Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nkoskrnl-Hook and others


  • This topic is locked This topic is locked
16 replies to this topic

#1 msrie32

msrie32

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 23 July 2009 - 04:36 PM

Hi,
My teenage son downloaded a song last weekend after I had gone to bed. When I woke up in the morning I found that I could not get the computer to load any icons. After getting the computer into safe mode and running virus scan I was able to get the computer to stay on but the number of viruses and or trojans created a mess. It turned my system restore off somehow or at least disabled it and I lost one of my drives. My virus scan would pick up one or two trojans one minute and if I ran it again an hour later, there would be 38 infections. My spybot stopped working, my malware stopped working and now my virus scan will not come on. If I type anything in my address bar, the system redirects me to other sites. Today it changed my desktop background to read" Your computer is infected with spyware" and "Secure yourself" and it downloaded some System Security Firewall, which I've never heard of. Every program is pretty much infected and nothing will open now. I can still get into safe mode which is where i had to run the DDS. I'm not sure what to do, I don't have a recovery disk. Any help anyone can give me, I would really appreciate it. Here's the DDS from safe mode:

DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by Administrator at 17:16:31.03 on Thu 07/23/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.297 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator.YOUR-7136AA763F\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.emachines.com/
mSearchAssistant = hxxp://www.google.com/ie
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [SpybotDeletingB7294] command /c del "c:\windows\system32\lowsec\local.ds"
uRunOnce: [SpybotDeletingD7773] cmd /c del "c:\windows\system32\lowsec\local.ds"
uRunOnce: [SpybotDeletingB4338] command /c del "c:\windows\system32\lowsec\user.ds"
uRunOnce: [SpybotDeletingD6713] cmd /c del "c:\windows\system32\lowsec\user.ds"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WinLoad32] c:\windows\system32\Winload32.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [13287964] c:\documents and settings\all users\application data\13287964\13287964.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173550138437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\rqRLccYo

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 214024]
R1 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-20 34248]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-3-19 607576]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-30 55152]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-7-20 359952]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\McShield.exe [2009-7-20 144704]
S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-26 14336]
S2 reculbsjoqok;reculbsjoqok;c:\windows\system32\drivers\xrybdfgywsiyrc.sys [2009-7-19 76160]
S2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-15 24652]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-7-20 606736]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-20 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-20 35272]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-20 40552]
S3 N;N;\??\c:\program files\newtech infosystems\nti ripper\ --> c:\program files\newtech infosystems\nti ripper\ [?]

=============== Created Last 30 ================

2009-07-23 12:23 0 a------- C:\DFRB.tmp
2009-07-23 10:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\13287964
2009-07-22 21:47 <DIR> --d----- c:\docume~1\admini~1.you\applic~1\Malwarebytes
2009-07-22 21:42 213,024 a------- c:\windows\system32\drivers\str.sys
2009-07-22 21:00 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 21:00 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-22 21:00 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 21:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-22 20:24 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-07-22 20:11 <DIR> --d----- c:\windows\ERUNT
2009-07-22 20:07 126 a------- c:\docume~1\admini~1.you\applic~1\wklnhst.dat
2009-07-22 02:08 91 a------- c:\windows\system32\T
2009-07-22 02:08 899 a------- c:\windows\system32\C
2009-07-20 21:42 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-07-20 21:42 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-07-20 21:42 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-07-20 21:42 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-07-20 21:41 <DIR> --d----- c:\program files\common files\McAfee
2009-07-20 21:41 <DIR> --d----- c:\program files\McAfee.com
2009-07-20 21:38 34,248 a------- c:\windows\system32\drivers\mferkdk.sys
2009-07-20 19:49 <DIR> --dsh--- c:\documents and settings\administrator.your-7136aa763f\PrivacIE
2009-07-20 17:26 <DIR> --d----- c:\docume~1\admini~1.you\applic~1\MSNInstaller
2009-07-19 20:39 <DIR> --dsh--- c:\documents and settings\administrator.your-7136aa763f\IETldCache
2009-07-19 20:39 <DIR> --d----- c:\documents and settings\administrator.your-7136aa763f\WINDOWS
2009-07-19 20:39 <DIR> --d----- c:\docume~1\admini~1.you\applic~1\McAfee
2009-07-19 20:39 <DIR> --d----- c:\documents and settings\Administrator.YOUR-7136AA763F
2009-07-19 01:40 76,160 a------- c:\windows\system32\drivers\xrybdfgywsiyrc.sys
2009-07-11 21:35 <DIR> --d----- c:\program files\Oberon Media
2009-07-11 18:59 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-07-04 01:38 <DIR> --d----- c:\program files\BitTorrent

==================== Find3M ====================

2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-08 22:31 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-30 14:29 1,144,168 a------- c:\program files\wlsetup-custom.exe
2009-05-30 14:29 1,143,656 a------- c:\program files\wlsetup-web.exe
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-01-31 12:25 16,939,888 a------- c:\program files\IE8-WindowsXP-x86-ENU.exe
2008-07-13 21:19 0 ac------ c:\program files\temp01
2007-03-11 21:02 1,528 ac------ c:\program files\common files\temp.html
2006-05-31 09:14 108,056 ac------ c:\program files\common files\secman.dll
2006-03-11 19:09 626,176 ac------ c:\program files\common files\osmax.ocx
2009-04-12 23:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009041220090413\index.dat

============= FINISH: 17:18:20.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:12:58 AM

Posted 03 August 2009 - 08:44 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 msrie32

msrie32
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 03 August 2009 - 07:05 PM

Hi,
Thank you for your time. My computer still has a trojan. I am constantly redirected when I search for anything and every few days the trojan downloads some security software, changes my desktop background and won't allow me to open anything. I have to boot into safe mode, runt malwarebytes and then I can go back into normal mode. However, every time, I run mcafee or malwarebytes, they always find the same infection. Mcafee finds a ntoskrnl-hook trojan and Malwarebytes finds a generic rootkit trojan. Also when the computer turns on it displays the message "dll load failed" and "hotkey" failed.

Here is my dds log


DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 19:58:17.40 on Mon 08/03/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.113 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\explorer32\winsysmngr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.optimumonline.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uSearch Bar = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = about:blank
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [partbat] c:\docume~1\owner\applic~1\poptim~1\DUPEPEAKMEAL.exe
uRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [DAEMON Tools Pro Agent] "g:\69eyes\roller coaster tycoon 2\crack\daemon tools pro\DTProAgent.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [WinLoad32] c:\windows\system32\Winload32.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: aol.com\free
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173550138437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Filter: text/html - {90ff7b65-61ad-4d5e-b5cd-c6d3fe7ae93c} -
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\rqRLccYo

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 214024]
R1 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-20 34248]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-3-19 607576]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-30 55152]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-7-20 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\McShield.exe [2009-7-20 144704]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-26 14336]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-15 24652]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-7-20 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-20 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-20 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-20 40552]
RUnknown rkeffzt;rkeffzt; [x]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 N;N;\??\c:\program files\newtech infosystems\nti ripper\ --> c:\program files\newtech infosystems\nti ripper\ [?]

=============== Created Last 30 ================

2009-08-03 19:54 61,440 a------- c:\windows\system32\drivers\nmfk.sys
2009-07-30 15:50 8,550 a------- c:\windows\system32\wispex.html
2009-07-30 15:50 <DIR> a-d----- c:\windows\system32\images
2009-07-30 15:46 1,382 a------- c:\windows\system32\onhelp.htm
2009-07-29 20:47 54,156 a---h--- c:\windows\QTFont.qfn
2009-07-28 07:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\17236404
2009-07-27 14:26 1,917 a------- c:\windows\imsins.BAK
2009-07-25 23:14 <DIR> --d----- c:\program files\Trend Micro
2009-07-25 11:43 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-07-25 11:43 <DIR> --d----- c:\program files\MSECACHE
2009-07-23 12:23 0 a------- C:\DFRB.tmp
2009-07-23 10:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\13287964
2009-07-22 21:00 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-07-22 21:00 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 21:00 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-22 21:00 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 21:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-22 20:24 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-07-22 20:11 <DIR> --d----- c:\windows\ERUNT
2009-07-22 02:08 91 a------- c:\windows\system32\T
2009-07-22 02:08 1,213 a------- c:\windows\system32\C
2009-07-20 21:42 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-07-20 21:42 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-07-20 21:42 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-07-20 21:42 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-07-20 21:41 <DIR> --d----- c:\program files\common files\McAfee
2009-07-20 21:41 <DIR> --d----- c:\program files\McAfee.com
2009-07-20 21:38 34,248 a------- c:\windows\system32\drivers\mferkdk.sys
2009-07-11 21:35 <DIR> --d----- c:\program files\Oberon Media
2009-07-11 18:59 <DIR> --d----- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2009-07-28 20:30 29,120 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-08 22:31 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-30 14:29 1,144,168 a------- c:\program files\wlsetup-custom.exe
2009-05-30 14:29 1,143,656 a------- c:\program files\wlsetup-web.exe
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-03-29 00:58 34 ac------ c:\documents and settings\owner\jagex_runescape_preferences.dat
2009-01-31 12:25 16,939,888 a------- c:\program files\IE8-WindowsXP-x86-ENU.exe
2008-07-13 21:19 0 ac------ c:\program files\temp01
2007-07-21 00:26 47,360 ac------ c:\docume~1\owner\applic~1\pcouffin.sys
2007-07-21 00:26 87,608 a------- c:\docume~1\owner\applic~1\inst.exe
2007-03-11 21:02 1,528 ac------ c:\program files\common files\temp.html
2006-05-31 09:14 108,056 ac------ c:\program files\common files\secman.dll
2006-03-11 19:09 626,176 ac------ c:\program files\common files\osmax.ocx

============= FINISH: 20:00:13.00 ===============


Thank you very much for any help you can give me.

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 04 August 2009 - 01:14 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

Disable Realtime Protection
Antimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click the GMER program ******.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.

In your next reply include:
-the ComboFix log
-the GMER scan log

Please also tell me of any changes you have made to your computer since you started your topic.

With Regards,
The Panda

#5 msrie32

msrie32
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 04 August 2009 - 08:43 PM

Hi,
Again, thank you so much for helping me!
I haven't made any changes to the computer but every day I have to run a Malware Antibytes because the pop ups take over. That seems to take them away but it was still finding the same rootkit trojan every time. I ran the combofix and gmer tonight and the computer is acting much better. Google is no longer redirecting me. I've also noticed that my system restore is back on.

Here are the logs:
Combofix:

ComboFix 09-08-04.01 - Owner 08/04/2009 17:13.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.194 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DFRB.tmp
c:\docume~1\Owner\APPLIC~1\inst.exe
c:\documents and settings\Owner\Application Data\inst.exe
c:\documents and settings\Owner\Favorites\Sector 9 BH2 Deck 10 x 46 - Skate Shop Skateboard Parts .url
c:\documents and settings\Owner\My Documents\Brooks & Dunn - Cowboy Town .mp3
c:\program files\outlook
c:\recycler\S-1-5-21-4248517188-2265326976-783973917-1003
c:\windows\IA
c:\windows\Installer\5c418e.msp
c:\windows\Installer\5c418f.msp
c:\windows\Installer\5c4190.msp
c:\windows\Installer\5c4191.msp
c:\windows\Installer\5c4192.msp
c:\windows\Installer\5c4193.msp
c:\windows\Installer\5c4194.msp
c:\windows\Installer\5c4195.msp
c:\windows\Installer\5c4196.msp
c:\windows\Installer\5c4197.msp
c:\windows\Installer\8dafb88.msi
c:\windows\Installer\8dafb89.msp
c:\windows\Installer\8dafb8a.msp
c:\windows\Installer\8dafb8b.msp
c:\windows\Installer\8dafb8c.msp
c:\windows\Installer\8dafb8d.msp
c:\windows\Installer\8dafb8e.msp
c:\windows\Installer\8dafb8f.msp
c:\windows\Installer\8dafb90.msp
c:\windows\Installer\8dafb91.msp
c:\windows\system32\drivers\geyekrmxgwqjuo.sys
c:\windows\system32\ethcnsxt.exe
c:\windows\system32\geyekrdxnvnham.dll
c:\windows\system32\geyekriuwmdxbv.dll
c:\windows\system32\geyekrlog.dat
c:\windows\system32\geyekrnkcvjrvb.dat
c:\windows\system32\geyekrsinexyiq.dat
c:\windows\system32\temp.exe
c:\windows\system32\zip32.dll
C:\xcrashdump.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_geyekrtjeylbsc
-------\Legacy_TNIDRIVER


((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.

2009-08-04 12:21 . 2009-08-04 12:21 -------- d-----w- c:\program files\PrivacyCenter
2009-07-30 19:50 . 2008-11-27 22:47 -------- d---a-w- c:\windows\system32\images
2009-07-28 11:57 . 2009-07-28 17:43 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\17236404
2009-07-26 03:14 . 2009-07-26 03:14 -------- d-----w- c:\program files\Trend Micro
2009-07-25 15:43 . 2009-07-25 15:43 3584 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-07-25 15:43 . 2009-07-25 15:43 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-07-25 15:43 . 2009-07-25 15:43 -------- d-----w- c:\program files\MSECACHE
2009-07-23 21:24 . 2009-07-28 19:13 -------- d-----w- c:\documents and settings\Administrator.YOUR-7136AA763F\Tracing
2009-07-23 14:56 . 2009-07-23 22:07 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\13287964
2009-07-23 01:47 . 2009-07-23 01:47 -------- d-----w- c:\documents and settings\Administrator.YOUR-7136AA763F\Application Data\Malwarebytes
2009-07-23 01:00 . 2009-07-23 01:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-23 01:00 . 2009-07-23 01:00 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Malwarebytes
2009-07-23 01:00 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-23 01:00 . 2009-07-23 01:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-23 01:00 . 2009-07-23 01:00 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-23 01:00 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-23 00:24 . 2009-07-23 00:24 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-07-23 00:11 . 2009-07-23 00:11 -------- d-----w- c:\windows\ERUNT
2009-07-23 00:07 . 2009-07-23 00:07 -------- d-----w- c:\documents and settings\Administrator.YOUR-7136AA763F\Application Data\Template
2009-07-21 01:42 . 2009-05-14 03:25 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-21 01:42 . 2009-05-14 03:25 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-07-21 01:42 . 2009-05-14 03:25 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-21 01:42 . 2009-04-09 18:23 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-21 01:41 . 2009-07-21 01:42 -------- d-----w- c:\program files\Common Files\McAfee
2009-07-21 01:41 . 2009-07-21 01:41 -------- d-----w- c:\program files\McAfee.com
2009-07-21 01:38 . 2009-05-14 03:24 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-07-20 23:49 . 2009-07-20 23:49 -------- d-sh--w- c:\documents and settings\Administrator.YOUR-7136AA763F\PrivacIE
2009-07-20 21:26 . 2009-07-20 21:27 -------- d-----w- c:\documents and settings\Administrator.YOUR-7136AA763F\Application Data\MSNInstaller
2009-07-20 21:26 . 2009-07-20 21:27 -------- d-----w- c:\documents and settings\Administrator.YOUR-7136AA763F\Application Data\MSN6
2009-07-19 23:58 . 2009-07-19 23:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-12 01:35 . 2009-07-12 01:35 -------- d-----w- c:\program files\Oberon Media
2009-07-11 22:59 . 2009-07-11 22:59 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 01:09 . 2007-05-24 02:32 -------- d-----w- c:\program files\RealArcade
2009-08-01 17:09 . 2006-06-12 02:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-31 09:08 . 2009-05-30 18:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 00:30 . 2006-06-12 06:20 29120 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-07-29 00:30 . 2006-06-12 06:20 29120 ----a-w- c:\docume~1\Owner\APPLIC~1\wklnhst.dat
2009-07-26 01:37 . 2008-08-19 21:32 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-25 04:36 . 2009-02-03 19:59 -------- d-----w- c:\program files\AGE of empires
2009-07-23 00:07 . 2009-07-23 00:07 126 ----a-w- c:\documents and settings\Administrator.YOUR-7136AA763F\Application Data\wklnhst.dat
2009-07-21 04:44 . 2007-11-30 17:28 -------- d-----w- c:\program files\Pivot Stickfigure Animator
2009-07-21 02:31 . 2006-06-12 03:08 -------- d-----w- c:\program files\McAfee
2009-07-21 01:51 . 2009-01-31 16:19 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2009-07-21 01:51 . 2009-01-31 16:19 -------- d-----w- c:\docume~1\Owner\APPLIC~1\MSN6
2009-07-21 01:47 . 2006-06-12 03:08 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee
2009-07-20 14:46 . 2007-07-20 17:28 -------- d-----w- c:\program files\VSO
2009-07-19 23:48 . 2008-04-24 01:02 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-07-19 23:48 . 2008-04-24 01:02 -------- d-----w- c:\docume~1\Owner\APPLIC~1\DNA
2009-07-19 05:41 . 2008-05-14 15:43 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2009-07-19 05:41 . 2008-05-14 15:43 -------- d-----w- c:\docume~1\Owner\APPLIC~1\BitTorrent
2009-07-16 21:42 . 2008-04-27 01:36 -------- d-----w- c:\program files\MSN Games
2009-07-12 02:36 . 2007-05-07 22:40 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-04 05:38 . 2009-07-04 05:38 -------- d-----w- c:\program files\BitTorrent
2009-07-03 17:09 . 2004-08-26 16:12 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-19 06:32 . 2009-06-19 06:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Research In Motion
2009-06-19 06:32 . 2009-06-19 06:32 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Research In Motion
2009-06-19 06:31 . 2009-06-19 06:31 -------- d-----w- c:\program files\Common Files\Pumatech Shared
2009-06-19 06:29 . 2009-06-19 06:29 -------- d-----w- c:\program files\Research In Motion
2009-06-16 14:36 . 2004-08-26 16:12 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-26 16:11 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 03:54 . 2009-06-16 03:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Any Video Converter
2009-06-16 03:54 . 2009-06-16 03:53 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Any Video Converter
2009-06-09 03:03 . 2009-06-09 03:03 -------- d-----w- c:\program files\Infogrames
2009-06-09 02:42 . 2009-06-09 02:31 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Pro
2009-06-09 02:42 . 2009-06-09 02:31 -------- d-----w- c:\docume~1\Owner\APPLIC~1\DAEMON Tools Pro
2009-06-09 02:38 . 2009-06-09 02:38 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\DAEMON Tools Pro
2009-06-09 02:31 . 2009-06-09 02:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-06 18:58 . 2009-06-06 18:58 -------- d-----w- c:\documents and settings\Owner\Application Data\KodakCredentialStore
2009-06-06 18:58 . 2009-06-06 18:58 -------- d-----w- c:\docume~1\Owner\APPLIC~1\KodakCredentialStore
2009-06-06 18:57 . 2009-06-06 18:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Skinux
2009-06-06 18:57 . 2009-06-06 18:57 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Skinux
2009-06-06 18:53 . 2009-06-06 18:45 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Kodak
2009-06-06 18:52 . 2009-06-06 18:52 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ArcSoft
2009-06-06 18:52 . 2007-08-26 21:48 -------- d-----w- c:\documents and settings\Owner\Application Data\ArcSoft
2009-06-06 18:52 . 2007-08-26 21:48 -------- d-----w- c:\docume~1\Owner\APPLIC~1\ArcSoft
2009-06-06 18:51 . 2007-08-26 21:43 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-06-06 18:51 . 2009-06-06 18:51 -------- d-----w- c:\program files\ArcSoft
2009-06-06 18:51 . 2009-06-06 18:47 -------- d-----w- c:\program files\Kodak
2009-06-06 18:50 . 2009-06-06 18:49 -------- d-----w- c:\program files\Common Files\Kodak
2009-06-04 03:22 . 2009-06-04 03:22 390664 ----a-w- c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-06-03 19:09 . 2004-08-26 16:12 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-30 18:30 . 2006-06-15 19:56 56560 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-30 18:29 . 2009-05-30 18:29 1144168 ----a-w- c:\program files\wlsetup-custom.exe
2009-05-30 18:29 . 2009-05-30 18:29 1143656 ----a-w- c:\program files\wlsetup-web.exe
2009-05-14 03:25 . 2009-05-14 03:25 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-05-07 15:32 . 2004-08-26 16:11 345600 ----a-w- c:\windows\system32\localspl.dll
2009-01-31 16:25 . 2009-01-31 16:23 16939888 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2008-07-14 01:19 . 2008-07-14 01:19 0 -c--a-w- c:\program files\temp01
2007-03-12 01:02 . 2007-03-12 01:00 1528 -c--a-w- c:\program files\Common Files\temp.html
2006-05-31 13:14 . 2006-05-31 13:14 108056 -c--a-w- c:\program files\Common Files\secman.dll
2006-03-11 23:09 . 2006-03-11 23:09 626176 -c--a-w- c:\program files\Common Files\osmax.ocx
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]
"WinLoad32"="c:\windows\system32\Winload32.exe" [2006-09-18 65536]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-05-01 645328]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-05-18 543232]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2003-09-19 36864]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-09-25 2559488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PrivacyCenter"="c:\program files\PrivacyCenter\protector.exe" [2009-08-04 1148928]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Hasbro Interactive\\Monopoly\\MONOPOLY.ICD"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\My Backup -- 11-06-06 1943\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\bittorrent.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/30/2009 2:36 PM 55152]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/26/2004 12:12 PM 14336]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/15/2007 2:13 AM 24652]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 N;N;\??\c:\program files\NewTech Infosystems\NTI Ripper\ --> c:\program files\NewTech Infosystems\NTI Ripper\ [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}]
c:\windows\Winload3232.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{BF98DD74-148C-4A86-A6F3-7571F810D650} - c:\windows\Temp\~72.dll
Toolbar-Locked - (no file)
HKCU-Run-partbat - c:\docume~1\Owner\APPLIC~1\POPTIM~1\DUPEPEAKMEAL.exe
HKCU-Run-PCTAVApp - c:\program files\PC Tools AntiVirus\PCTAV.exe
HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe
HKCU-Run-DAEMON Tools Pro Agent - g:\69eyes\Roller Coaster Tycoon 2\Crack\DAEMON Tools Pro\DTProAgent.exe
SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys
MSConfigStartUp-CTFMON - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optimumonline.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = about:blank
IE: {{5199201E-60B4-11DE-85CF-260556D89593} - c:\program files\PrivacyCenter\protector.exe
Trusted Zone: aol.com\free
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 17:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\N]
"ImagePath"="\??\c:\program files\NewTech Infosystems\NTI Ripper\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1304)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\explorer32\WinSysMngr32.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-08-04 17:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-04 21:34

Pre-Run: 125,778,341,888 bytes free
Post-Run: 125,804,953,600 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

300 --- E O F --- 2009-07-31 07:00

GMER LOG:
GMER 1.0.15.15011 [9wc41ii6.exe] - http://www.gmer.net
Rootkit scan 2009-08-04 21:38:25
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT spib.sys ZwCreateKey [0xF83340E0]
SSDT spib.sys ZwEnumerateKey [0xF8352CA4]
SSDT spib.sys ZwEnumerateValueKey [0xF8353032]
SSDT spib.sys ZwOpenKey [0xF83340C0]
SSDT spib.sys ZwQueryKey [0xF835310A]
SSDT spib.sys ZwQueryValueKey [0xF8352F8A]
SSDT spib.sys ZwSetValueKey [0xF835319C]

INT 0x62 ? 82FDDBF8
INT 0x63 ? 82DC1BF8
INT 0x73 ? 82DC1BF8
INT 0xA4 ? 82DC1BF8
INT 0xB4 ? 82FDDBF8
INT 0xB4 ? 82FDDBF8
INT 0xB4 ? 82DC1BF8
INT 0xB4 ? 82FDDBF8

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAA09F4EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAA09F498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAA09F4AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAA09F52A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAA09F470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAA09F484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAA09F4FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAA09F4D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAA09F4C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAA09F559]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAA09F540]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAA09F514]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8050223C 7 Bytes JMP AA09F518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8056E2FC 5 Bytes JMP AA09F4EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A7500 7 Bytes JMP AA09F52E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8316 5 Bytes JMP AA09F544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805ADA94 7 Bytes JMP AA09F502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C1322 5 Bytes JMP AA09F474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C15AE 5 Bytes JMP AA09F488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805C3DE0 5 Bytes JMP AA09F4C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73F6 7 Bytes JMP AA09F4B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805C74AC 5 Bytes JMP AA09F49C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805C79B6 5 Bytes JMP AA09F4DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CB6 5 Bytes JMP AA09F55D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? spib.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F7F238AC 5 Bytes JMP 82DC11D8

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[624] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[624] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0F72
.text C:\WINDOWS\system32\svchost.exe[624] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA005D
.text C:\WINDOWS\system32\svchost.exe[624] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0F83
.text C:\WINDOWS\system32\svchost.exe[624] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0F94
.text C:\WINDOWS\system32\svchost.exe[624] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA002C
.text C:\WINDOWS\system32\svchost.exe[624] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA0F3C
.text C:\WINDOWS\system32\svchost.exe[624] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA008E
.text C:\WINDOWS\system32\svchost.exe[624] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA0F1A
.text C:\WINDOWS\system32\svchost.exe[624] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0F2B
.text C:\WINDOWS\system32\svchost.exe[624] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA0EF5
.text C:\WINDOWS\system32\svchost.exe[624] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0FA5
.text C:\WINDOWS\system32\svchost.exe[624] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[624] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0F57
.text C:\WINDOWS\system32\svchost.exe[624] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA001B
.text C:\WINDOWS\system32\svchost.exe[624] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FCA
.text C:\WINDOWS\system32\svchost.exe[624] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA00A9
.text C:\WINDOWS\system32\svchost.exe[624] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FC3
.text C:\WINDOWS\system32\svchost.exe[624] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930F86
.text C:\WINDOWS\system32\svchost.exe[624] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FDE
.text C:\WINDOWS\system32\svchost.exe[624] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[624] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930039
.text C:\WINDOWS\system32\svchost.exe[624] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[624] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930F97
.text C:\WINDOWS\system32\svchost.exe[624] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[624] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FB2
.text C:\WINDOWS\system32\svchost.exe[624] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920FB7
.text C:\WINDOWS\system32\svchost.exe[624] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920042
.text C:\WINDOWS\system32\svchost.exe[624] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FD2
.text C:\WINDOWS\system32\svchost.exe[624] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0092000C
.text C:\WINDOWS\system32\svchost.exe[624] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920027
.text C:\WINDOWS\system32\svchost.exe[624] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920FE3
.text C:\WINDOWS\system32\svchost.exe[624] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 0090000A
.text C:\WINDOWS\system32\svchost.exe[624] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[624] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00900FDE
.text C:\WINDOWS\system32\svchost.exe[624] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00900FC3
.text C:\WINDOWS\system32\svchost.exe[624] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910000
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F29
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F3A
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070F4B
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070F72
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070F94
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F0E
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070054
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0007007B
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070EE2
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0007008C
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070F83
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!CreatePipe 7C81D83F 1 Byte [E9]
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070043
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070FAF
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[776] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070EF3
.text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0006004A
.text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060FBC
.text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060FCD
.text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060FDE
.text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 88]
.text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060065
.text C:\WINDOWS\system32\services.exe[776] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050020
.text C:\WINDOWS\system32\services.exe[776] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050F95
.text C:\WINDOWS\system32\services.exe[776] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FB7
.text C:\WINDOWS\system32\services.exe[776] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[776] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FA6
.text C:\WINDOWS\system32\services.exe[776] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FD2
.text C:\WINDOWS\system32\services.exe[776] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F40000
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F40F83
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F4006E
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F40F94
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F40FA5
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F40FB6
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F40F37
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F40089
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F400AB
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F40F12
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F400C6
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F4003D
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F40FDB
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F40F5E
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F40022
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F40011
.text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F4009A
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F30FC3
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F30F72
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F30FD4
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F30000
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F30F8D
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F30FE5
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F3002F
.text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F30FA8
.text C:\WINDOWS\system32\lsass.exe[788] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F20F9F
.text C:\WINDOWS\system32\lsass.exe[788] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F20FB0
.text C:\WINDOWS\system32\lsass.exe[788] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F20FD2
.text C:\WINDOWS\system32\lsass.exe[788] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F20000
.text C:\WINDOWS\system32\lsass.exe[788] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F20FC1
.text C:\WINDOWS\system32\lsass.exe[788] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F20FE3
.text C:\WINDOWS\system32\lsass.exe[788] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0F44
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0F5F
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0F70
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0F8D
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0FB2
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC0F0E
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0F29
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC0096
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC0EF3
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC00A7
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC002F
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC0054
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0FCD
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0FDE
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC0071
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BB0025
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BB0080
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BB0014
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BB0FDE
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BB0065
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BB0054
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BB0FC3
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BA003D
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BA0FB2
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BA0018
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BA0FC3
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BA0FDE
.text C:\WINDOWS\system32\svchost.exe[940] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0098
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0087
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE0FAD
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE006C
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0040
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE00BF
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE0F77
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE00D0
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE0F37
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE00E1
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE005B
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE0FDE
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE0F88
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE002F
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE0014
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE0F5C
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BD0FA5
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BD0F57
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BD0FCA
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BD0F68
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BD0F83
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DD, 88]
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BD0F94
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BC005F
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BC004E
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BC0033
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 034B0FE5
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 034B0082
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 034B0F8D
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 034B0F9E
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 034B0FAF
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 034B003D
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 034B00C4
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 034B0F72
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 034B00FA
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 034B0F57
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 034B0115
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 034B0FC0
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 034B0000
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 034B009D
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 034B002C
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 034B0011
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 034B00D5
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 034A001B
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 034A0F83
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 034A0FD4
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 034A000A
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 034A0F94
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 034A0FEF
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 034A0040
.text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 034A0FAF
.text C:\WINDOWS\System32\svchost.exe[1096] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03490031
.text C:\WINDOWS\System32\svchost.exe[1096] msvcrt.dll!system 77C293C7 5 Bytes JMP 03490016
.text C:\WINDOWS\System32\svchost.exe[1096] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03490FC1
.text C:\WINDOWS\System32\svchost.exe[1096] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03490FEF
.text C:\WINDOWS\System32\svchost.exe[1096] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03490FA6
.text C:\WINDOWS\System32\svchost.exe[1096] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03490FD2
.text C:\WINDOWS\System32\svchost.exe[1096] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01620000
.text C:\WINDOWS\System32\svchost.exe[1096] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 01610000
.text C:\WINDOWS\System32\svchost.exe[1096] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 0161001B
.text C:\WINDOWS\System32\svchost.exe[1096] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 01610FE5
.text C:\WINDOWS\System32\svchost.exe[1096] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 01610FD4
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650F6D
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0065006C
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650051
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650F94
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650036
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0065009A
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0065007D
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006500D0
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006500B5
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00650F1C
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00650FAF
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00650F5C
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00650FCA
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0065001B
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00650F37
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00640FA5
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0064003D
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00640FC0
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0064002C
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00640FE5
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0064001B
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00640F94
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630FB2
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630033
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630018
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00630FC3
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00630FDE
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00770000
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0077009A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00770089
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00770078
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0077005B
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00770FCA
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007700DC
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007700B5
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00770108
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007700F7
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0077012D
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00770FB9
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00770011
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00770F8A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00770FE5
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00770036
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00770F79
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00760FD1
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00760FB6
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0076002C
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0076001B
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00760069
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00760000
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00760058
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00760047
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00750FB5
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!system 77C293C7 5 Bytes JMP 00750040
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00750011
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00750000
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00750FC6
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00750FD7
.text C:\WINDOWS\system32\svchost.exe[1284] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00740000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1496] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1496] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C0FE5
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009C0F94
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009C0FAF
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009C007D
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009C006C
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009C0040
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009C00B5
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009C0F6D
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009C0F48
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009C00E1
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009C00FC
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009C0051
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009C00A4
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009C0FCA
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009C001B
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009C00D0
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B001B
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B0FAF
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B0FD4
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009B0F5E
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009B0F79
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BB, 88]
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009B0F8A
.text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0FAF
.text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A0FD4
.text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0FE5
.text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0000
.text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A0044
.text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A0029
.text C:\WINDOWS\system32\svchost.exe[1500] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00990FEF
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011B0000
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 011B0F77
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 011B006C
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 011B0F9E
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 011B0FAF
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 011B0FCA
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011B00A9
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 011B0098
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011B0F2B
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011B0F3C
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 011B00E9
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 011B0051
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 011B0FE5
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 011B0087
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 011B002C
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 011B001B
.text C:\WINDOWS\Explorer.EXE[1516] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 011B00C4
.text C:\WINDOWS\Explorer.EXE[1516] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 011A0014
.text C:\WINDOWS\Explorer.EXE[1516] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 011A0F80
.text C:\WINDOWS\Explorer.EXE[1516] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 011A0FB9
.text C:\WINDOWS\Explorer.EXE[1516] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 011A0FD4
.text C:\WINDOWS\Explorer.EXE[1516] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 011A0047
.text C:\WINDOWS\Explorer.EXE[1516] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 011A0FE5
.text C:\WINDOWS\Explorer.EXE[1516] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 011A0036
.text C:\WINDOWS\Explorer.EXE[1516] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 011A0025
.text C:\WINDOWS\Explorer.EXE[1516] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01190FB7
.text C:\WINDOWS\Explorer.EXE[1516] msvcrt.dll!system 77C293C7 5 Bytes JMP 01190038
.text C:\WINDOWS\Explorer.EXE[1516] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01190016
.text C:\WINDOWS\Explorer.EXE[1516] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01190FEF
.text C:\WINDOWS\Explorer.EXE[1516] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01190027
.text C:\WINDOWS\Explorer.EXE[1516] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01190FD2
.text C:\WINDOWS\Explorer.EXE[1516] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 01180FEF
.text C:\WINDOWS\Explorer.EXE[1516] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 0118000A
.text C:\WINDOWS\Explorer.EXE[1516] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 01180FDE
.text C:\WINDOWS\Explorer.EXE[1516] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 0118002F
.text C:\WINDOWS\Explorer.EXE[1516] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01B00000
.text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B80087
.text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B80F92
.text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B80FAF
.text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B8006C
.text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B80051
.text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B800BD
.text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B800AC
.text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B800F3
.text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B800E2
.text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B80F49
.text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B80FCA
.text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B80011
.text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B80F81
.text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B80FDB
.text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B8002C
.text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B80F5A
.text C:\WINDOWS\system32\svchost.exe[2028] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B70FDB
.text C:\WINDOWS\system32\svchost.exe[2028] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B70F79
.text C:\WINDOWS\system32\svchost.exe[2028] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B7002C
.text C:\WINDOWS\system32\svchost.exe[2028] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B7001B
.text C:\WINDOWS\system32\svchost.exe[2028] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B70F94
.text C:\WINDOWS\system32\svchost.exe[2028] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B70000
.text C:\WINDOWS\system32\svchost.exe[2028] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B70FAF
.text C:\WINDOWS\system32\svchost.exe[2028] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D7, 88]
.text C:\WINDOWS\system32\svchost.exe[2028] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B70FC0
.text C:\WINDOWS\system32\svchost.exe[2028] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B60F9F
.text C:\WINDOWS\system32\svchost.exe[2028] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B60FB0
.text C:\WINDOWS\system32\svchost.exe[2028] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B60FD2
.text C:\WINDOWS\system32\svchost.exe[2028] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B60000
.text C:\WINDOWS\system32\svchost.exe[2028] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B60FC1
.text C:\WINDOWS\system32\svchost.exe[2028] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B60FE3

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8335042] spib.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F833513E] spib.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F83350C0] spib.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8335800] spib.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F83356D6] spib.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8344E9C] spib.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82FCC1F8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \FatCdrom 82D00500

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\USBSTOR \Device\0000009e 829681F8
Device \Driver\usbuhci \Device\USBPDO-0 82DC01F8
Device \Driver\usbuhci \Device\USBPDO-1 82DC01F8
Device \Driver\usbuhci \Device\USBPDO-2 82DC01F8
Device \Driver\usbuhci \Device\USBPDO-3 82DC01F8
Device \Driver\USBSTOR \Device\000000a0 829681F8
Device \Driver\usbehci \Device\USBPDO-4 82D931F8

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\USBSTOR \Device\000000a1 829681F8
Device \Driver\USBSTOR \Device\000000a2 829681F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 82FDE1F8
Device \Driver\USBSTOR \Device\000000a3 829681F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 82FDE1F8
Device \Driver\Cdrom \Device\CdRom0 82D661F8
Device \Driver\Cdrom \Device\CdRom1 82D661F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 82AF41F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5322FDC8-0921-4082-9A0D-B56462B73CE3} 82AF41F8
Device \Driver\NetBT \Device\NetbiosSmb 82AF41F8

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBFDO-0 82DC01F8
Device \Driver\usbuhci \Device\USBFDO-1 82DC01F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 829C71F8
Device \Driver\usbuhci \Device\USBFDO-2 82DC01F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 829C71F8
Device \Driver\usbuhci \Device\USBFDO-3 82DC01F8
Device \Driver\usbehci \Device\USBFDO-4 82D931F8
Device \Driver\Ftdisk \Device\FtControl 82FDE1F8
Device \FileSystem\Fastfat \Fat 82D00500

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs 82CE0500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\geyekrtjeylbsc@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrtjeylbsc@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrtjeylbsc@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrtjeylbsc@imagepath \systemroot\system32\drivers\geyekrmxgwqjuo.sys
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrtjeylbsc\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrtjeylbsc\main@aid 10234
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrtjeylbsc\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrtjeylbsc\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrtjeylbsc\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrtjeylbsc\main\injector@* geyekrwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrtjeylbsc\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrtjeylbsc\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrtjeylbsc\modules@geyekrrk.sys \systemroot\system32\drivers\geyekrmxgwqjuo.sys
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrtjeylbsc\modules@geyekrcmd.dll \systemroot\system32\geyekrdxnvnham.dll
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrtjeylbsc\modules@geyekrlog.dat \systemroot\system32\geyekrnkcvjrvb.dat
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrtjeylbsc\modules@geyekrwsp.dll \systemroot\system32\geyekriuwmdxbv.dll
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrtjeylbsc\modules@geyekr.dat \systemroot\system32\geyekrsinexyiq.dat
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 G:\69eyes\Roller Coaster Tycoon 2\Crack\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x81 0xF5 0x99 0x67 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x47 0x41 0xBF ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x85 0x1B 0x26 0xE3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 G:\69eyes\Roller Coaster Tycoon 2\Crack\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x81 0xF5 0x99 0x67 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x47 0x41 0xBF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x85 0x1B 0x26 0xE3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 G:\69eyes\Roller Coaster Tycoon 2\Crack\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x81 0xF5 0x99 0x67 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9E 0x47 0x41 0xBF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x85 0x1B 0x26 0xE3 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 60: copy of MBR

---- EOF - GMER 1.0.15 ----

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 04 August 2009 - 09:04 PM

Hello msrie32.

Let's finish that off.

Run ComboFix with CFScript
We will run ComboFix again with a script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    File::
    c:\program files\temp01
    c:\windows\system32\Winload32.exe
    c:\windows\Winload3232.exe
    
    Folder::
    c:\program files\PrivacyCenter
    c:\docume~1\ALLUSE~1\APPLIC~1\13287964
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinLoad32"=-
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "PrivacyCenter"=-
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}]
    
    Driver::
    NwSapAgent
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Download and run MalwareBytes Anti-Malware
If you already have MBAM installed, simply update and run a quick scan.

Please download Malwarebytes Anti-Malware setup and to your desktop.
alternate download link 1
alternate download link 2

Refer to the steps given here on installing MalwareBytes, running the scan, and saving the log file (not on using File Assasin).
  • If you have trouble updating, try the other mirror download site.
  • Should the computer in question not be able update using the normal method download the update file from here, using another machine if needed. Simply double click the file to install the updates.
  • If MalwareBytes asks to reboot to remove certain items, do so right away.
Please include the scan logfile in your next reply.

Download and Run MBR
  • Please download MBR.exe to your desktop.
  • Double click the file to run it.
  • You will see a black command prompt window open then close. A file named mbr.txt will appear on your desktop. Open it and copy its contents into your next reply.
With Regards,
The Panda

#7 msrie32

msrie32
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 04 August 2009 - 11:01 PM

Hi again,

I did the combo fix, but I don't know if I did it right. In between scans, I had deleted the Privacy Center program already so when I did the second combo fix, it didn't find that file. The popups for the program were so bad that I couldn't really open anything. It did delete my old version of Diner dash which is fine. Everything else worked great! Just one more question, I'm still getting an error message that pops up when the computer reboots. It says Hotkey failed. Is that a symptom of something else? (It only started with the viruses/trojans)

Here's the new combo fix log:
ComboFix 09-08-04.03 - Owner 08/04/2009 22:26.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.211 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
* Created a new restore point

FILE ::
"c:\program files\temp01"
"c:\windows\system32\Winload32.exe"
"c:\windows\Winload3232.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ALLUSE~1\APPLIC~1\13287964
c:\docume~1\ALLUSE~1\APPLIC~1\13287964\13287964
c:\program files\temp01
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\foodtray.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\actionpoints.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\career.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\customer.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\endless.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\global.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\powerups.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\radio.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\stereo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\family.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help_dividerline.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_noise.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_score.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_servefood.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\playfirstlogo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\entername.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help1.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\decor_lines.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\lives_icon.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\noisering.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_base.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_hand.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\dinerdash2.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\Winload32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NWSAPAGENT
-------\Service_NwSapAgent


((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 )))))))))))))))))))))))))))))))
.

2009-07-30 19:50 . 2008-11-27 22:47 -------- d---a-w- c:\windows\system32\images
2009-07-28 11:57 . 2009-07-28 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\17236404
2009-07-26 03:14 . 2009-07-26 03:14 -------- d-----w- c:\program files\Trend Micro
2009-07-25 15:43 . 2009-07-25 15:43 3584 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-07-25 15:43 . 2009-07-25 15:43 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-07-25 15:43 . 2009-07-25 15:43 -------- d-----w- c:\program files\MSECACHE
2009-07-23 21:24 . 2009-07-28 19:13 -------- d-----w- c:\documents and settings\Administrator.YOUR-7136AA763F\Tracing
2009-07-23 01:47 . 2009-07-23 01:47 -------- d-----w- c:\documents and settings\Administrator.YOUR-7136AA763F\Application Data\Malwarebytes
2009-07-23 01:00 . 2009-07-23 01:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-23 01:00 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-23 01:00 . 2009-07-23 01:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-23 01:00 . 2009-07-23 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-23 01:00 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-23 00:24 . 2009-07-23 00:24 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-07-23 00:11 . 2009-07-23 00:11 -------- d-----w- c:\windows\ERUNT
2009-07-23 00:07 . 2009-07-23 00:07 -------- d-----w- c:\documents and settings\Administrator.YOUR-7136AA763F\Application Data\Template
2009-07-21 01:42 . 2009-05-14 03:25 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-21 01:42 . 2009-05-14 03:25 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-07-21 01:42 . 2009-05-14 03:25 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-21 01:42 . 2009-04-09 18:23 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-21 01:41 . 2009-07-21 01:42 -------- d-----w- c:\program files\Common Files\McAfee
2009-07-21 01:41 . 2009-07-21 01:41 -------- d-----w- c:\program files\McAfee.com
2009-07-21 01:38 . 2009-05-14 03:24 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-07-20 23:49 . 2009-07-20 23:49 -------- d-sh--w- c:\documents and settings\Administrator.YOUR-7136AA763F\PrivacIE
2009-07-20 21:26 . 2009-07-20 21:27 -------- d-----w- c:\documents and settings\Administrator.YOUR-7136AA763F\Application Data\MSNInstaller
2009-07-20 21:26 . 2009-07-20 21:27 -------- d-----w- c:\documents and settings\Administrator.YOUR-7136AA763F\Application Data\MSN6
2009-07-19 23:58 . 2009-07-19 23:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-12 01:35 . 2009-07-12 01:35 -------- d-----w- c:\program files\Oberon Media
2009-07-11 22:59 . 2009-07-11 22:59 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 02:36 . 2009-06-06 18:52 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2009-08-02 01:09 . 2007-05-24 02:32 -------- d-----w- c:\program files\RealArcade
2009-08-01 17:09 . 2006-06-12 02:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-31 09:08 . 2009-05-30 18:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 00:30 . 2006-06-12 06:20 29120 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-07-26 01:37 . 2008-08-19 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-25 04:36 . 2009-02-03 19:59 -------- d-----w- c:\program files\AGE of empires
2009-07-23 00:07 . 2009-07-23 00:07 126 ----a-w- c:\documents and settings\Administrator.YOUR-7136AA763F\Application Data\wklnhst.dat
2009-07-21 04:44 . 2007-11-30 17:28 -------- d-----w- c:\program files\Pivot Stickfigure Animator
2009-07-21 02:31 . 2006-06-12 03:08 -------- d-----w- c:\program files\McAfee
2009-07-21 01:51 . 2009-01-31 16:19 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2009-07-21 01:47 . 2006-06-12 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-20 14:46 . 2007-07-20 17:28 -------- d-----w- c:\program files\VSO
2009-07-19 23:48 . 2008-04-24 01:02 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-07-19 05:41 . 2008-05-14 15:43 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2009-07-16 21:42 . 2008-04-27 01:36 -------- d-----w- c:\program files\MSN Games
2009-07-12 02:36 . 2007-05-07 22:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-04 05:38 . 2009-07-04 05:38 -------- d-----w- c:\program files\BitTorrent
2009-07-03 17:09 . 2004-08-26 16:12 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-19 06:32 . 2009-06-19 06:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Research In Motion
2009-06-19 06:31 . 2009-06-19 06:31 -------- d-----w- c:\program files\Common Files\Pumatech Shared
2009-06-19 06:29 . 2009-06-19 06:29 -------- d-----w- c:\program files\Research In Motion
2009-06-16 14:36 . 2004-08-26 16:12 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-26 16:11 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 03:54 . 2009-06-16 03:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Any Video Converter
2009-06-09 03:03 . 2009-06-09 03:03 -------- d-----w- c:\program files\Infogrames
2009-06-09 02:42 . 2009-06-09 02:31 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Pro
2009-06-09 02:38 . 2009-06-09 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-06-09 02:31 . 2009-06-09 02:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-06 18:58 . 2009-06-06 18:58 -------- d-----w- c:\documents and settings\Owner\Application Data\KodakCredentialStore
2009-06-06 18:57 . 2009-06-06 18:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Skinux
2009-06-06 18:53 . 2009-06-06 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-06-06 18:52 . 2009-06-06 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2009-06-06 18:52 . 2007-08-26 21:48 -------- d-----w- c:\documents and settings\Owner\Application Data\ArcSoft
2009-06-06 18:51 . 2007-08-26 21:43 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-06-06 18:51 . 2009-06-06 18:51 -------- d-----w- c:\program files\ArcSoft
2009-06-06 18:51 . 2009-06-06 18:47 -------- d-----w- c:\program files\Kodak
2009-06-06 18:50 . 2009-06-06 18:49 -------- d-----w- c:\program files\Common Files\Kodak
2009-06-06 18:46 . 2009-06-06 18:46 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\bindbins.exe
2009-06-06 18:46 . 2009-06-06 18:46 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\finish.exe
2009-06-06 18:46 . 2009-06-06 18:46 175104 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\reduced_contents_PrintCreation_expanded\setup.exe
2009-06-06 18:46 . 2009-06-06 18:46 45056 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysfiles\kb945060\kb945060.exe
2009-06-06 18:45 . 2009-06-06 18:45 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\start.exe
2009-06-06 18:45 . 2009-06-06 18:45 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_1c3e62d2\EasyShrx.Dll
2009-06-06 18:45 . 2009-06-06 18:45 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.9.30.1.dll
2009-06-04 03:22 . 2009-06-04 03:22 390664 ----a-w- c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-06-03 19:09 . 2004-08-26 16:12 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-30 18:30 . 2006-06-15 19:56 56560 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-30 18:29 . 2009-05-30 18:29 1144168 ----a-w- c:\program files\wlsetup-custom.exe
2009-05-30 18:29 . 2009-05-30 18:29 1143656 ----a-w- c:\program files\wlsetup-web.exe
2009-05-14 03:25 . 2009-05-14 03:25 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-05-07 15:32 . 2004-08-26 16:11 345600 ----a-w- c:\windows\system32\localspl.dll
2009-01-31 16:25 . 2009-01-31 16:23 16939888 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2007-03-12 01:02 . 2007-03-12 01:00 1528 -c--a-w- c:\program files\Common Files\temp.html
2006-05-31 13:14 . 2006-05-31 13:14 108056 -c--a-w- c:\program files\Common Files\secman.dll
2006-03-11 23:09 . 2006-03-11 23:09 626176 -c--a-w- c:\program files\Common Files\osmax.ocx
.

((((((((((((((((((((((((((((( SnapShot@2009-08-04_21.25.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-05 02:36 . 2009-08-05 02:36 16384 c:\windows\Temp\Perflib_Perfdata_6cc.dat
+ 2004-08-26 18:07 . 2009-08-05 00:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-26 18:07 . 2009-08-04 19:20 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-08-26 18:07 . 2009-08-05 00:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-08-26 18:07 . 2009-08-04 19:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-08-26 18:07 . 2009-08-05 00:11 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-08-26 18:07 . 2009-08-04 19:20 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-05-01 645328]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-05-18 543232]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2003-09-19 36864]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-09-25 2559488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Hasbro Interactive\\Monopoly\\MONOPOLY.ICD"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\My Backup -- 11-06-06 1943\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\bittorrent.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/30/2009 2:36 PM 55152]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/15/2007 2:13 AM 24652]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 N;N;\??\c:\program files\NewTech Infosystems\NTI Ripper\ --> c:\program files\NewTech Infosystems\NTI Ripper\ [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-21 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-21 12:57]

2009-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-21 12:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optimumonline.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = about:blank
Trusted Zone: aol.com\free
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 22:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\N]
"ImagePath"="\??\c:\program files\NewTech Infosystems\NTI Ripper\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2160)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-08-05 22:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-05 02:44
ComboFix2.txt 2009-08-04 21:35

Pre-Run: 125,710,802,944 bytes free
Post-Run: 125,677,486,080 bytes free

571 --- E O F --- 2009-07-31 07:00


The MBR log:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 60 !

The Malwarebytes log:

Malwarebytes' Anti-Malware 1.40
Database version: 2561
Windows 5.1.2600 Service Pack 3

8/5/2009 12:00:08 AM
mbam-log-2009-08-05 (00-00-08).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 226834
Time elapsed: 1 hour(s), 8 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\S-1-5-18\SOFTWARE\Windows antiVirus pro (Rogue.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\onhelp.htm (Rogue.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wispex.html (Malware.Trace) -> Quarantined and deleted successfully.

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 05 August 2009 - 07:25 AM

Hello.

This should get rid of the hotkey error.

Apply Registry Script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "code".
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CHotkey"=-
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.reg
  • Hit OK.
When done properly, the icon should look like Posted Image.

Double click fix.reg and answer Yes to the prompts. You should recieve the message that the entries have been successfully merged. If not, post back with the error message.

Delete fix.reg after use.

Update Java to Version 6 Update 15
Your current version of Java is outdated. Malware creators can exploit the lesser security of older versions. Please uninstall your current version through Add/Remove Programs. Remove all instances of Java, J2SE Runtime, Java Runtime, and Java Runtime Environment. Restart your computer after uninstalling.

Please download the installer here. Choose "Windows".

Delete the installer after use.

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select Critical Areas.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.

Please take a new DDS.txt log after.

With Regards,
The Panda

#9 msrie32

msrie32
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 05 August 2009 - 10:00 PM

Hi,

I fixed the java and the hotkey. When I ran the Kapersky scan it did come up with 4 infected files. Although my virus scan and my malware bytes didn't come up with anything.

Wednesday, August 5, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, August 06, 2009 01:41:12
Records in database: 2584783


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area Critical Areas
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics
Files scanned 53067
Threat name 3
Infected objects 4
Suspicious objects 0
Duration of the scan 01:58:46

File name Threat name Threats count
C:\WINDOWS\system32\explorer32\msn6mngr.exe Infected: not-a-virus:Monitor.Win32.PCTattletale.p 1

C:\WINDOWS\system32\explorer32\svchost.exe Infected: not-a-virus:Monitor.Win32.PCTattletale.n 1

C:\WINDOWS\system32\explorer32\WinLoad.exe Infected: not-a-virus:Monitor.Win32.PCTattletale.a 1

C:\WINDOWS\system32\WinLoad.exe Infected: not-a-virus:Monitor.Win32.PCTattletale.a 1

The selected area was scanned.


Thank you

#10 msrie32

msrie32
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 05 August 2009 - 10:10 PM

One quick thing that I remembered. A few years ago I downloaded a trial version of the parental software which was named pc tattletale to monitor my kids access. I only used it one day and decided i didn't like it. This has the same name has the item that Kapersky found. Could it be that program? I thought I had deleted it, but even when it was on my computer it did not show up in my program lists so now I'm not sure.

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 06 August 2009 - 07:50 AM

Hello.

It looks like malware, or a rogue program to me judging my the file names and locations. It is impersonating Windows file names.

I'll have ComboFix upload them to be examined.

Run ComboFix with CFScript
We will run ComboFix again with a script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    http://www.bleepingcomputer.com/forums/t/243918/nkoskrnl-hook-and-others/
    
    Suspect::[59]
    C:\WINDOWS\system32\explorer32\msn6mngr.exe
    C:\WINDOWS\system32\explorer32\svchost.exe
    C:\WINDOWS\system32\explorer32\WinLoad.exe
    C:\WINDOWS\system32\WinLoad.exe
    
    FileLook::
    C:\WINDOWS\system32\explorer32\msn6mngr.exe
    C:\WINDOWS\system32\explorer32\svchost.exe
    C:\WINDOWS\system32\explorer32\WinLoad.exe
    C:\WINDOWS\system32\WinLoad.exe
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

With Regards,
The Panda

#12 msrie32

msrie32
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 06 August 2009 - 04:53 PM

Hi,

Here is the new combo fix log. I can only work on this at night after work, so sorry this is taking so long.
ComboFix 09-08-06.01 - Owner 08/06/2009 17:34.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.143 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

file zipped: c:\windows\system32\explorer32\msn6mngr.exe
file zipped: c:\windows\system32\explorer32\svchost.exe
file zipped: c:\windows\system32\explorer32\WinLoad.exe
file zipped: c:\windows\system32\WinLoad.exe
.

((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-05 02:49 . 2009-08-05 02:49 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-30 19:50 . 2008-11-27 22:47 -------- d---a-w- c:\windows\system32\images
2009-07-28 11:57 . 2009-07-28 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\17236404
2009-07-26 03:14 . 2009-07-26 03:14 -------- d-----w- c:\program files\Trend Micro
2009-07-25 15:43 . 2009-07-25 15:43 3584 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-07-25 15:43 . 2009-07-25 15:43 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-07-25 15:43 . 2009-07-25 15:43 -------- d-----w- c:\program files\MSECACHE
2009-07-23 21:24 . 2009-07-28 19:13 -------- d-----w- c:\documents and settings\Administrator.YOUR-7136AA763F\Tracing
2009-07-23 01:47 . 2009-07-23 01:47 -------- d-----w- c:\documents and settings\Administrator.YOUR-7136AA763F\Application Data\Malwarebytes
2009-07-23 01:00 . 2009-07-23 01:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-23 01:00 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-23 01:00 . 2009-08-05 02:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-23 01:00 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-23 01:00 . 2009-07-23 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-23 00:24 . 2009-07-23 00:24 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-07-23 00:11 . 2009-07-23 00:11 -------- d-----w- c:\windows\ERUNT
2009-07-23 00:07 . 2009-07-23 00:07 -------- d-----w- c:\documents and settings\Administrator.YOUR-7136AA763F\Application Data\Template
2009-07-21 01:42 . 2009-05-14 03:25 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-21 01:42 . 2009-05-14 03:25 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-07-21 01:42 . 2009-05-14 03:25 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-21 01:42 . 2009-04-09 18:23 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-21 01:41 . 2009-07-21 01:42 -------- d-----w- c:\program files\Common Files\McAfee
2009-07-21 01:41 . 2009-07-21 01:41 -------- d-----w- c:\program files\McAfee.com
2009-07-21 01:38 . 2009-05-14 03:24 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-07-20 23:49 . 2009-07-20 23:49 -------- d-sh--w- c:\documents and settings\Administrator.YOUR-7136AA763F\PrivacIE
2009-07-20 21:26 . 2009-07-20 21:27 -------- d-----w- c:\documents and settings\Administrator.YOUR-7136AA763F\Application Data\MSNInstaller
2009-07-20 21:26 . 2009-07-20 21:27 -------- d-----w- c:\documents and settings\Administrator.YOUR-7136AA763F\Application Data\MSN6
2009-07-19 23:58 . 2009-07-19 23:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-12 01:35 . 2009-07-12 01:35 -------- d-----w- c:\program files\Oberon Media
2009-07-11 22:59 . 2009-07-11 22:59 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 00:35 . 2009-01-02 16:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-06 00:35 . 2006-06-12 02:58 -------- d-----w- c:\program files\Java
2009-08-06 00:01 . 2009-06-06 18:52 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2009-08-02 01:09 . 2007-05-24 02:32 -------- d-----w- c:\program files\RealArcade
2009-08-01 17:09 . 2006-06-12 02:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-31 09:08 . 2009-05-30 18:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 00:30 . 2006-06-12 06:20 29120 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-07-26 01:37 . 2008-08-19 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-25 04:36 . 2009-02-03 19:59 -------- d-----w- c:\program files\AGE of empires
2009-07-23 00:07 . 2009-07-23 00:07 126 ----a-w- c:\documents and settings\Administrator.YOUR-7136AA763F\Application Data\wklnhst.dat
2009-07-21 04:44 . 2007-11-30 17:28 -------- d-----w- c:\program files\Pivot Stickfigure Animator
2009-07-21 02:31 . 2006-06-12 03:08 -------- d-----w- c:\program files\McAfee
2009-07-21 01:51 . 2009-01-31 16:19 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2009-07-21 01:47 . 2006-06-12 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-20 14:46 . 2007-07-20 17:28 -------- d-----w- c:\program files\VSO
2009-07-19 23:48 . 2008-04-24 01:02 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-07-19 05:41 . 2008-05-14 15:43 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2009-07-16 21:42 . 2008-04-27 01:36 -------- d-----w- c:\program files\MSN Games
2009-07-12 02:36 . 2007-05-07 22:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-04 05:38 . 2009-07-04 05:38 -------- d-----w- c:\program files\BitTorrent
2009-07-03 17:09 . 2004-08-26 16:12 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-19 06:32 . 2009-06-19 06:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Research In Motion
2009-06-19 06:31 . 2009-06-19 06:31 -------- d-----w- c:\program files\Common Files\Pumatech Shared
2009-06-19 06:29 . 2009-06-19 06:29 -------- d-----w- c:\program files\Research In Motion
2009-06-16 14:36 . 2004-08-26 16:12 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-26 16:11 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 03:54 . 2009-06-16 03:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Any Video Converter
2009-06-09 03:03 . 2009-06-09 03:03 -------- d-----w- c:\program files\Infogrames
2009-06-09 02:42 . 2009-06-09 02:31 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Pro
2009-06-09 02:38 . 2009-06-09 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-06-09 02:31 . 2009-06-09 02:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-06 18:46 . 2009-06-06 18:46 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\bindbins.exe
2009-06-06 18:46 . 2009-06-06 18:46 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\finish.exe
2009-06-06 18:46 . 2009-06-06 18:46 175104 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\reduced_contents_PrintCreation_expanded\setup.exe
2009-06-06 18:46 . 2009-06-06 18:46 45056 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysfiles\kb945060\kb945060.exe
2009-06-06 18:45 . 2009-06-06 18:45 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\start.exe
2009-06-06 18:45 . 2009-06-06 18:45 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_1c3e62d2\EasyShrx.Dll
2009-06-06 18:45 . 2009-06-06 18:45 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.9.30.1.dll
2009-06-04 03:22 . 2009-06-04 03:22 390664 ----a-w- c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-06-03 19:09 . 2004-08-26 16:12 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-30 18:30 . 2006-06-15 19:56 56560 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-30 18:29 . 2009-05-30 18:29 1144168 ----a-w- c:\program files\wlsetup-custom.exe
2009-05-30 18:29 . 2009-05-30 18:29 1143656 ----a-w- c:\program files\wlsetup-web.exe
2009-05-14 03:25 . 2009-05-14 03:25 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-01-31 16:25 . 2009-01-31 16:23 16939888 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2007-03-12 01:02 . 2007-03-12 01:00 1528 -c--a-w- c:\program files\Common Files\temp.html
2006-05-31 13:14 . 2006-05-31 13:14 108056 -c--a-w- c:\program files\Common Files\secman.dll
2006-03-11 23:09 . 2006-03-11 23:09 626176 -c--a-w- c:\program files\Common Files\osmax.ocx
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\explorer32\msn6mngr.exe ---
Company: none
File Description: ------
File Version: 1.00
Product Name: msn6mngr
Copyright: ------
Original Filename: msn6mngr.exe
File size: 69632
Created time: 2005-08-09 17:43
Modified time: 2005-08-09 17:43
MD5: 751315A95980718F5D283BDFCB54E2E1
SHA1: A66D32EA1CEE7BA5F482B994245ECF56C47A4B2C


--- c:\windows\system32\explorer32\svchost.exe ---
Company: none
File Description: ------
File Version: 1.00.0059
Product Name: SendMail
Copyright: ------
Original Filename: svchost.exe
File size: 163840
Created time: 2006-06-02 12:02
Modified time: 2006-06-02 12:02
MD5: 1ECFF7D0FABE9E6C10A1E00D7C0363B0
SHA1: DB730736686E4F1762CF2A07028CDF5B76E801EA


--- c:\windows\system32\explorer32\WinLoad.exe ---
Company: none
File Description: ------
File Version: 1.00.0037
Product Name: WinLoad
Copyright: ------
Original Filename: WinLoad.exe
File size: 65536
Created time: 2006-09-18 14:34
Modified time: 2006-09-18 14:34
MD5: C4CE3C245E3E62385A241C0A54689BB1
SHA1: F3600F99267FF86C50D1F6C7ED3DC281AFFFB986


--- c:\windows\system32\WinLoad.exe ---
Company: none
File Description: ------
File Version: 1.00.0037
Product Name: WinLoad
Copyright: ------
Original Filename: WinLoad.exe
File size: 65536
Created time: 2006-09-18 14:34
Modified time: 2006-09-18 14:34
MD5: C4CE3C245E3E62385A241C0A54689BB1
SHA1: F3600F99267FF86C50D1F6C7ED3DC281AFFFB986


((((((((((((((((((((((((((((( SnapShot@2009-08-04_21.25.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-06 00:36 . 2009-08-06 00:36 16384 c:\windows\Temp\Perflib_Perfdata_968.dat
- 2004-08-26 18:07 . 2009-08-04 19:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-08-26 18:07 . 2009-08-06 18:57 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-08-26 18:07 . 2009-08-04 19:20 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-26 18:07 . 2009-08-06 18:57 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-08-06 00:35 . 2009-08-06 00:35 149280 c:\windows\system32\javaws.exe
+ 2009-08-06 00:35 . 2009-08-06 00:35 145184 c:\windows\system32\javaw.exe
+ 2009-08-06 00:35 . 2009-08-06 00:35 145184 c:\windows\system32\java.exe
+ 2009-08-06 00:35 . 2009-08-06 00:35 1757696 c:\windows\Installer\1f8103.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-05-01 645328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-06 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2003-09-19 36864]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-09-25 2559488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Hasbro Interactive\\Monopoly\\MONOPOLY.ICD"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\My Backup -- 11-06-06 1943\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\bittorrent.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"l:\\OUTput of Video\\age3x.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/30/2009 2:36 PM 55152]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/15/2007 2:13 AM 24652]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 N;N;\??\c:\program files\NewTech Infosystems\NTI Ripper\ --> c:\program files\NewTech Infosystems\NTI Ripper\ [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-21 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-21 12:57]

2009-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-21 12:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optimumonline.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = about:blank
Trusted Zone: aol.com\free
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 17:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\N]
"ImagePath"="\??\c:\program files\NewTech Infosystems\NTI Ripper\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3840)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-06 17:47
ComboFix-quarantined-files.txt 2009-08-06 21:46
ComboFix2.txt 2009-08-05 02:44
ComboFix3.txt 2009-08-04 21:35

Pre-Run: 125,546,233,856 bytes free
Post-Run: 125,599,604,736 bytes free

259 --- E O F --- 2009-07-31 07:00
Upload was successful

Thank you.

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 06 August 2009 - 05:13 PM

Let's get rid of that.

Run ComboFix with CFScript
We will run ComboFix again with a script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    File::
    C:\WINDOWS\system32\explorer32\msn6mngr.exe
    C:\WINDOWS\system32\explorer32\svchost.exe
    C:\WINDOWS\system32\explorer32\WinLoad.exe
    C:\WINDOWS\system32\WinLoad.exe
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Any problems at the moment?

With Regards,
The Panda

#14 msrie32

msrie32
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 06 August 2009 - 05:57 PM

Hi,
Here's the newest combo log. There has been no problems with the computer lately, just running a little slow tonight. By the way, in between combo logs, I restarted my computer to make sure the hotkey error was gone and my computer installed an update on its own. I was too afraid to stop it. Also, when I started combo fix, I forgot about disabling the virus scan but when combo fix reminded me, I did stop it. The log states it was on anyway. Thank you for all your help, I know nothing about computers!

ComboFix 09-08-06.01 - Owner 08/06/2009 18:34.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.196 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FILE ::
"c:\windows\system32\explorer32\msn6mngr.exe"
"c:\windows\system32\explorer32\svchost.exe"
"c:\windows\system32\explorer32\WinLoad.exe"
"c:\windows\system32\WinLoad.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\explorer32\msn6mngr.exe
c:\windows\system32\explorer32\svchost.exe
c:\windows\system32\explorer32\WinLoad.exe
c:\windows\system32\WinLoad.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-05 02:49 . 2009-08-05 02:49 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-30 19:50 . 2008-11-27 22:47 -------- d---a-w- c:\windows\system32\images
2009-07-28 11:57 . 2009-07-28 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\17236404
2009-07-26 03:14 . 2009-07-26 03:14 -------- d-----w- c:\program files\Trend Micro
2009-07-25 15:43 . 2009-07-25 15:43 3584 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-07-25 15:43 . 2009-07-25 15:43 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-07-25 15:43 . 2009-07-25 15:43 -------- d-----w- c:\program files\MSECACHE
2009-07-23 21:24 . 2009-07-28 19:13 -------- d-----w- c:\documents and settings\Administrator.YOUR-7136AA763F\Tracing
2009-07-23 01:47 . 2009-07-23 01:47 -------- d-----w- c:\documents and settings\Administrator.YOUR-7136AA763F\Application Data\Malwarebytes
2009-07-23 01:00 . 2009-07-23 01:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-23 01:00 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-23 01:00 . 2009-08-05 02:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-23 01:00 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-23 01:00 . 2009-07-23 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-23 00:24 . 2009-07-23 00:24 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-07-23 00:11 . 2009-07-23 00:11 -------- d-----w- c:\windows\ERUNT
2009-07-23 00:07 . 2009-07-23 00:07 -------- d-----w- c:\documents and settings\Administrator.YOUR-7136AA763F\Application Data\Template
2009-07-21 01:42 . 2009-05-14 03:25 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-21 01:42 . 2009-05-14 03:25 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-07-21 01:42 . 2009-05-14 03:25 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-21 01:42 . 2009-04-09 18:23 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-21 01:41 . 2009-07-21 01:42 -------- d-----w- c:\program files\Common Files\McAfee
2009-07-21 01:41 . 2009-07-21 01:41 -------- d-----w- c:\program files\McAfee.com
2009-07-21 01:38 . 2009-05-14 03:24 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-07-20 23:49 . 2009-07-20 23:49 -------- d-sh--w- c:\documents and settings\Administrator.YOUR-7136AA763F\PrivacIE
2009-07-20 21:26 . 2009-07-20 21:27 -------- d-----w- c:\documents and settings\Administrator.YOUR-7136AA763F\Application Data\MSNInstaller
2009-07-20 21:26 . 2009-07-20 21:27 -------- d-----w- c:\documents and settings\Administrator.YOUR-7136AA763F\Application Data\MSN6
2009-07-19 23:58 . 2009-07-19 23:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-12 01:35 . 2009-07-12 01:35 -------- d-----w- c:\program files\Oberon Media
2009-07-11 22:59 . 2009-07-11 22:59 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 22:25 . 2009-06-06 18:52 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2009-08-06 00:35 . 2009-01-02 16:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-06 00:35 . 2006-06-12 02:58 -------- d-----w- c:\program files\Java
2009-08-02 01:09 . 2007-05-24 02:32 -------- d-----w- c:\program files\RealArcade
2009-08-01 17:09 . 2006-06-12 02:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-31 09:08 . 2009-05-30 18:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 00:30 . 2006-06-12 06:20 29120 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-07-26 01:37 . 2008-08-19 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-25 04:36 . 2009-02-03 19:59 -------- d-----w- c:\program files\AGE of empires
2009-07-23 00:07 . 2009-07-23 00:07 126 ----a-w- c:\documents and settings\Administrator.YOUR-7136AA763F\Application Data\wklnhst.dat
2009-07-21 04:44 . 2007-11-30 17:28 -------- d-----w- c:\program files\Pivot Stickfigure Animator
2009-07-21 02:31 . 2006-06-12 03:08 -------- d-----w- c:\program files\McAfee
2009-07-21 01:51 . 2009-01-31 16:19 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2009-07-21 01:47 . 2006-06-12 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-20 14:46 . 2007-07-20 17:28 -------- d-----w- c:\program files\VSO
2009-07-19 23:48 . 2008-04-24 01:02 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-07-19 05:41 . 2008-05-14 15:43 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2009-07-16 21:42 . 2008-04-27 01:36 -------- d-----w- c:\program files\MSN Games
2009-07-12 02:36 . 2007-05-07 22:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-04 05:38 . 2009-07-04 05:38 -------- d-----w- c:\program files\BitTorrent
2009-07-03 17:09 . 2004-08-26 16:12 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-19 06:32 . 2009-06-19 06:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Research In Motion
2009-06-19 06:31 . 2009-06-19 06:31 -------- d-----w- c:\program files\Common Files\Pumatech Shared
2009-06-19 06:29 . 2009-06-19 06:29 -------- d-----w- c:\program files\Research In Motion
2009-06-16 14:36 . 2004-08-26 16:12 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-26 16:11 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 03:54 . 2009-06-16 03:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Any Video Converter
2009-06-09 03:03 . 2009-06-09 03:03 -------- d-----w- c:\program files\Infogrames
2009-06-09 02:42 . 2009-06-09 02:31 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Pro
2009-06-09 02:38 . 2009-06-09 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-06-09 02:31 . 2009-06-09 02:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-06 18:46 . 2009-06-06 18:46 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\bindbins.exe
2009-06-06 18:46 . 2009-06-06 18:46 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\finish.exe
2009-06-06 18:46 . 2009-06-06 18:46 175104 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\reduced_contents_PrintCreation_expanded\setup.exe
2009-06-06 18:46 . 2009-06-06 18:46 45056 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysfiles\kb945060\kb945060.exe
2009-06-06 18:45 . 2009-06-06 18:45 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\start.exe
2009-06-06 18:45 . 2009-06-06 18:45 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_1c3e62d2\EasyShrx.Dll
2009-06-06 18:45 . 2009-06-06 18:45 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.9.30.1.dll
2009-06-04 03:22 . 2009-06-04 03:22 390664 ----a-w- c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-06-03 19:09 . 2004-08-26 16:12 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-30 18:30 . 2006-06-15 19:56 56560 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-30 18:29 . 2009-05-30 18:29 1144168 ----a-w- c:\program files\wlsetup-custom.exe
2009-05-30 18:29 . 2009-05-30 18:29 1143656 ----a-w- c:\program files\wlsetup-web.exe
2009-05-14 03:25 . 2009-05-14 03:25 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-01-31 16:25 . 2009-01-31 16:23 16939888 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2007-03-12 01:02 . 2007-03-12 01:00 1528 -c--a-w- c:\program files\Common Files\temp.html
2006-05-31 13:14 . 2006-05-31 13:14 108056 -c--a-w- c:\program files\Common Files\secman.dll
2006-03-11 23:09 . 2006-03-11 23:09 626176 -c--a-w- c:\program files\Common Files\osmax.ocx
.

((((((((((((((((((((((((((((( SnapShot@2009-08-04_21.25.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-06 22:25 . 2009-08-06 22:25 16384 c:\windows\Temp\Perflib_Perfdata_648.dat
+ 2008-07-30 01:10 . 2008-07-30 01:10 26112 c:\windows\system32\TsWpfWrp.exe
+ 2008-07-29 23:59 . 2008-07-29 23:59 43544 c:\windows\system32\PresentationHostProxy.dll
+ 2004-08-26 16:12 . 2009-08-06 22:23 71612 c:\windows\system32\perfc009.dat
- 2004-08-26 16:12 . 2009-07-07 13:49 71612 c:\windows\system32\perfc009.dat
- 2007-10-24 05:47 . 2007-10-24 05:47 15360 c:\windows\system32\mui\0409\mscorees.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 15360 c:\windows\system32\mui\0409\mscorees.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 83968 c:\windows\system32\mscories.dll
+ 2008-07-29 23:24 . 2008-07-29 23:24 97800 c:\windows\system32\infocardapi.dll
+ 2008-07-29 23:24 . 2008-07-29 23:24 11264 c:\windows\system32\icardres.dll
+ 2008-07-30 01:10 . 2008-07-30 01:10 73720 c:\windows\system32\dxva2.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 96760 c:\windows\system32\dfshim.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 96760 c:\windows\system32\dfshim.dll
- 2004-08-26 18:07 . 2009-08-04 19:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-08-26 18:07 . 2009-08-06 18:57 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-08-26 18:07 . 2009-08-06 18:57 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-08-26 18:07 . 2009-08-04 19:20 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-30 03:40 . 2008-07-30 03:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-30 01:10 . 2008-07-30 01:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-29 23:59 . 2008-07-29 23:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
- 2006-10-21 01:21 . 2006-10-21 01:21 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-30 01:10 . 2008-07-30 01:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-29 23:32 . 2008-07-29 23:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-29 23:16 . 2008-07-29 23:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 15:17 . 2008-07-25 15:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 15:17 . 2008-07-25 15:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2007-10-24 05:47 . 2007-10-24 05:47 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2007-10-24 05:47 . 2007-10-24 05:47 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2007-10-24 05:47 . 2007-10-24 05:47 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2007-10-24 05:47 . 2007-10-24 05:47 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
- 2007-10-24 05:47 . 2007-10-24 05:47 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-11-25 08:59 . 2008-11-25 08:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2007-10-24 05:47 . 2007-10-24 05:47 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- 2007-10-24 05:47 . 2007-10-24 05:47 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-07-30 01:07 . 2008-07-30 01:07 23040 c:\windows\Installer\4c83aff.msp
+ 2009-08-06 22:16 . 2009-08-06 22:16 88576 c:\windows\Installer\4c4e140.msi
+ 2009-08-06 22:28 . 2009-08-06 22:28 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll
+ 2009-08-06 22:29 . 2009-08-06 22:29 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe
+ 2009-08-06 22:27 . 2009-08-06 22:27 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll
+ 2009-08-06 22:28 . 2009-08-06 22:28 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\ec83ec80653eb20ccc6ed42075c90aee\Microsoft.VisualC.ni.dll
+ 2009-08-06 22:27 . 2009-08-06 22:27 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
+ 2009-08-06 22:29 . 2009-08-06 22:29 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2009-08-06 22:20 . 2009-08-06 22:20 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2009-08-06 22:20 . 2009-08-06 22:20 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
- 2009-07-07 13:47 . 2009-07-07 13:47 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-08-06 22:20 . 2009-08-06 22:20 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2009-08-06 22:20 . 2009-08-06 22:20 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
- 2009-07-07 13:47 . 2009-07-07 13:47 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-08-06 22:19 . 2009-08-06 22:19 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-08-06 22:20 . 2009-08-06 22:20 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2009-08-06 22:19 . 2009-08-06 22:19 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2009-08-06 22:18 . 2009-08-06 22:18 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
- 2008-05-07 14:47 . 2008-05-07 14:47 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-08-06 22:19 . 2009-08-06 22:19 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-08-06 22:19 . 2009-08-06 22:19 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2009-08-06 22:19 . 2009-08-06 22:19 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-07-07 13:47 . 2009-07-07 13:47 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-07-07 13:47 . 2009-07-07 13:47 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-07-07 13:47 . 2009-07-07 13:47 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-07-07 13:47 . 2009-07-07 13:47 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2007-10-24 05:47 . 2007-10-24 05:47 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2007-10-24 05:47 . 2007-10-24 05:47 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2007-10-24 05:47 . 2007-10-24 05:47 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2009-08-06 22:19 . 2009-08-06 22:19 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-07-07 13:47 . 2009-07-07 13:47 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-07-30 01:26 . 2008-07-30 01:26 301568 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2008-07-29 23:59 . 2008-07-29 23:59 161296 c:\windows\system32\UIAutomationCore.dll
+ 2008-07-29 23:59 . 2008-07-29 23:59 781344 c:\windows\system32\PresentationNative_v0300.dll
+ 2008-07-30 00:35 . 2008-07-30 00:35 326160 c:\windows\system32\PresentationHost.exe
+ 2008-07-29 23:59 . 2008-07-29 23:59 105016 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2004-08-26 16:12 . 2009-08-06 22:23 441786 c:\windows\system32\perfh009.dat
- 2004-08-26 16:12 . 2009-07-07 13:49 441786 c:\windows\system32\perfh009.dat
+ 2008-07-25 15:16 . 2008-07-25 15:16 158720 c:\windows\system32\mscorier.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 158720 c:\windows\system32\mscorier.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 282112 c:\windows\system32\mscoree.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 282112 c:\windows\system32\mscoree.dll
+ 2009-08-06 00:35 . 2009-08-06 00:35 149280 c:\windows\system32\javaws.exe
+ 2009-08-06 00:35 . 2009-08-06 00:35 145184 c:\windows\system32\javaw.exe
+ 2009-08-06 00:35 . 2009-08-06 00:35 145184 c:\windows\system32\java.exe
+ 2008-07-29 23:24 . 2008-07-29 23:24 622080 c:\windows\system32\icardagt.exe
+ 2008-07-30 01:10 . 2008-07-30 01:10 493048 c:\windows\system32\evr.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2009-08-06 22:19 . 2009-08-06 22:19 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-29 22:47 . 2008-07-29 22:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 22:47 . 2008-07-29 22:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-30 03:15 . 2008-07-30 03:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-30 03:40 . 2008-07-30 03:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-30 00:35 . 2008-07-30 00:35 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-29 23:59 . 2008-07-29 23:59 132120 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-29 23:16 . 2008-07-29 23:16 966656 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-29 23:16 . 2008-07-29 23:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-29 23:16 . 2008-07-29 23:16 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-29 23:24 . 2008-07-29 23:24 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-29 23:16 . 2008-07-29 23:16 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-11-25 08:59 . 2008-11-25 08:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-11-25 08:59 . 2008-11-25 08:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 392184 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-11-25 08:59 . 2008-11-25 08:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-11-25 08:59 . 2008-11-25 08:59 990032 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2007-10-24 05:47 . 2007-10-24 05:47 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2007-10-24 05:47 . 2007-10-24 05:47 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2007-10-24 05:47 . 2007-10-24 05:47 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2008-12-13 13:58 . 2008-12-13 13:58 754688 c:\windows\Installer\4c9915a.msp
+ 2009-08-06 22:20 . 2009-08-06 22:20 648192 c:\windows\Installer\4c99134.msi
+ 2008-07-30 01:23 . 2008-07-30 01:23 250880 c:\windows\Installer\4c83b08.msp
+ 2008-07-30 01:28 . 2008-07-30 01:28 278016 c:\windows\Installer\4c83b06.msp
+ 2008-07-29 23:40 . 2008-07-29 23:40 291840 c:\windows\Installer\4c83b04.msp
+ 2009-08-06 22:19 . 2009-08-06 22:19 137728 c:\windows\Installer\4c83afe.msi
+ 2008-07-29 21:35 . 2008-07-29 21:35 553472 c:\windows\Installer\4c4e145.msp
+ 2008-07-29 21:33 . 2008-07-29 21:33 506368 c:\windows\Installer\4c4e143.msp
+ 2008-07-29 21:37 . 2008-07-29 21:37 911360 c:\windows\Installer\4c4e142.msp
+ 2009-08-06 22:32 . 2009-08-06 22:32 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll
+ 2009-08-06 22:28 . 2009-08-06 22:28 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll
+ 2009-08-06 22:31 . 2009-08-06 22:31 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll
+ 2009-08-06 22:30 . 2009-08-06 22:30 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
+ 2009-08-06 22:30 . 2009-08-06 22:30 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
+ 2009-08-06 22:30 . 2009-08-06 22:30 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
+ 2009-08-06 22:27 . 2009-08-06 22:27 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
+ 2009-08-06 22:29 . 2009-08-06 22:29 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-08-06 22:30 . 2009-08-06 22:30 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2abd876a3c8a6b088fa6d8d39d901e3c\System.Runtime.Remoting.ni.dll
+ 2009-08-06 22:40 . 2009-08-06 22:40 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll
+ 2009-08-06 22:40 . 2009-08-06 22:40 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll
+ 2009-08-06 22:30 . 2009-08-06 22:30 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll
+ 2009-08-06 22:30 . 2009-08-06 22:30 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll
+ 2009-08-06 22:30 . 2009-08-06 22:30 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll
+ 2009-08-06 22:30 . 2009-08-06 22:30 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll
+ 2009-08-06 22:27 . 2009-08-06 22:27 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
+ 2009-08-06 22:30 . 2009-08-06 22:30 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll
+ 2009-08-06 22:31 . 2009-08-06 22:31 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\45067d0793a09d3431d26bfa55c5a76a\sysglobl.ni.dll
+ 2009-08-06 22:31 . 2009-08-06 22:31 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll
+ 2009-08-06 22:31 . 2009-08-06 22:31 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
+ 2009-08-06 22:31 . 2009-08-06 22:31 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
+ 2009-08-06 22:31 . 2009-08-06 22:31 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll
+ 2009-08-06 22:27 . 2009-08-06 22:27 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2009-08-06 22:20 . 2009-08-06 22:20 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2009-08-06 22:19 . 2009-08-06 22:19 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
- 2009-07-07 13:47 . 2009-07-07 13:47 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-07-07 13:47 . 2009-07-07 13:47 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-08-06 22:20 . 2009-08-06 22:20 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-08-06 22:24 . 2009-08-06 22:24 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-08-06 22:20 . 2009-08-06 22:20 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2009-08-06 22:24 . 2009-08-06 22:24 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2008-05-07 14:47 . 2008-05-07 14:47 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-08-06 22:19 . 2009-08-06 22:19 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 966656 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-08-06 22:20 . 2009-08-06 22:20 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-08-06 22:20 . 2009-08-06 22:20 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2008-05-07 14:46 . 2008-05-07 14:46 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2008-05-07 14:46 . 2008-05-07 14:46 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-08-06 22:19 . 2009-08-06 22:19 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-08-06 22:24 . 2009-08-06 22:24 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2009-08-06 22:19 . 2009-08-06 22:19 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2009-08-06 22:24 . 2009-08-06 22:24 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-08-06 22:19 . 2009-08-06 22:19 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-08-06 22:19 . 2009-08-06 22:19 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2009-08-06 22:19 . 2009-08-06 22:19 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-08-06 22:19 . 2009-08-06 22:19 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2008-05-07 14:47 . 2008-05-07 14:47 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-08-06 22:19 . 2009-08-06 22:19 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2009-08-06 22:19 . 2009-08-06 22:19 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-08-06 22:19 . 2009-08-06 22:19 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
- 2009-07-07 13:47 . 2009-07-07 13:47 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2004-08-26 10:54 . 2009-08-06 22:25 1496720 c:\windows\system32\FNTCACHE.DAT
- 2004-08-26 10:54 . 2009-06-12 07:09 1496720 c:\windows\system32\FNTCACHE.DAT
+ 2008-07-30 03:40 . 2008-07-30 03:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 22:47 . 2008-07-29 22:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-12-05 23:35 . 2008-12-05 23:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-12-06 00:12 . 2008-12-06 00:12 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
- 2007-10-24 05:47 . 2007-10-24 05:47 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- 2007-10-24 05:47 . 2007-10-24 05:47 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-11-25 08:59 . 2008-11-25 08:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-11-25 08:59 . 2008-11-25 08:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 3149824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2008-11-25 08:59 . 2008-11-25 08:59 5813576 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2008-11-25 08:59 . 2008-11-25 08:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 1163768 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2008-12-13 13:57 . 2008-12-13 13:57 8397824 c:\windows\Installer\4c99143.msp
+ 2008-07-29 23:26 . 2008-07-29 23:26 1043456 c:\windows\Installer\4c83b07.msp
+ 2008-07-30 00:37 . 2008-07-30 00:37 2679808 c:\windows\Installer\4c83b05.msp
+ 2008-07-30 01:15 . 2008-07-30 01:15 3697664 c:\windows\Installer\4c83b03.msp
+ 2008-07-29 23:34 . 2008-07-29 23:34 1448448 c:\windows\Installer\4c83b02.msp
+ 2008-07-30 00:22 . 2008-07-30 00:22 4137984 c:\windows\Installer\4c83b01.msp
+ 2008-07-29 23:18 . 2008-07-29 23:18 3376640 c:\windows\Installer\4c83b00.msp
+ 2008-07-29 21:45 . 2008-07-29 21:45 2543616 c:\windows\Installer\4c4e149.msp
+ 2008-07-29 21:29 . 2008-07-29 21:29 2926080 c:\windows\Installer\4c4e148.msp
+ 2008-07-29 21:41 . 2008-07-29 21:41 6487040 c:\windows\Installer\4c4e147.msp
+ 2008-07-29 21:39 . 2008-07-29 21:39 3403264 c:\windows\Installer\4c4e146.msp
+ 2008-07-29 21:43 . 2008-07-29 21:43 1013248 c:\windows\Installer\4c4e144.msp
+ 2008-07-29 21:31 . 2008-07-29 21:31 6083072 c:\windows\Installer\4c4e141.msp
+ 2009-08-06 00:35 . 2009-08-06 00:35 1757696 c:\windows\Installer\1f8103.msi
+ 2009-08-06 22:28 . 2009-08-06 22:28 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
+ 2009-08-06 22:31 . 2009-08-06 22:31 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll
+ 2009-08-06 22:27 . 2009-08-06 22:27 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
+ 2009-08-06 22:27 . 2009-08-06 22:27 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
+ 2009-08-06 22:30 . 2009-08-06 22:30 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll
+ 2009-08-06 22:31 . 2009-08-06 22:31 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll
+ 2009-08-06 22:40 . 2009-08-06 22:40 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
+ 2009-08-06 22:29 . 2009-08-06 22:29 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll
+ 2009-08-06 22:40 . 2009-08-06 22:40 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll
+ 2009-08-06 22:28 . 2009-08-06 22:28 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
+ 2009-08-06 22:29 . 2009-08-06 22:29 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll
+ 2009-08-06 22:28 . 2009-08-06 22:28 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll
+ 2009-08-06 22:30 . 2009-08-06 22:30 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll
+ 2009-08-06 22:27 . 2009-08-06 22:27 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll
+ 2009-08-06 22:30 . 2009-08-06 22:30 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\283ecfbaa6a6fab76c8b544a4a89d5ce\System.Data.OracleClient.ni.dll
+ 2009-08-06 22:31 . 2009-08-06 22:31 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\0bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll
+ 2009-08-06 22:31 . 2009-08-06 22:31 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
+ 2009-08-06 22:29 . 2009-08-06 22:29 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll
+ 2009-08-06 22:29 . 2009-08-06 22:29 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll
+ 2009-08-06 22:27 . 2009-08-06 22:27 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 1245184 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-07-07 13:47 . 2009-07-07 13:47 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-08-06 22:24 . 2009-08-06 22:24 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-08-06 22:23 . 2009-08-06 22:23 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-07-07 13:47 . 2009-07-07 13:47 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-08-06 22:19 . 2009-08-06 22:19 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2009-08-06 22:23 . 2009-08-06 22:23 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-08-06 22:18 . 2009-08-06 22:18 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2009-08-06 22:22 . 2009-08-06 22:22 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-07-07 13:48 . 2009-07-07 13:48 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-12-13 14:21 . 2008-12-13 14:21 10473472 c:\windows\Installer\4c9914e.msp
+ 2009-08-06 22:23 . 2009-08-06 22:23 11073536 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3D8.tmp\mscorlib.dll
+ 2009-08-06 22:28 . 2009-08-06 22:28 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
+ 2009-08-06 22:30 . 2009-08-06 22:30 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll
+ 2009-08-06 22:30 . 2009-08-06 22:30 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8ee220bc3cce4f7bbd7818946519ed7f\System.Design.ni.dll
+ 2009-08-06 22:29 . 2009-08-06 22:29 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll
+ 2009-08-06 22:28 . 2009-08-06 22:28 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
+ 2009-08-06 22:26 . 2009-08-06 22:26 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-05-01 645328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-06 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2003-09-19 36864]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-09-25 2559488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Hasbro Interactive\\Monopoly\\MONOPOLY.ICD"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\My Backup -- 11-06-06 1943\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\bittorrent.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/30/2009 2:36 PM 55152]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/15/2007 2:13 AM 24652]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 N;N;\??\c:\program files\NewTech Infosystems\NTI Ripper\ --> c:\program files\NewTech Infosystems\NTI Ripper\ [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-21 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-21 12:57]

2009-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-21 12:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optimumonline.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = about:blank
Trusted Zone: aol.com\free
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 18:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\N]
"ImagePath"="\??\c:\program files\NewTech Infosystems\NTI Ripper\"
.
Completion time: 2009-08-06 18:48
ComboFix-quarantined-files.txt 2009-08-06 22:47
ComboFix2.txt 2009-08-06 21:48
ComboFix3.txt 2009-08-05 02:44
ComboFix4.txt 2009-08-04 21:35

Pre-Run: 125,032,112,128 bytes free
Post-Run: 124,951,625,728 bytes free

796 --- E O F --- 2009-08-06 22:24

#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 AM

Posted 06 August 2009 - 06:40 PM

That looks good. Unless there are any issues at the moment, we can wrap up.

Uninstall ComboFix
Remove Combofix now that we're done with it.
  • Click on your Start Menu, then Run....
  • Now type the following into the runbox and click OK. Notice the space between the "x" and "/".
    ComboFix /u

    Posted Image
Uninstalling ComboFix will do the following:
  • Delete ComboFix and its components from your computer.
  • Delete other tools commonly used during the malware removal process.
  • Resets clock settings to standard format.
  • Hides file extensions and hidden/system files.
  • Clears System Restore cache and creates new restore point.
Please re-enable any antimalware programs that were disabled during the fix.

Preventing Malware Infection in the Future
Please take some time to look at the following links, giving some advice and suggestions for preventing future infections: For general slowness problems that you may have, take a look at Slow Computer/browser? It May Not Be Malware. Read How to use the Startup Database to identify and disable uneeded processes and increase the amount of available resources.

Do you have any questions or concerns?

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users