Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

antivirus pro 2010


  • This topic is locked This topic is locked
28 replies to this topic

#1 gator8

gator8

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 05 October 2009 - 11:43 AM

After getting this my computer, I cant run defender, spybot, cant restore. I could'n run task manager "admin priveliges" but now i can. I think i still have it!


DDS (Ver_09-09-29.01) - NTFSx86
Run by Administrator at 12:13:52.10 on Mon 10/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.990.289 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Uniblue\RegistryBooster 2010\registrybooster.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [UniblueRegistryBooster] "c:\program files\uniblue\registrybooster 2010\launcher.exe" delay 20000
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {51A1CDAB-573D-45A4-B69F-B44791DFF60A} - hxxp://www.brevardpropertyappraiser.com/picto/include/PictImageCtrl30.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211290623888
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://www.compassbbg.com/Compass/ElectronicPartsCatalog/acgm.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\hmdzzh3c.default\
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-3 96520]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-6-19 26824]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-3 231192]
R2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb17 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
S2 gupdate1c99b775d6433d2;Google Update Service (gupdate1c99b775d6433d2);c:\program files\google\update\GoogleUpdate.exe [2009-3-2 133104]
S3 JumpShot;Lexar Media USB Compact Flash Driver;c:\windows\system32\drivers\LEXAR2K.SYS [2001-10-19 16969]
S3 XoftSpyService;XoftSpyService;"c:\program files\common files\xoftspyse\6\xoftspyservice.exe" --> c:\program files\common files\xoftspyse\6\xoftspyservice.exe [?]

=============== Created Last 30 ================

2009-10-05 10:24 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-10-05 10:20 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-10-05 10:15 <DIR> --d----- c:\docume~1\admini~1\applic~1\Uniblue
2009-10-05 10:14 <DIR> --d----- c:\program files\Uniblue
2009-10-05 10:07 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-10-05 10:07 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-10-05 09:19 <DIR> --d----- C:\Combo-Fix32328C
2009-10-02 18:15 50,176 a------- c:\windows\system32\proquota.exe
2009-10-02 17:47 <DIR> a-dshr-- C:\cmdcons
2009-10-02 17:45 229,888 a------- c:\windows\PEV.exe
2009-10-02 17:45 161,792 a------- c:\windows\SWREG.exe
2009-10-02 17:45 98,816 a------- c:\windows\sed.exe
2009-10-02 17:43 <DIR> --d----- C:\Combo-Fix
2009-10-02 17:25 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-02 17:25 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-02 17:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-02 17:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-02 09:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-02 09:49 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-02 09:49 <DIR> --d----- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2009-10-01 16:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\XoftSpySE
2009-10-01 16:25 0 a----r-- c:\windows\win32k.sys
2009-10-01 16:23 <DIR> --d----- c:\windows\LastGood(2)
2009-10-01 15:35 17,811 a------- c:\windows\ehydelen._sy
2009-10-01 15:09 14,286 a------- c:\windows\usos.dat
2009-10-01 15:09 12,564 a------- c:\program files\common files\bycyripap.dat
2009-10-01 15:09 12,070 a------- c:\windows\mururahim.dat
2009-10-01 14:22 6,144 a------- C:\avjelge.exe
2009-09-18 11:54 <DIR> --d----- c:\program files\DVDFab 6
2009-09-09 07:33 153,088 -c------ c:\windows\system32\dllcache\triedit.dll

==================== Find3M ====================

2009-10-01 15:09 15,868 a------- c:\program files\common files\romifus._sy
2009-10-01 15:09 12,009 a------- c:\program files\common files\ypizyg.lib
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-02-27 13:27 47,360 a------- c:\docume~1\admini~1\applic~1\pcouffin.sys

============= FINISH: 12:14:20.31 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:23 PM

Posted 22 October 2009 - 06:43 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.

    First Location
    Second Location
    Third Location

  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Posted Image
m0le is a proud member of UNITE

#3 gator8

gator8
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 23 October 2009 - 10:32 AM

Thank you for your help


DDS (Ver_09-10-13.01) - NTFSx86
Run by Administrator at 9:53:20.75 on Fri 10/23/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.990.229 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\MIDASWIN\partsimg.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {51A1CDAB-573D-45A4-B69F-B44791DFF60A} - hxxp://www.brevardpropertyappraiser.com/picto/include/PictImageCtrl30.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211290623888
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://www.compassbbg.com/Compass/ElectronicPartsCatalog/acgm.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-3 335240]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-10-6 297752]
R2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb17 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
S2 gupdate1c99b775d6433d2;Google Update Service (gupdate1c99b775d6433d2);c:\program files\google\update\GoogleUpdate.exe [2009-3-2 133104]
S3 JumpShot;Lexar Media USB Compact Flash Driver;c:\windows\system32\drivers\LEXAR2K.SYS [2001-10-19 16969]
S3 XoftSpyService;XoftSpyService;"c:\program files\common files\xoftspyse\6\xoftspyservice.exe" --> c:\program files\common files\xoftspyse\6\xoftspyservice.exe [?]

=============== Created Last 30 ================

2009-10-15 16:23 54,156 a---h--- c:\windows\QTFont.qfn
2009-10-15 16:23 1,409 a------- c:\windows\QTFont.for
2009-10-05 17:19 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-10-05 16:55 <DIR> --d----- c:\program files\Trend Micro
2009-10-05 15:15 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-05 15:15 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-05 15:15 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-05 10:24 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-10-05 10:15 <DIR> --d----- c:\docume~1\admini~1\applic~1\Uniblue
2009-10-05 10:07 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-10-02 18:15 50,176 a------- c:\windows\system32\proquota.exe
2009-10-02 17:47 <DIR> a-dshr-- C:\cmdcons
2009-10-02 17:45 229,888 a------- c:\windows\PEV.exe
2009-10-02 17:45 161,792 a------- c:\windows\SWREG.exe
2009-10-02 17:45 98,816 a------- c:\windows\sed.exe
2009-10-02 17:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-02 09:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-02 09:49 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-02 09:49 <DIR> --d----- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2009-10-01 16:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\XoftSpySE
2009-10-01 16:23 <DIR> --d----- c:\windows\LastGood(2)
2009-10-01 15:35 17,811 a------- c:\windows\ehydelen._sy
2009-10-01 15:09 14,286 a------- c:\windows\usos.dat
2009-10-01 15:09 12,564 a------- c:\program files\common files\bycyripap.dat
2009-10-01 15:09 12,070 a------- c:\windows\mururahim.dat

==================== Find3M ====================

2009-10-06 14:16 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-06 14:16 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-10-01 15:09 12,009 a------- c:\program files\common files\ypizyg.lib
2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 04:08 916,480 a------- c:\windows\system32\wininet.dll
2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 10:20 2,066,048 -------- c:\windows\system32\ntkrnlpa.exe
2009-02-27 13:27 47,360 a------- c:\docume~1\admini~1\applic~1\pcouffin.sys

============= FINISH: 9:53:37.40 ===============









ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/23 10:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF14EA000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B28000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB7FD0000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\Config\Config
Status: Locked to the Windows API!

Path: C:\WINDOWS\Connection Wizard\Connection Wizard
Status: Locked to the Windows API!

Path: C:\WINDOWS\Minidump\Minidump
Status: Locked to the Windows API!

Path: C:\WINDOWS\PIF\PIF
Status: Locked to the Windows API!

Path: C:\WINDOWS\addins\addins
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB933729\KB933729
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB943460\KB943460
Status: Locked to the Windows API!

Path: C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Status: Locked to the Windows API!

Path: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_7d5f3790\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_7d5f3790
Status: Locked to the Windows API!

Path: C:\WINDOWS\security\logs\logs
Status: Locked to the Windows API!

Path: C:\WINDOWS\java\trustlib\trustlib
Status: Locked to the Windows API!

Path: C:\WINDOWS\msapps\msinfo\msinfo
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imejp98\imejp98
Status: Locked to the Windows API!

Path: C:\WINDOWS\inf\OTHER\OTHER
Status: Locked to the Windows API!

Path: C:\WINDOWS\Registration\CRMLog\CRMLog
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default
Status: Locked to the Windows API!

Path: C:\WINDOWS\Sun\Java\Deployment\Deployment
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\chsime\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\CHTIME\Applets\Applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imejp\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imjp8_1\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imkr6_1\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imkr6_1\dicts\dicts
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\shared\res\res
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\Temp\Temp
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25D.tmp\ZAP25D.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP368.tmp\ZAP368.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Status: Locked to the Windows API!

Path: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Status: Locked to the Windows API!

Path: C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Status: Locked to the Windows API!

Path: C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Status: Locked to the Windows API!

==EOF==

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:23 PM

Posted 23 October 2009 - 10:54 AM

Hello gator8,

Some traces of malware in the log but nothing more powerful, and nothing bad in the RootRepeal log either. Looks like a log that's been infected but fought back. :(

I think it might be worth trying to tidy up and see if anything tries to stop us.

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


Then let's see an MBAM log

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#5 gator8

gator8
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 23 October 2009 - 11:02 AM

I cant run exehelper. access denied.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:23 PM

Posted 23 October 2009 - 11:09 AM

Interesting. Let's leave MBAM for a minute.

Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
Posted Image
m0le is a proud member of UNITE

#7 gator8

gator8
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 23 October 2009 - 11:24 AM

Running from: C:\Documents and Settings\Administrator\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\addins\addins

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25D.tmp\ZAP25D.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25D.tmp\ZAP25D.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP368.tmp\ZAP368.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP368.tmp\ZAP368.tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\inf\OTHER\OTHER

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\inf\OTHER\OTHER

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Minidump\Minidump

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\security\logs\logs

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Cannot access: C:\WINDOWS\system32\MRT.exe

Attempting to restore permissions of : C:\WINDOWS\system32\MRT.exe

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Found mount point : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_7d5f3790\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_7d5f3790

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_7d5f3790\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_7d5f3790



Finished!

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:23 PM

Posted 23 October 2009 - 11:57 AM

There's a rootkit at work.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it combo-fix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If this doesn't run then post back. :(
Posted Image
m0le is a proud member of UNITE

#9 gator8

gator8
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 23 October 2009 - 12:31 PM

ComboFix 09-10-22.01 - Administrator 10/23/2009 13:03.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.990.245 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\iniasd.txt
c:\windows\ehydelen._sy

.
((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.

2009-10-14 20:45 . 2009-10-14 20:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-05 21:19 . 2009-10-05 21:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-05 20:55 . 2009-10-05 20:55 -------- d-----w- c:\program files\Trend Micro
2009-10-05 19:15 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-05 19:15 . 2009-10-05 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-05 19:15 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-05 14:24 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-05 14:15 . 2009-10-05 14:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue
2009-10-05 14:07 . 2009-10-05 14:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-02 22:15 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-02 21:25 . 2009-10-02 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-02 13:50 . 2009-10-02 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-02 13:49 . 2009-10-05 21:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-02 13:49 . 2009-10-02 13:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-01 20:44 . 2009-10-01 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2009-10-01 20:23 . 2009-10-01 20:23 -------- d-----w- c:\windows\LastGood(2)
2009-10-01 19:09 . 2009-10-01 19:09 14286 ----a-w- c:\windows\usos.dat
2009-10-01 19:09 . 2009-10-01 19:09 13719 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\arefehe.dat
2009-10-01 19:09 . 2009-10-01 19:09 12564 ----a-w- c:\program files\Common Files\bycyripap.dat
2009-10-01 19:09 . 2009-10-01 19:09 12070 ----a-w- c:\windows\mururahim.dat
2009-10-01 18:22 . 2009-10-01 18:22 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 16:01 . 2008-07-03 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-09 13:40 . 2008-11-05 22:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-08 18:27 . 2008-06-02 16:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-06 20:54 . 2008-11-05 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-06 18:16 . 2008-07-03 13:11 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-06 18:16 . 2008-07-03 13:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-06 18:16 . 2007-06-19 16:38 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-05 21:03 . 2008-02-29 19:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2009-10-05 14:07 . 2007-06-20 08:00 -------- d-----w- c:\program files\Windows Defender
2009-10-01 19:09 . 2009-10-01 19:09 12009 ----a-w- c:\program files\Common Files\ypizyg.lib
2009-09-18 20:00 . 2009-09-18 15:54 -------- d-----w- c:\program files\DVDFab 6
2009-09-18 19:55 . 2007-06-19 16:31 22288 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-18 16:32 . 2007-06-20 10:12 -------- d-----w- c:\program files\Common Files\AnswerWorks 4.0
2009-09-18 15:55 . 2009-01-08 17:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Vso
2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2006-02-28 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-13 16:27 . 2009-08-13 16:27 0 ----a-w- c:\windows\nsreg.dat
2009-08-06 23:24 . 2007-06-19 15:02 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2007-06-19 15:02 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2007-06-19 15:02 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2007-04-17 05:45 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2007-06-19 15:02 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2006-02-28 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2007-06-19 15:02 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2008-05-20 17:30 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2007-07-30 23:18 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2007-06-19 15:02 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2006-02-28 12:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-10-02_22.29.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-02-28 12:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
- 2006-02-28 12:00 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2006-02-28 12:00 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
- 2006-02-28 12:00 . 2009-08-21 06:36 90914 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2009-10-14 19:45 90914 c:\windows\system32\perfc009.dat
- 2006-11-08 01:03 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 01:03 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll
- 2006-02-28 12:00 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2006-02-28 12:00 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll
+ 2006-02-28 12:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2009-06-11 05:37 . 2009-08-29 08:08 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-11 05:37 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
+ 2007-04-25 08:41 . 2009-08-29 08:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-04-25 08:41 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
- 2006-02-28 12:00 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-02-28 12:00 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-06-24 23:56 . 2009-06-24 23:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2007-04-14 00:58 . 2007-04-14 00:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 01:30 . 2007-04-14 01:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2009-10-05 21:20 . 2009-10-05 21:20 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2009-10-02 17:50 . 2009-10-02 17:50 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2009-10-02 17:50 . 2009-10-02 17:50 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-10-05 21:20 . 2009-10-05 21:20 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 45056 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
+ 2007-06-20 10:14 . 2009-10-05 17:47 45056 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 65536 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut37_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 65536 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut37_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 65536 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut33_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 65536 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut33_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 65536 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut32_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 65536 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut32_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2007-06-20 10:14 . 2009-10-05 17:47 45056 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut30_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 45056 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut30_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2007-06-20 10:14 . 2009-10-05 17:47 45056 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut29_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 45056 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut29_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 65536 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\_7AE715922BD74E0E938522AC3FDACFB1_2.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 65536 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\_7AE715922BD74E0E938522AC3FDACFB1_2.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 65536 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\_7AE715922BD74E0E938522AC3FDACFB1_1.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 65536 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\_7AE715922BD74E0E938522AC3FDACFB1_1.exe
+ 2009-10-14 19:39 . 2009-07-03 17:09 12800 c:\windows\ie8updates\KB974455-IE8\xpshims.dll
+ 2009-10-14 19:39 . 2009-07-03 17:09 55296 c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll
+ 2009-10-14 19:39 . 2009-07-03 17:09 25600 c:\windows\ie8updates\KB974455-IE8\jsproxy.dll
+ 2009-10-14 19:36 . 2009-10-14 19:36 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f49fee0a\System.Drawing.Design.dll
+ 2009-10-14 19:36 . 2009-10-14 19:36 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_d48b444b\CustomMarshalers.dll
+ 2009-10-14 19:50 . 2009-10-14 19:50 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2009-10-14 21:49 . 2009-10-14 21:49 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2009-10-14 21:49 . 2009-10-14 21:49 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2009-10-14 19:47 . 2009-10-14 19:47 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2009-10-14 19:46 . 2009-10-14 19:46 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2009-10-14 21:48 . 2009-10-14 21:48 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-10-14 21:46 . 2009-10-14 21:46 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2009-10-14 21:46 . 2009-10-14 21:46 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-14 19:43 . 2009-10-14 19:43 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-10-14 19:43 . 2009-10-14 19:43 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-08-21 06:35 . 2009-08-21 06:35 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-10-14 19:43 . 2009-10-14 19:43 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-08-21 06:35 . 2009-08-21 06:35 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-10-14 19:43 . 2009-10-14 19:43 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-10-14 19:43 . 2009-10-14 19:43 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-10-14 19:43 . 2009-10-14 19:43 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-10-14 19:43 . 2009-10-14 19:43 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-10-14 19:43 . 2009-10-14 19:43 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-10-02 17:50 . 2009-10-02 17:50 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2009-10-05 21:20 . 2009-10-05 21:20 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
- 2009-08-21 06:34 . 2009-08-21 06:34 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-14 19:43 . 2009-10-14 19:43 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-08-21 06:35 . 2009-08-21 06:35 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-10-14 19:43 . 2009-10-14 19:43 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-10-14 19:43 . 2009-10-14 19:43 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2006-02-28 12:00 . 2009-04-02 03:02 604160 c:\windows\system32\wmspdmod.dll
+ 2006-02-28 12:00 . 2009-06-25 08:25 147456 c:\windows\system32\schannel.dll
- 2006-02-28 12:00 . 2009-08-21 06:36 493668 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2009-10-14 19:45 493668 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll
- 2006-02-28 12:00 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
+ 2006-11-08 01:03 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll
- 2006-11-08 01:03 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
+ 2006-02-28 12:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2006-02-28 12:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2006-02-28 12:00 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll
- 2006-02-28 12:00 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2006-02-28 12:00 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll
- 2006-02-28 12:00 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
+ 2006-02-28 12:00 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe
+ 2006-02-28 12:00 . 2009-04-02 03:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2006-02-28 12:00 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll
- 2006-02-28 12:00 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2006-02-28 12:00 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
- 2006-02-28 12:00 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-02-28 12:00 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2007-04-25 08:41 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-04-25 08:41 . 2009-08-29 08:08 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-04-16 19:11 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
- 2009-06-11 05:37 . 2009-07-03 17:09 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-11 05:37 . 2009-08-29 08:08 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2006-02-28 12:00 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll
- 2006-02-28 12:00 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-02-28 12:00 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-02-28 12:00 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-02-28 12:00 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-08-08 03:51 . 2009-08-08 03:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 00:58 . 2007-04-14 00:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 00:56 . 2007-04-14 00:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2007-04-14 01:30 . 2007-04-14 01:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2009-10-05 14:21 . 2009-10-05 14:21 301056 c:\windows\Installer\b9fcb.msi
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:47 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:47 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:47 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:47 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut40_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut40_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut39_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut39_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut34_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut34_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut28_6C2287199EDD4CAA8285D3095F51E522.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut28_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut27_6C2287199EDD4CAA8285D3095F51E522.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut27_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut26_6C2287199EDD4CAA8285D3095F51E522.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut26_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut25_6C2287199EDD4CAA8285D3095F51E522.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut25_6C2287199EDD4CAA8285D3095F51E522.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut241_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut241_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut201_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut201_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut19_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut19_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-06-20 10:14 . 2009-09-18 16:36 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2007-06-20 10:14 . 2009-10-05 17:46 454656 c:\windows\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2009-10-14 19:39 . 2009-07-03 17:09 915456 c:\windows\ie8updates\KB974455-IE8\wininet.dll
+ 2009-10-14 19:39 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll
+ 2009-10-14 19:39 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe
+ 2009-10-14 19:39 . 2009-07-03 17:09 206848 c:\windows\ie8updates\KB974455-IE8\occache.dll
+ 2009-10-14 19:39 . 2009-07-03 17:09 594432 c:\windows\ie8updates\KB974455-IE8\msfeeds.dll
+ 2009-10-14 19:39 . 2009-07-03 17:09 246272 c:\windows\ie8updates\KB974455-IE8\ieproxy.dll
+ 2009-10-14 19:39 . 2009-07-03 17:09 184320 c:\windows\ie8updates\KB974455-IE8\iepeers.dll
+ 2009-10-14 19:39 . 2009-07-03 17:09 386048 c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll
+ 2009-10-14 19:39 . 2009-07-03 11:01 173056 c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe
+ 2009-10-14 19:37 . 2009-10-14 19:37 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_bd2a575d\System.Drawing.dll
+ 2009-10-14 19:37 . 2009-10-14 19:37 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_57a4985c\System.Drawing.Design.dll
+ 2009-10-14 19:37 . 2009-10-14 19:37 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_aacb829d\CustomMarshalers.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2009-10-14 19:50 . 2009-10-14 19:50 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2009-10-14 19:50 . 2009-10-14 19:50 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2009-10-14 19:50 . 2009-10-14 19:50 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2009-10-14 21:49 . 2009-10-14 21:49 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2009-10-14 21:49 . 2009-10-14 21:49 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2009-10-14 21:49 . 2009-10-14 21:49 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2009-10-14 21:49 . 2009-10-14 21:49 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2009-10-14 21:49 . 2009-10-14 21:49 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2009-10-14 21:49 . 2009-10-14 21:49 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2009-10-14 21:49 . 2009-10-14 21:49 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2009-10-14 21:49 . 2009-10-14 21:49 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2009-10-14 21:48 . 2009-10-14 21:48 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2009-10-14 21:48 . 2009-10-14 21:48 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2009-10-14 21:48 . 2009-10-14 21:48 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-10-14 21:48 . 2009-10-14 21:48 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2009-10-14 21:48 . 2009-10-14 21:48 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2009-10-14 21:48 . 2009-10-14 21:48 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2009-10-14 21:46 . 2009-10-14 21:46 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2009-10-14 21:46 . 2009-10-14 21:46 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2009-10-14 21:48 . 2009-10-14 21:48 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2009-10-14 21:48 . 2009-10-14 21:48 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2009-10-14 19:49 . 2009-10-14 19:49 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2009-10-14 21:48 . 2009-10-14 21:48 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-10-14 21:48 . 2009-10-14 21:48 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2009-10-14 21:48 . 2009-10-14 21:48 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2009-10-14 21:48 . 2009-10-14 21:48 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2009-10-14 21:48 . 2009-10-14 21:48 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2009-10-14 21:48 . 2009-10-14 21:48 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2009-10-14 21:47 . 2009-10-14 21:47 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2009-10-14 19:48 . 2009-10-14 19:48 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2009-10-14 19:48 . 2009-10-14 19:48 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2009-10-14 19:48 . 2009-10-14 19:48 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2009-10-14 19:48 . 2009-10-14 19:48 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2009-10-14 21:47 . 2009-10-14 21:47 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2009-10-14 21:46 . 2009-10-14 21:46 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
+ 2009-10-14 19:43 . 2009-10-14 19:43 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-14 19:43 . 2009-10-14 19:43 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-10-14 19:43 . 2009-10-14 19:43 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-08-21 06:35 . 2009-08-21 06:35 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-08-21 06:35 . 2009-08-21 06:35 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-14 19:43 . 2009-10-14 19:43 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-08-21 06:35 . 2009-08-21 06:35 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-08-21 06:35 . 2009-08-21 06:35 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-08-21 06:35 . 2009-08-21 06:35 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-08-21 06:35 . 2009-08-21 06:35 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-10-14 19:43 . 2009-10-14 19:43 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-08-21 06:35 . 2009-08-21 06:35 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-14 19:43 . 2009-10-14 19:43 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-08-21 06:35 . 2009-08-21 06:35 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-14 14:02 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2006-02-28 12:00 . 2009-08-29 08:08 1208832 c:\windows\system32\urlmon.dll
- 2006-02-28 12:00 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2009-01-20 17:07 . 2009-10-05 14:08 2090080 c:\windows\system32\Restore\rstrlog.dat
+ 2006-02-28 12:00 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
- 2006-02-28 12:00 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
+ 2006-02-28 12:00 . 2009-08-29 08:08 5940224 c:\windows\system32\mshtml.dll
- 2006-10-17 15:57 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
+ 2006-10-17 15:57 . 2009-08-29 08:08 1985536 c:\windows\system32\iertutil.dll
- 2006-02-28 12:00 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2006-02-28 12:00 . 2009-08-29 08:08 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
+ 2008-10-14 22:15 . 2009-08-05 00:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-14 22:15 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-14 22:15 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-14 22:15 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-14 22:15 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-14 22:15 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-10-14 22:15 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-02-28 12:00 . 2009-08-29 08:08 5940224 c:\windows\system32\dllcache\mshtml.dll
- 2007-04-25 08:41 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2007-04-25 08:41 . 2009-08-29 08:08 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2008-11-25 08:59 . 2008-11-25 08:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 00:50 . 2007-04-14 00:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-10-05 21:20 . 2009-10-05 21:20 1583616 c:\windows\Installer\6196cd.msi
+ 2009-10-14 19:39 . 2009-07-03 17:09 1208832 c:\windows\ie8updates\KB974455-IE8\urlmon.dll
+ 2009-10-14 19:39 . 2009-07-19 13:18 5937152 c:\windows\ie8updates\KB974455-IE8\mshtml.dll
+ 2009-10-14 19:39 . 2009-07-03 17:09 1985536 c:\windows\ie8updates\KB974455-IE8\iertutil.dll
+ 2008-10-14 22:15 . 2009-08-05 00:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-14 22:15 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-14 22:15 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-14 22:15 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-14 22:15 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-14 22:15 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-14 22:15 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2007-07-11 06:01 . 2007-07-11 06:01 1966080 c:\windows\assembly\temp\Y7FNW4CKS0\System.dll
+ 2007-07-11 06:01 . 2007-07-11 06:01 1232896 c:\windows\assembly\temp\S19HPY6EMU\System.dll
+ 2007-07-11 06:02 . 2007-07-11 06:02 3391488 c:\windows\assembly\temp\ENV3BJS08G\mscorlib.dll
+ 2007-07-11 06:02 . 2007-07-11 06:02 2088960 c:\windows\assembly\temp\4DLT19IQY6\System.Xml.dll
+ 2009-10-14 19:36 . 2009-10-14 19:36 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_f0bf8ce8\System.dll
+ 2009-10-14 19:37 . 2009-10-14 19:37 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2201b9de\System.dll
+ 2009-10-14 19:37 . 2009-10-14 19:37 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_b1738c35\System.Xml.dll
+ 2009-10-14 19:37 . 2009-10-14 19:37 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_980f4407\System.Xml.dll
+ 2009-10-14 19:36 . 2009-10-14 19:36 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_8103cc0f\System.Windows.Forms.dll
+ 2009-10-14 19:37 . 2009-10-14 19:37 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_0cad888e\System.Windows.Forms.dll
+ 2009-10-14 19:37 . 2009-10-14 19:37 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_14cc0533\System.Drawing.dll
+ 2009-10-14 19:37 . 2009-10-14 19:37 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_b413d831\System.Design.dll
+ 2009-10-14 19:37 . 2009-10-14 19:37 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_2d702cc2\System.Design.dll
+ 2009-10-14 19:37 . 2009-10-14 19:37 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2ad04e04\mscorlib.dll
+ 2009-10-14 19:37 . 2009-10-14 19:37 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0e39e60f\mscorlib.dll
+ 2009-10-14 19:47 . 2009-10-14 19:47 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2009-10-14 19:50 . 2009-10-14 19:50 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2009-10-14 19:46 . 2009-10-14 19:46 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2009-10-14 19:50 . 2009-10-14 19:50 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2009-10-14 21:49 . 2009-10-14 21:49 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2009-10-14 21:49 . 2009-10-14 21:49 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2009-10-14 21:49 . 2009-10-14 21:49 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2009-10-14 21:49 . 2009-10-14 21:49 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2009-10-14 21:49 . 2009-10-14 21:49 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2009-10-14 21:49 . 2009-10-14 21:49 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2009-10-14 21:49 . 2009-10-14 21:49 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2009-10-14 19:50 . 2009-10-14 19:50 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2009-10-14 21:48 . 2009-10-14 21:48 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2009-10-14 21:46 . 2009-10-14 21:46 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2009-10-14 19:49 . 2009-10-14 19:49 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2009-10-14 21:46 . 2009-10-14 21:46 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2009-10-14 19:49 . 2009-10-14 19:49 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2009-10-14 21:48 . 2009-10-14 21:48 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2009-10-14 21:48 . 2009-10-14 21:48 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2009-10-14 19:49 . 2009-10-14 19:49 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-10-14 21:48 . 2009-10-14 21:48 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2009-10-14 19:49 . 2009-10-14 19:49 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2009-10-14 21:48 . 2009-10-14 21:48 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2009-10-14 19:49 . 2009-10-14 19:49 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2009-10-14 19:49 . 2009-10-14 19:49 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2009-10-14 19:48 . 2009-10-14 19:49 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2009-10-14 19:46 . 2009-10-14 19:46 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2009-10-14 21:48 . 2009-10-14 21:48 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-10-14 21:47 . 2009-10-14 21:47 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
- 2009-08-21 06:35 . 2009-08-21 06:35 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-08-21 06:35 . 2009-08-21 06:35 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-10-14 19:43 . 2009-10-14 19:43 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-10-14 19:43 . 2009-10-14 19:43 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-08-21 06:34 . 2009-08-21 06:34 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-08-21 06:33 . 2009-08-21 06:33 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-14 19:43 . 2009-10-14 19:43 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-21 06:35 . 2009-08-21 06:35 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-21 06:35 . 2009-08-21 06:35 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-14 19:44 . 2009-10-14 19:44 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-14 19:35 . 2009-10-14 19:35 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2007-07-11 06:01 . 2007-07-11 06:01 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-10-14 19:35 . 2009-10-14 19:35 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-07-11 06:01 . 2007-07-11 06:01 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2006-11-08 01:03 . 2009-08-29 08:08 11069440 c:\windows\system32\ieframe.dll
+ 2007-04-25 08:41 . 2009-08-29 08:08 11069440 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-11 01:08 . 2009-08-11 01:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-10-02 05:40 . 2009-10-02 05:40 20870656 c:\windows\Installer\5538e.msp
+ 2009-08-15 00:32 . 2009-08-15 00:32 11110912 c:\windows\Installer\1b438948.msp
+ 2009-08-10 18:09 . 2009-08-10 18:09 17254912 c:\windows\Installer\1b438940.msp
+ 2009-10-14 19:39 . 2009-07-19 22:48 11067392 c:\windows\ie8updates\KB974455-IE8\ieframe.dll
+ 2009-10-14 19:50 . 2009-10-14 19:50 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2009-10-14 21:49 . 2009-10-14 21:49 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2009-10-14 21:46 . 2009-10-14 21:46 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2009-10-14 19:49 . 2009-10-14 19:49 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2009-10-14 19:48 . 2009-10-14 19:48 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2009-10-14 19:47 . 2009-10-14 19:47 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2009-10-14 19:46 . 2009-10-14 19:46 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-06 18:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\MIDASWIN\\mupdate.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/3/2008 9:11 AM 335240]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/6/2009 2:16 PM 297752]
R2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
S2 gupdate1c99b775d6433d2;Google Update Service (gupdate1c99b775d6433d2);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2009 4:42 PM 133104]
S3 JumpShot;Lexar Media USB Compact Flash Driver;c:\windows\system32\drivers\LEXAR2K.SYS [10/19/2001 3:57 PM 16969]
S3 XoftSpyService;XoftSpyService;"c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe" --> c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 20:41]

2009-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 20:41]

2009-10-23 c:\windows\Tasks\User_Feed_Synchronization-{92667A47-349A-4387-97A8-C7631C691C49}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hmdzzh3c.default\
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 13:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1177238915-606747145-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fa,4f,32,5e,e6,c5,57,4e,9a,78,33,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fa,4f,32,5e,e6,c5,57,4e,9a,78,33,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(748)
c:\windows\system32\nvappfilter.dll
.
Completion time: 2009-10-23 13:26
ComboFix-quarantined-files.txt 2009-10-23 17:25
ComboFix2.txt 2009-10-05 13:47
ComboFix3.txt 2009-10-02 22:36

Pre-Run: 36,003,147,776 bytes free
Post-Run: 36,488,024,064 bytes free

- - End Of File - - 0AE21C6E96D2B66EC3B4334018BA8DF8

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:23 PM

Posted 23 October 2009 - 12:52 PM

Nothing much on Combofix. Something was here though definitely.

Can you now run Exehelper? If so, please do.


Next

Use Windows Explorer to find and delete these files:

c:\windows\usos.dat
c:\windows\mururahim.dat
c:\program files\Common Files\bycyripap.dat
c:\program files\Common Files\ypizyg.lib

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete



Finally, please now run MBAM on Full Scan. Instructions as above repeated below for ease of use.

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Post the two logs and also let me know what symptoms stil persist. :(
Posted Image
m0le is a proud member of UNITE

#11 gator8

gator8
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 23 October 2009 - 03:48 PM

I was able to run exehelper after turn off avg. Here ere the two logs I will have to check to see if I have anymore symptoms.

exeHelper by Raktor
Build 20091021
Run at 13:55:28 on 10/23/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--



Malwarebytes' Anti-Malware 1.41
Database version: 3019
Windows 5.1.2600 Service Pack 3

10/23/2009 4:44:02 PM
mbam-log-2009-10-23 (16-44-02).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 264562
Time elapsed: 2 hour(s), 26 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 gator8

gator8
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 23 October 2009 - 03:54 PM

still unable to install windows defender or spy bot. unuathorized. I did not try to restore.

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:23 PM

Posted 23 October 2009 - 04:31 PM

still unable to install windows defender or spy bot. unuathorized. I did not try to restore.


Firstly, stop trying to restore until we have a definitely clean PC. You can reinfect like this.

Secondly, the rootkit likes to interfere with various security programs so please run Junction so we can see what it has been up to.

We need to scan the system with this special tool:
  • Please download and save:
Junction.zip

  • Unzip it and place Junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the Run box and click OK:
cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:23 PM

Posted 26 October 2009 - 08:58 AM

Are you still there, gator8?
Posted Image
m0le is a proud member of UNITE

#15 gator8

gator8
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 26 October 2009 - 09:09 AM

Sorry I'm here now, going to run junction now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users