windows\Installer\9e73b.msi + 2007-09-23 04:31 . 2007-09-23 04:31 55296 c:\windows\Installer\6456c3c.msi + 2005-07-29 04:54 . 2005-07-29 04:54 20480 c:\windows\Installer\153fc7.msi + 2009-06-29 13:35 . 2009-06-29 13:35 62464 c:\windows\Installer\11e3f3.msi + 2005-04-21 23:10 . 2005-04-21 23:10 70144 c:\windows\Installer\11db0.msi + 2005-04-21 23:10 . 2005-04-21 23:10 72704 c:\windows\Installer\11d9e.msi + 2008-07-30 01:07 . 2008-07-30 01:07 23040 c:\windows\Installer\106543.msp + 2008-09-05 03:36 . 2004-08-04 10:00 366080 c:\windows\ServicePackFiles\i386\digreqex.msi + 2008-09-05 03:36 . 2004-08-04 10:00 863232 c:\windows\ServicePackFiles\i386\digopt.msi + 2009-06-29 13:27 . 2009-06-29 13:27 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi + 2005-07-05 16:25 . 2005-07-05 16:25 916480 c:\windows\Installer\e2422.msi + 2008-11-05 16:02 . 2008-11-05 16:02 119296 c:\windows\Installer\d113c.msp + 2005-05-15 05:35 . 2005-05-15 05:35 390656 c:\windows\Installer\ce29a.msi + 2008-07-29 21:35 . 2008-07-29 21:35 553472 c:\windows\Installer\bb162.msp + 2008-07-29 21:33 . 2008-07-29 21:33 506368 c:\windows\Installer\bb160.msp + 2008-07-29 21:37 . 2008-07-29 21:37 911360 c:\windows\Installer\bb15f.msp + 2008-11-16 18:48 . 2008-11-16 18:48 683008 c:\windows\Installer\942c6d8.msi + 2008-11-19 00:01 . 2008-11-19 00:01 432640 c:\windows\Installer\85ea9c.msi + 2008-12-09 23:03 . 2008-12-09 23:03 562176 c:\windows\Installer\751be.msi + 2004-08-10 18:08 . 2004-08-10 18:08 264704 c:\windows\Installer\7506.msi + 2007-08-14 23:06 . 2007-08-14 23:06 431104 c:\windows\Installer\6d54428.msi + 2008-09-26 23:52 . 2008-09-26 23:52 213504 c:\windows\Installer\69a667.msi + 2006-11-19 06:28 . 2006-11-19 06:28 428544 c:\windows\Installer\3c1294a.msi + 2008-09-26 23:01 . 2008-09-26 23:01 331264 c:\windows\Installer\3a8990.msi + 2007-12-21 20:55 . 2007-12-21 20:55 331776 c:\windows\Installer\2834f842.msi + 2005-04-26 23:51 . 2005-04-26 23:51 854528 c:\windows\Installer\27cdf6.msi + 2005-04-26 23:50 . 2005-04-26 23:50 276992 c:\windows\Installer\27cddf.msi + 2005-04-26 23:50 . 2005-04-26 23:50 266240 c:\windows\Installer\27cdda.msi + 2005-04-26 23:49 . 2005-04-26 23:49 312320 c:\windows\Installer\27cdd5.msi + 2006-05-14 22:22 . 2006-05-14 22:22 260096 c:\windows\Installer\246e9cd.msi + 2008-06-11 18:02 . 2008-06-11 18:02 830464 c:\windows\Installer\13dac0a.msp + 2008-07-28 18:59 . 2008-07-28 18:59 180736 c:\windows\Installer\13dabf1.msp + 2006-10-14 06:09 . 2006-10-14 06:09 428544 c:\windows\Installer\13a1952.msi + 2006-06-13 18:12 . 2006-06-13 18:12 509440 c:\windows\Installer\12da0fe.msp + 2008-12-13 13:58 . 2008-12-13 13:58 754688 c:\windows\Installer\11e3ed.msp + 2009-06-29 13:27 . 2009-06-29 13:27 648192 c:\windows\Installer\11e3ca.msi + 2005-04-21 23:14 . 2005-04-21 23:14 198144 c:\windows\Installer\11dce.msi + 2005-04-21 23:10 . 2005-04-21 23:10 843776 c:\windows\Installer\11da9.msi + 2005-04-21 23:10 . 2005-04-21 23:10 656896 c:\windows\Installer\11da2.msi + 2005-04-21 23:09 . 2005-04-21 23:09 669696 c:\windows\Installer\11d9a.msi + 2005-04-21 23:08 . 2005-04-21 23:08 256000 c:\windows\Installer\11d96.msi + 2005-04-21 23:08 . 2005-04-21 23:08 171008 c:\windows\Installer\11d80.msi + 2005-04-21 23:07 . 2005-04-21 23:07 275968 c:\windows\Installer\11d78.msi + 2008-07-30 01:23 . 2008-07-30 01:23 250880 c:\windows\Installer\10654c.msp + 2008-07-30 01:28 . 2008-07-30 01:28 278016 c:\windows\Installer\10654a.msp + 2008-07-29 23:40 . 2008-07-29 23:40 291840 c:\windows\Installer\106548.msp + 2009-06-29 13:26 . 2009-06-29 13:26 137728 c:\windows\Installer\106542.msi + 2005-09-13 21:34 . 2005-04-04 06:07 982016 c:\windows\Downloaded Installations\{EA7763E4-20ED-43E2-AEFB-D81D1FC2ED59}\ISScript11.Msi + 2005-10-22 13:26 . 2005-04-04 06:07 982016 c:\windows\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\ISScript11.Msi + 2006-03-19 00:21 . 2005-04-04 06:07 982016 c:\windows\Downloaded Installations\{59C4F14F-7590-45FC-BE9F-A67AB3590709}\ISScript11.Msi + 2006-07-03 01:53 . 2005-04-04 06:07 982016 c:\windows\Downloaded Installations\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\ISScript11.Msi + 2006-01-19 10:54 . 2005-04-04 06:07 982016 c:\windows\Downloaded Installations\{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}\ISScript11.Msi + 2006-02-18 23:56 . 2005-04-04 06:07 982016 c:\windows\Downloaded Installations\{1E8CF57A-24E8-4A97-9564-A8F1956C447B}\ISScript11.Msi + 2005-10-15 02:20 . 2005-04-04 06:07 982016 c:\windows\Downloaded Installations\{13616DE2-9795-4910-8C93-80D45AF09658}\ISScript11.Msi + 2004-08-10 17:51 . 2004-08-04 10:00 1326080 c:\windows\system32\webfldrs.msi + 2005-04-26 22:59 . 2005-04-21 23:06 9946112 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\Java 2 Runtime Environment, SE v1.4.2_03.msi + 2008-09-05 03:37 . 2004-08-04 10:00 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi + 2008-09-05 03:37 . 2004-08-04 10:00 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi + 2007-05-25 16:08 . 2007-05-25 16:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp + 2008-01-31 14:30 . 2008-01-31 14:30 9947648 c:\windows\Installer\fd6ef23.msp + 2008-02-15 18:57 . 2008-02-15 18:57 5517312 c:\windows\Installer\fd6ef0f.msp + 2007-02-12 20:30 . 2007-02-12 20:30 5235200 c:\windows\Installer\fab1870.msp + 2008-01-14 21:54 . 2008-01-14 21:54 5505024 c:\windows\Installer\f5d49ea.msp + 2008-01-14 21:53 . 2008-01-14 21:53 5213696 c:\windows\Installer\f5d49d2.msp + 2008-01-25 20:29 . 2008-01-25 20:29 5514752 c:\windows\Installer\f5d49be.msp + 2006-02-15 00:29 . 2006-02-15 00:29 8979968 c:\windows\Installer\f4073.msi + 2007-01-24 18:05 . 2007-01-24 18:05 5228544 c:\windows\Installer\f1f98.msp + 2007-01-19 15:46 . 2007-01-19 15:46 6814208 c:\windows\Installer\f1f6f.msp + 2006-12-18 16:48 . 2006-12-18 16:48 5444096 c:\windows\Installer\f1f5a.msp + 2007-01-24 12:48 . 2007-01-24 12:48 9804800 c:\windows\Installer\f1f45.msp + 2007-01-10 15:05 . 2007-01-10 15:05 9921024 c:\windows\Installer\f1f30.msp + 2006-11-20 21:37 . 2006-11-20 21:37 6553088 c:\windows\Installer\f1f1b.msp + 2007-09-18 18:18 . 2007-09-18 18:18 5489152 c:\windows\Installer\d594e.msp + 2009-02-11 19:02 . 2009-02-11 19:02 5519872 c:\windows\Installer\d1150.msp + 2006-07-03 15:48 . 2006-07-03 15:48 5236224 c:\windows\Installer\c0878.msp + 2006-07-17 21:11 . 2006-07-17 21:11 4578816 c:\windows\Installer\c0864.msp + 2008-07-29 21:45 . 2008-07-29 21:45 2543616 c:\windows\Installer\bb166.msp + 2008-07-29 21:29 . 2008-07-29 21:29 2926080 c:\windows\Installer\bb165.msp + 2008-07-29 21:41 . 2008-07-29 21:41 6487040 c:\windows\Installer\bb164.msp + 2008-07-29 21:39 . 2008-07-29 21:39 3403264 c:\windows\Installer\bb163.msp + 2008-07-29 21:43 . 2008-07-29 21:43 1013248 c:\windows\Installer\bb161.msp + 2008-07-29 21:31 . 2008-07-29 21:31 6083072 c:\windows\Installer\bb15e.msp + 2009-03-05 19:40 . 2009-03-05 19:40 6819840 c:\windows\Installer\ba47b.msp + 2007-03-19 14:31 . 2007-03-19 14:31 5259776 c:\windows\Installer\b82a8e.msp + 2005-04-27 01:33 . 2005-04-27 01:33 5864960 c:\windows\Installer\b5024.msp + 2008-04-18 18:26 . 2008-04-18 18:26 5518336 c:\windows\Installer\aa71586.msp + 2008-04-01 18:33 . 2008-04-01 18:33 5479936 c:\windows\Installer\aa71572.msp + 2008-04-01 02:11 . 2008-04-01 02:11 1298432 c:\windows\Installer\aa71547.msp + 2008-10-25 14:15 . 2008-10-25 14:15 6227456 c:\windows\Installer\85eac4.msp + 2008-10-17 14:03 . 2008-10-17 14:03 5518336 c:\windows\Installer\85eaaf.msp + 2008-08-13 20:20 . 2008-08-13 20:20 1549312 c:\windows\Installer\8255e.msi + 2006-05-02 01:59 . 2006-05-02 01:59 2893312 c:\windows\Installer\771bd6.msi + 2007-05-25 15:55 . 2007-05-25 15:55 5265408 c:\windows\Installer\73b17c5.msp + 2007-07-23 20:40 . 2007-07-23 20:40 9945600 c:\windows\Installer\6d54465.msp + 2007-07-24 19:02 . 2007-07-24 19:02 5240320 c:\windows\Installer\6d54450.msp + 2007-05-22 13:46 . 2007-05-22 13:46 6108672 c:\windows\Installer\6d5443c.msp + 2007-08-16 04:22 . 2007-08-16 04:22 1279488 c:\windows\Installer\6456c42.msp + 2009-06-09 00:23 . 2009-06-09 00:23 4074496 c:\windows\Installer\5d079ed6.msi + 2009-06-09 00:20 . 2009-06-09 00:20 1665024 c:\windows\Installer\5d079bb6.msi + 2009-06-09 00:19 . 2009-06-09 00:19 1659392 c:\windows\Installer\5d079b72.msi + 2009-06-09 00:15 . 2009-06-09 00:15 8992256 c:\windows\Installer\5d079b65.msi + 2009-06-09 00:11 . 2009-06-09 00:11 3295232 c:\windows\Installer\5d0798d9.msi + 2008-03-16 21:11 . 2008-03-16 21:11 5512704 c:\windows\Installer\5cc2df5.msp + 2007-11-02 14:30 . 2007-11-02 14:30 7554048 c:\windows\Installer\5b0c8a.msp + 2009-01-15 08:35 . 2009-01-15 08:35 4830720 c:\windows\Installer\52f727.msp + 2006-12-18 07:12 . 2006-12-18 07:12 5883392 c:\windows\Installer\528a43.msi + 2004-08-10 18:09 . 2004-08-10 18:10 3443712 c:\windows\Installer\50c4.msi + 2007-06-19 19:48 . 2007-06-19 19:48 5247488 c:\windows\Installer\4df9010.msp + 2007-06-05 18:48 . 2007-06-05 18:48 9944064 c:\windows\Installer\4df8ffc.msp + 2006-05-18 14:14 . 2006-05-18 14:14 8384512 c:\windows\Installer\49c7f00.msp + 2006-05-08 16:11 . 2006-05-08 16:11 5230592 c:\windows\Installer\49c7eeb.msp + 2009-04-06 21:00 . 2009-04-06 21:00 5518336 c:\windows\Installer\3c66a7.msp + 2006-10-12 15:50 . 2006-10-12 15:50 1091584 c:\windows\Installer\3c1295e.msp + 2006-10-06 20:15 . 2006-10-06 20:15 5185024 c:\windows\Installer\3c12942.msp + 2006-11-14 17:22 . 2006-11-14 17:22 5248512 c:\windows\Installer\38030.msp + 2006-02-03 21:00 . 2006-02-03 21:00 9357824 c:\windows\Installer\37fd5.msp + 2006-02-03 21:00 . 2006-02-03 21:00 4008448 c:\windows\Installer\37fd4.msp + 2006-04-06 14:58 . 2006-04-06 14:58 5216768 c:\windows\Installer\37fcd.msp + 2006-02-08 13:46 . 2006-02-08 13:46 8483328 c:\windows\Installer\37fb9.msp + 2005-10-26 18:59 . 2005-10-26 18:59 2883072 c:\windows\Installer\37fa4.msp + 2007-11-16 17:58 . 2007-11-16 17:58 5495296 c:\windows\Installer\37f940.msp + 2007-11-08 16:42 . 2007-11-08 16:42 4158464 c:\windows\Installer\37f92c.msp + 2008-10-05 08:12 . 2008-10-05 08:12 4784128 c:\windows\Installer\369356.msp + 2007-10-21 04:12 . 2007-10-21 04:12 1279488 c:\windows\Installer\34bfe98.msp + 2008-10-23 03:43 . 2008-10-23 03:43 6820352 c:\windows\Installer\3466ed8.msp + 2008-10-23 03:48 . 2008-10-23 03:48 7672832 c:\windows\Installer\3466ec3.msp + 2008-11-05 19:25 . 2008-11-05 19:25 5518336 c:\windows\Installer\3466eae.msp + 2009-01-14 20:43 . 2009-01-14 20:43 5520384 c:\windows\Installer\2de3d67.msp + 2006-07-17 21:50 . 2006-07-17 21:50 7435776 c:\windows\Installer\28ce23.msi + 2005-04-03 19:37 . 2005-04-03 19:37 2593792 c:\windows\Installer\289951.msp + 2004-10-21 21:56 . 2004-10-21 21:56 5533696 c:\windows\Installer\28993b.msp + 2005-02-14 17:10 . 2005-02-14 17:10 5378048 c:\windows\Installer\2898a6.msp + 2005-04-26 23:51 . 2005-04-26 23:51 3565568 c:\windows\Installer\27cdef.msi + 2005-04-26 23:50 . 2005-04-26 23:50 1420800 c:\windows\Installer\27cde6.msi + 2005-04-27 00:57 . 2005-04-27 00:57 5922816 c:\windows\Installer\251ac1.msi + 2008-09-05 17:08 . 2008-09-05 17:08 5515776 c:\windows\Installer\233e1a.msp + 2005-09-28 22:59 . 2005-09-28 22:59 7416832 c:\windows\Installer\1ecee2.msi + 2009-05-01 19:49 . 2009-05-01 19:49 4328960 c:\windows\Installer\1d67261.msp + 2009-05-12 17:01 . 2009-05-12 17:01 6818816 c:\windows\Installer\1d6724b.msp + 2009-05-28 16:32 . 2009-05-28 16:32 5518848 c:\windows\Installer\1d67236.msp + 2009-04-23 21:57 . 2009-04-23 21:57 7672832 c:\windows\Installer\1bbc54c.msp + 2006-08-10 01:49 . 2006-08-10 01:49 5228544 c:\windows\Installer\17da62f.msp + 2006-08-16 02:36 . 2006-08-16 02:36 5206528 c:\windows\Installer\17da61b.msp + 2008-08-14 19:01 . 2008-08-14 19:01 5517312 c:\windows\Installer\153f76.msp + 2008-09-04 22:16 . 2008-09-04 22:16 1298432 c:\windows\Installer\146f4c.msp + 2007-04-11 17:47 . 2007-04-11 17:47 5264896 c:\windows\Installer\13e5c8.msp + 2007-04-25 19:14 . 2007-04-25 19:14 9828864 c:\windows\Installer\13e59f.msp + 2007-04-25 19:09 . 2007-04-25 19:09 9944064 c:\windows\Installer\13e58a.msp + 2007-04-25 19:10 . 2007-04-25 19:10 6835712 c:\windows\Installer\13e575.msp + 2008-06-11 19:05 . 2008-06-11 19:05 9994240 c:\windows\Installer\13dad10.msp + 2008-07-16 14:39 . 2008-07-16 14:39 5519360 c:\windows\Installer\13dace7.msp + 2008-07-08 15:27 . 2008-07-08 15:27 8436736 c:\windows\Installer\13dacd3.msp + 2006-09-19 20:13 . 2006-09-19 20:13 8272896 c:\windows\Installer\13a19eb.msp + 2006-09-06 19:53 . 2006-09-06 19:53 5175808 c:\windows\Installer\13a19d6.msp + 2006-09-11 16:19 . 2006-09-11 16:19 6253056 c:\windows\Installer\13a1990.msp + 2007-09-10 21:01 . 2007-09-10 21:01 5488640 c:\windows\Installer\12e450.msp + 2006-06-06 14:39 . 2006-06-06 14:39 5241344 c:\windows\Installer\12da0be.msp + 2008-12-13 13:57 . 2008-12-13 13:57 8397824 c:\windows\Installer\11e3d8.msp + 2005-04-21 23:12 . 2005-04-21 23:12 1049088 c:\windows\Installer\11dc3.msi + 2005-04-21 23:08 . 2005-04-21 23:08 9686528 c:\windows\Installer\11d7c.msi + 2005-04-21 23:07 . 2005-04-21 23:07 1914880 c:\windows\Installer\11d72.msi + 2008-12-12 16:09 . 2008-12-12 16:09 5517824 c:\windows\Installer\1155d0.msp + 2006-12-19 20:42 . 2006-12-19 20:42 6649856 c:\windows\Installer\10b5e1.msp + 2006-12-04 18:51 . 2006-12-04 18:51 5250560 c:\windows\Installer\10b5cd.msp + 2006-11-20 18:42 . 2006-11-20 18:42 9713664 c:\windows\Installer\10b5b9.msp + 2008-06-25 14:39 . 2008-06-25 14:39 3236352 c:\windows\Installer\107c61.msi + 2008-07-29 23:26 . 2008-07-29 23:26 1043456 c:\windows\Installer\10654b.msp + 2008-07-30 00:37 . 2008-07-30 00:37 2679808 c:\windows\Installer\106549.msp + 2008-07-30 01:15 . 2008-07-30 01:15 3697664 c:\windows\Installer\106547.msp + 2008-07-29 23:34 . 2008-07-29 23:34 1448448 c:\windows\Installer\106546.msp + 2008-07-30 00:22 . 2008-07-30 00:22 4137984 c:\windows\Installer\106545.msp + 2008-07-29 23:18 . 2008-07-29 23:18 3376640 c:\windows\Installer\106544.msp + 2005-10-22 13:26 . 2005-10-18 17:01 9935872 c:\windows\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\iTunes.msi + 2006-03-19 00:21 . 2006-02-23 21:42 9934848 c:\windows\Downloaded Installations\{59C4F14F-7590-45FC-BE9F-A67AB3590709}\iTunes.msi + 2006-07-03 01:53 . 2006-06-19 20:04 9934848 c:\windows\Downloaded Installations\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\iTunes.msi + 2006-01-19 10:54 . 2005-12-21 16:57 9934848 c:\windows\Downloaded Installations\{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}\iTunes.msi + 2006-02-18 23:56 . 2006-02-08 19:49 9934848 c:\windows\Downloaded Installations\{1E8CF57A-24E8-4A97-9564-A8F1956C447B}\iTunes.msi + 2005-07-05 16:25 . 2005-07-05 16:25 1863168 c:\windows\Downloaded Installations\{14CC4A00-F200-4153-8250-97CFD2A2DA91}\HMTCDWizard.msi + 2005-10-15 02:20 . 2005-10-12 01:53 9932800 c:\windows\Downloaded Installations\{13616DE2-9795-4910-8C93-80D45AF09658}\iTunes.msi + 2008-03-17 16:48 . 2008-03-17 16:48 11813888 c:\windows\Installer\fd6ef4e.msp + 2008-03-01 02:09 . 2008-03-01 02:09 16907776 c:\windows\Installer\fd6ef39.msp + 2008-01-14 20:24 . 2008-01-14 20:24 10721280 c:\windows\Installer\f5d49aa.msp + 2008-01-14 21:50 . 2008-01-14 21:50 11887104 c:\windows\Installer\f5d4995.msp + 2007-01-18 19:29 . 2007-01-18 19:29 10978816 c:\windows\Installer\f1f84.msp + 2005-08-08 18:25 . 2005-08-08 18:25 97385984 c:\windows\Installer\d3f8c.msp + 2006-07-18 19:02 . 2006-07-18 19:02 12290560 c:\windows\Installer\c088d.msp + 2008-04-14 18:26 . 2008-04-14 18:26 11888128 c:\windows\Installer\aa7155b.msp + 2007-07-11 23:07 . 2007-07-11 23:07 15256576 c:\windows\Installer\4df8fe8.msp + 2006-05-17 02:43 . 2006-05-17 02:43 13711872 c:\windows\Installer\49c7f15.msp + 2008-08-13 18:49 . 2008-08-13 18:49 11816960 c:\windows\Installer\426b8d.msp + 2005-05-03 23:54 . 2005-05-03 23:54 25365504 c:\windows\Installer\4027df.msi + 2004-07-08 04:23 . 2004-07-08 04:23 18643968 c:\windows\Installer\289923.msp + 2004-08-10 18:10 . 2004-08-10 18:10 19204096 c:\windows\Installer\1599f.msp + 2008-07-30 12:50 . 2008-07-30 12:50 12506112 c:\windows\Installer\153fa0.msp + 2008-06-04 17:29 . 2008-06-04 17:29 16905728 c:\windows\Installer\153f8b.msp + 2007-05-01 13:29 . 2007-05-01 13:29 10994688 c:\windows\Installer\13e5b4.msp + 2008-07-08 14:09 . 2008-07-08 14:09 11887616 c:\windows\Installer\13dacfc.msp + 2008-07-01 13:25 . 2008-07-01 13:25 11814912 c:\windows\Installer\13dabdd.msp + 2006-09-27 18:28 . 2006-09-27 18:28 10256384 c:\windows\Installer\13a19c2.msp + 2006-09-19 15:23 . 2006-09-19 15:23 12292096 c:\windows\Installer\13a19ad.msp + 2006-09-12 20:59 . 2006-09-12 20:59 14482944 c:\windows\Installer\13a197b.msp + 2006-09-13 02:44 . 2006-09-13 02:44 13737984 c:\windows\Installer\13a1966.msp + 2006-06-20 15:07 . 2006-06-20 15:07 12292096 c:\windows\Installer\12da0e8.msp + 2006-06-28 13:48 . 2006-06-28 13:48 14463488 c:\windows\Installer\12da0d3.msp + 2008-12-13 14:21 . 2008-12-13 14:21 10473472 c:\windows\Installer\11e3e2.msp + 2005-04-21 23:12 . 2005-04-21 23:12 12983808 c:\windows\Installer\11dbf.msi + 2005-09-13 21:34 . 2005-09-04 00:26 10065408 c:\windows\Downloaded Installations\{EA7763E4-20ED-43E2-AEFB-D81D1FC2ED59}\iTunes.msi + 2006-07-17 21:48 . 2006-07-17 21:48 45631488 c:\windows\Downloaded Installations\{ADF0CB4C-E2E8-41AC-832B-81F52F0FE755}\iPod for Windows 2006-06-28.msi + 2005-06-29 16:46 . 2005-06-29 16:46 21069312 c:\windows\Downloaded Installations\{A89EB61A-717D-4E9B-BB70-7626DF2EB947}\iTunes.msi + 2005-05-28 01:18 . 2005-05-28 06:00 35343872 c:\windows\Downloaded Installations\{988A90CD-20C7-49F5-AFA6-AD738D228603}\iPod for Windows 2005-03-23.msi + 2005-09-28 22:54 . 2005-09-28 22:54 35885568 c:\windows\Downloaded Installations\{921F5E11-CF76-4F27-A02B-F8B57B0D3163}\iPod for Windows 2005-09-23.msi + 2005-05-05 23:47 . 2005-05-05 23:47 29738496 c:\windows\Downloaded Installations\{8FD83620-E609-4CCD-B4E0-974625430E55}\ATI Multimedia Center.msi + 2006-12-18 07:12 . 2006-12-18 07:12 11129856 c:\windows\Downloaded Installations\{526DEA13-3565-48BD-BD60-F2F936C4DCB8}\URGE.msi + 2005-05-10 09:41 . 2005-05-10 09:41 20930048 c:\windows\Downloaded Installations\{24687BD9-657A-42C0-83BF-6674644136A8}\iTunes.msi + 2006-02-15 00:28 . 2006-02-15 00:28 33979904 c:\windows\Downloaded Installations\{00C2E789-F948-4BE1-8167-6E6447DC4CE2}\iPod for Windows 2006-01-10.msi + 2007-07-27 13:03 . 2007-07-27 13:03 119977472 c:\windows\Installer\13dacbe.msp . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-09-12 196608] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-12 7630848] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0stera [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "Viewpoint Manager Service"=2 (0x2) "ose"=3 (0x3) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"= "c:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"= "c:\\Program Files\\FirstClass\\fcc32.exe"= "c:\\Program Files\\SpywareBlaster\\spywareblaster.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/25/2009 4:28 PM 28544] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/1/2008 5:53 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/1/2008 5:53 PM 20560] --- Other Services/Drivers In Memory --- *Deregistered* - aujasnkj [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] . . ------- Supplementary Scan ------- . Trusted Zone: zonelabs.com\update DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-03 10:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2009-07-03 10:20 ComboFix-quarantined-files.txt 2009-07-03 14:19 ComboFix2.txt 2009-06-30 14:00 ComboFix3.txt 2009-06-26 21:33 ComboFix4.txt 2009-06-24 13:51 Pre-Run: 17,883,533,312 bytes free Post-Run: 17,913,126,912 bytes free 385 --- E O F --- 2009-06-19 17:20
__________________
i know just enough about computers to screw things up royally... Last edited by raj1439; 07-03-2009 at 08:45 AM. |
|
|
|
|
07-03-2009, 01:51 PM
|
#34 (permalink) |
|
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Jun 2006
Location: USA
Posts: 7,441
OS: XP SP3
|
Re: Suspected Malware
Hi,
something doesn't look right. Please go to Start>Run and copy/paste the following text into the run box and press Enter. A text file will open, please copy/paste the contents of that file. CFScript_used_2009-07-03@10.09.txt
__________________
My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006 |
|
|
|
|
07-04-2009, 07:38 AM
|
#35 (permalink) |
|
Registered User
Join Date: May 2006
Location: Boston, MA
Posts: 56
OS: Win XP SP3
|
Re: Suspected Malware
Suspected Malware
Collect:: C:\Documents and Settings\Gaming\Desktop\nrrijyl8.exe DDS:: BHO: This BHO has been enabled by BHODemon. - No File BHO: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - No File BHO: This BHO has been disabled by BHODemon. - No File TCP: {9ECAE540-BB66-4639-A8A5-F1ABAA718B5C} = 85.255.115.99 85.255.112.90 ------- Grr, the link at the top keeps going into this post as a clickable URL, but it went into the script file correctly, with the full address typed out.
__________________
i know just enough about computers to screw things up royally... Last edited by raj1439; 07-04-2009 at 07:44 AM. |
|
|
|
|
07-04-2009, 09:10 PM
|
#36 (permalink) |
|
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Jun 2006
Location: USA
Posts: 7,441
OS: XP SP3
|
Re: Suspected Malware
Hi,
Please post a fresh DDS.txt. Are you still having problem with the windows update page and MBAM home page?
__________________
My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006 |
|
|
|
|
07-05-2009, 08:40 AM
|
#37 (permalink) |
|
Registered User
Join Date: May 2006
Location: Boston, MA
Posts: 56
OS: Win XP SP3
|
Re: Suspected Malware
Hi,
Windows update still takes me to Google English, and Malwarebytes.org still times out as "Internet Explorer cannot display the webpage." Here's the DDS.txt: DDS (Ver_09-05-14.01) - NTFSx86 Run by Gaming at 10:35:43.07 on Sun 07/05/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1511 [GMT -4:00] AV: avast! antivirus 4.8.1335 [VPS 090704-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\UStorSrv.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Gaming\Desktop\dds.scr ============== Pseudo HJT Report =============== BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: This BHO has been enabled by BHODemon. - No File BHO: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - No File BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll__BHODemonDisabled BHO: This BHO has been disabled by BHODemon. - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe" mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL Trusted Zone: zonelabs.com\update DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120580575171 DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {64D01C7F-810D-446E-A07E-16C764235644} - hxxp://zone.msn.com/bingame/amad/default/atomaders.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220663692046 DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www3.ca.com/securityadvisor/virusinfo/webscan.cab DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/luxr/default/mjolauncher.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab45837.cab DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - hxxp://www.linksysfix.com/netcheck/67/install/gtdownls.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab41227.cab DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4754/mcfscan.cab TCP: {9ECAE540-BB66-4639-A8A5-F1ABAA718B5C} = 85.255.115.99 85.255.112.90 Notify: igfxcui - igfxdev.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-6-25 28544] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-1 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-1 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-8-7 138680] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-8-7 254040] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-8-7 352920] =============== Created Last 30 ================ 2009-06-29 15:55 12,160 a------- c:\windows\system32\drivers\mouhid.sys 2009-06-29 15:55 12,160 a------- c:\windows\system32\dllcache\mouhid.sys 2009-06-29 15:54 10,368 a------- c:\windows\system32\drivers\hidusb.sys 2009-06-29 15:54 10,368 a------- c:\windows\system32\dllcache\hidusb.sys 2009-06-29 15:54 32,128 a------- c:\windows\system32\drivers\usbccgp.sys 2009-06-29 15:54 32,128 a------- c:\windows\system32\dllcache\usbccgp.sys 2009-06-29 09:26 <DIR> --d----- c:\windows\system32\XPSViewer 2009-06-29 09:25 <DIR> --d----- C:\3f2f85fd56c287c18d608d6c5a76ca7e 2009-06-29 09:25 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-06-29 09:25 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll 2009-06-29 09:25 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-06-29 09:25 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-06-29 09:25 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll 2009-06-29 09:25 117,760 -------- c:\windows\system32\prntvpt.dll 2009-06-29 09:25 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-06-29 09:24 <DIR> --d----- c:\windows\SxsCaPendDel 2009-06-29 09:18 <DIR> --d----- c:\windows\ie8updates 2009-06-29 09:13 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll 2009-06-29 09:13 12,800 -------- c:\windows\system32\dllcache\xpshims.dll 2009-06-29 09:03 <DIR> --d----- c:\program files\Zone Labs 2009-06-26 17:56 <DIR> --d----- c:\program files\SpywareBlaster 2009-06-25 16:28 28,544 a------- c:\windows\system32\drivers\pavboot.sys 2009-06-25 16:28 <DIR> --d----- c:\program files\Panda Security 2009-06-24 10:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller 2009-06-24 09:49 <DIR> --d----- c:\windows\system32\dllcache\cache 2009-06-24 09:30 <DIR> a-dshr-- C:\cmdcons 2009-06-24 09:28 161,792 a------- c:\windows\SWREG.exe 2009-06-24 09:28 155,136 a------- c:\windows\PEV.exe 2009-06-24 09:28 98,816 a------- c:\windows\sed.exe 2009-06-23 10:28 <DIR> --d----- c:\program files\VideoLAN 2009-06-21 16:09 <DIR> --dsh--- c:\documents and settings\gaming\IECompatCache 2009-06-19 13:47 <DIR> --dsh--- c:\documents and settings\gaming\PrivacIE 2009-06-19 13:23 <DIR> --dsh--- c:\documents and settings\gaming\IETldCache 2009-06-19 13:17 <DIR> -cd-h--- c:\windows\ie8 2009-06-08 20:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-08 20:19 <DIR> --d----- c:\program files\Bonjour ==================== Find3M ==================== 2009-06-29 09:38 4,212 a---h--- c:\windows\system32\zllictbl.dat 2009-05-13 01:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll 2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll 2009-05-13 01:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll 2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll 2009-04-30 17:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll 2009-04-30 17:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll 2009-04-30 17:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll 2009-04-30 17:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll 2009-04-30 17:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll 2009-04-30 07:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe 2009-04-29 00:55 133,120 a------- c:\windows\system32\dllcache\extmgr.dll 2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys 2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll 2008-09-05 16:42 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat ============= FINISH: 10:36:34.07 =============== I zipped and attached the attach.txt file as well.
__________________
i know just enough about computers to screw things up royally... Last edited by raj1439; 07-05-2009 at 08:41 AM. |
|
|
|
|
07-05-2009, 10:40 AM
|
#38 (permalink) |
|
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Jun 2006
Location: USA
Posts: 7,441
OS: XP SP3
|
Re: Suspected Malware
Let have another rootkit scan.
Download RootRepeal.zip to your Desktop and extract the compressed file to it's own folder. Open the folder and doubleclick on RootRepeal.exe to run it.
Drivers
Please attach the report in your next reply.
__________________
My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006 |
|
|
|
|
07-06-2009, 02:48 PM
|
#39 (permalink) |
|
Registered User
Join Date: May 2006
Location: Boston, MA
Posts: 56
OS: Win XP SP3
|
Re: Suspected Malware
Hi,
RootRepeal crashed about 30 seconds into the scan, and produced this crash report: ROOTREPEAL CRASH REPORT ------------------------- Exception Code: 0xc0000005 Exception Address: 0x00412d1a Attempt to read from address: 0x09d80004
__________________
i know just enough about computers to screw things up royally... |
|
|
|
|
07-06-2009, 07:07 PM
|
#40 (permalink) |
|
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Jun 2006
Location: USA
Posts: 7,441
OS: XP SP3
|
Re: Suspected Malware
Hi,
We'll skip the RootRepeal scan for the time being. I suspect, either one of your security tools is counter-acting our efforts to remove the infection; or, other machines using the same router may also be infected and changing the router's DNS settings. If so, they would need to be cleaned as well and should be disconnected from the network until then. We'll try covering all angles to remove this. Please do me a favor and uninstall the following programs via Add or Remove Programs in Control Panel, and do not re-install them until we establish that the system is clean: Ad-Aware SE Personal Spybot Search & Destroy ZoneAlarm ====================================== Restart your computer. ====================================== Disable Avast as per my instructions in post #3 Right Click on the Avast icon in the system tray Click on Program Settings... Click on Troubleshooting Place a tick next to Disable avast! self-defense module Click OK At the prompt that appears, click Yes Right Click on the Avast icon in the system tray and click Stop On-Access protection At the prompt that appears, click Yes ======================================
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Code:
DDS::
BHO: This BHO has been enabled by BHODemon. - No File
BHO: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll__BHODemonDisabled
BHO: This BHO has been disabled by BHODemon. - No File
Trusted Zone: zonelabs.com\update
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www3.ca.com/securityadvisor/virusinfo/webscan.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4754/mcfscan.cab
TCP: {9ECAE540-BB66-4639-A8A5-F1ABAA718B5C} = 85.255.115.99 85.255.112.90
 Refering to the picture above, drag CFScript.txt into ComboFix.exe. Please allow it to update, if prompted. When finished, it shall produce a log for you. Post that log in your next reply. ====================================== Next, please reset your router as described in post #22 again. However, if there are other infected machines using the same router, they should be disconnected from the router before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. Those machines should not be re-connected to the router until they have been cleaned as well. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using and enter them manually with their help. =============================== In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically. Also look if there are any entries with 85.255.115.99 and 85.255.112.90 and delete them from there. Don't delete any other entries there, only the two I mention above!! Also make sure you do this when your browser is closed. Press OK twice to get out of the properties screen and reboot if it asks. That option might not be avaiable one some systems (These instruction's are basicly for home users.) Then, Go to start > run and copy and paste next command : ipconfig /flushdns Click OK. ====================================== Restart the computer. ====================================== Please run DDS again, and post the fresh DDS.txt along with the Combofix.txt. Remember to re-enable Avast before connecting to internet.
__________________
My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006 Last edited by amateur; 07-07-2009 at 08:25 AM. |
|
|
|
| Thread Tools | |
|
|
