Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet security 2010 issues


  • This topic is locked This topic is locked
8 replies to this topic

#1 Dan5553

Dan5553

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 04 March 2010 - 12:10 AM

I'm running windows XP. Last night I got infected with the xp antivirus 2010 bug. Immediately I tried running Malware only to have it not load. I next tried SuperAntiSpyware which fortunately was still running fine. I let it do a scan and after it identified the rogue Trojans I deleted them, being prompted to then reboot. I did so, got to the little XP loading screen and...sudden reboot. It went to the "windows failed to load properly" screen...I tried safemode, same result. Eventually after a few more reboots I used f8 to bring up more options and started going through those. Running in Debug Mode works for whatever reason, although when I tried to run anything I kept getting prompted on what I wanted to use to open the program. I fixed that by setting all the extensions back to their defaults and then began running Malware, expecting to find the virus had replicated itself or some such. Much to my surprise the scan turned up clean. I repeated this with SuperAntiSpyware and again, no infections. I started poking around online...which is when the first hint of still being infected showed up. I got a single random popup ad, followed by an immense slowdown in system performance. I eventually solved that issue by closing a svchost.exe that was using up all my memory. Since then, av.exe has started to run along with all the other processes. Again, I managed to get rid of them with SuperAntiSpyware, but I'm still having issues. Here's my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:54 AM, on 3/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.thatguywiththeglasses.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BABV - Unknown owner - E:\Temp\BABV.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - E:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - E:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: QD - Unknown owner - C:\DOCUME~1\Paul\LOCALS~1\Temp\QD.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Paul\My Documents\sonata.jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Paul\My Documents\arctica.jpg

My malwarebytes one just says there's no infection so I won't bother posting that, and I'm not aware if SuperAntiSpyware keeps logs, but if it does and someone points me to where they would be I'll gladly include that.

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:50 PM

Posted 04 March 2010 - 08:29 AM

Hello! smile.gif
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT




  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.



=============



The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for the following boxes. Please uncheck these boxes.
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Dan5553

Dan5553
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 04 March 2010 - 11:57 AM

Thanks for the quick reply, Sam. Here's the OTL log...when I was running it I experienced some lag issues, but that's kinda been par for the course at odd times with my memory getting hogged up by this virus.

OTL logfile created on: 3/4/2010 10:34:33 AM - Run 1
OTL by OldTimer - Version 3.1.33.0 Folder = C:\Documents and Settings\Paul\Desktop\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 0.24 Gb Free Space | 0.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 298.08 Gb Total Space | 12.45 Gb Free Space | 4.18% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DONG-8EB1AD83BF
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/04 10:32:36 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\Downloads\OTL.exe
PRC - [2010/02/18 20:37:54 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/23 08:43:26 | 002,001,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/26 11:45:48 | 014,774,336 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2004/08/04 07:00:00 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sndvol32.exe


========== Modules (SafeList) ==========

MOD - [2010/03/04 10:32:36 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (QD)
SRV - File not found [On_Demand | Stopped] -- -- (BABV)
SRV - [2009/09/13 23:46:47 | 000,267,760 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- E:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe -- (LiveTurbineMessageService)
SRV - [2009/09/13 23:45:46 | 000,218,608 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- E:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe -- (LiveTurbineNetworkService)
SRV - [2009/08/17 12:01:44 | 000,099,176 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2007/07/28 19:19:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-57989841-1035525444-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-57989841-1035525444-725345543-1004\S-1-5-21-57989841-1035525444-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/02 12:27:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/03 23:05:56 | 000,000,000 | ---D | M]

[2008/07/25 15:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions
[2010/03/03 06:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\fq0f9926.default\extensions
[2009/06/13 16:48:11 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\fq0f9926.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/03/19 02:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\fq0f9926.default\extensions\moveplayer@movenetworks.com
[2010/03/03 23:39:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/14 15:55:29 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/03/02 23:17:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-57989841-1035525444-725345543-1004..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKU\S-1-5-21-57989841-1035525444-725345543-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57989841-1035525444-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57989841-1035525444-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-57989841-1035525444-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-57989841-1035525444-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-57989841-1035525444-725345543-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-57989841-1035525444-725345543-1004\..Trusted Domains: thatguywiththeglasses.com ([www] http in Trusted sites)
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/C/A...66614/msaud.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - C:\Documents and Settings\Paul\My Documents\sonata.jpg
O24 - Desktop Components:1 () - C:\Documents and Settings\Paul\My Documents\arctica.jpg
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Paul\My Documents\My Pictures\250px-Superboyic6.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul\My Documents\My Pictures\250px-Superboyic6.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/06 09:18:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/18 07:48:12 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/08/07 23:18:47 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O32 - AutoRun File - [2007/01/26 00:21:52 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/18 07:48:13 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{b5e8db4d-1b72-11df-96a1-00138f480148}\Shell - "" = AutoRun
O33 - MountPoints2\{b5e8db4d-1b72-11df-96a1-00138f480148}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b5e8db4d-1b72-11df-96a1-00138f480148}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/03/04 00:55:11 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17454841580224512)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/04 00:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/04 00:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/04 00:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/03/03 23:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\OpenOffice.org
[2010/03/03 23:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/03/03 23:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/03 22:36:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/03 14:41:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/03 13:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/03/03 13:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/03/03 13:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/03/03 11:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/03/03 11:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/02 23:26:42 | 000,050,504 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/03/02 23:26:41 | 000,024,368 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/03/02 18:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Activision
[2010/03/02 15:59:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/03/02 15:46:09 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/03/02 15:45:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/03/02 15:45:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/03/02 15:45:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/03/02 15:45:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/03/02 15:43:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/03/02 15:35:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/03/02 15:35:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/03/02 08:23:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\C
[2010/02/28 07:14:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Paul\My Documents\Activision
[2009/11/29 00:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/09/13 23:44:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/11/18 04:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/03/24 06:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2007/10/01 06:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/01/06 09:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/01/06 09:18:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/11/24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/04 10:31:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/04 07:00:40 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/03/04 07:00:40 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/03/04 07:00:39 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/04 00:59:05 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Paul\ntuser.dat
[2010/03/04 00:54:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/04 00:54:54 | 000,151,824 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/03/04 00:53:46 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Paul\ntuser.ini
[2010/03/04 00:50:47 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/04 00:39:18 | 000,031,744 | ---- | M] () -- E:\Documents and Settings\Paul\My Documents\Night Paper.doc
[2010/03/04 00:39:01 | 000,031,744 | ---- | M] () -- E:\Documents and Settings\Paul\My Documents\Patrick Fallon.doc
[2010/03/04 00:15:29 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Trillian.lnk
[2010/03/04 00:13:31 | 001,456,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/03 19:46:26 | 002,643,644 | -H-- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\IconCache.db
[2010/03/03 14:36:27 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/03 14:14:26 | 000,003,474 | -HS- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\58La0
[2010/03/03 14:10:58 | 000,023,416 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/03 13:38:04 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/03/03 06:41:56 | 007,093,016 | ---- | M] () -- C:\WINDOWS\System32\VHPC
[2010/03/03 06:24:36 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\housecall.guid.cache
[2010/03/02 23:26:42 | 000,050,504 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/03/02 23:26:41 | 000,024,368 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/03/02 23:26:34 | 000,000,024 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/03/02 23:17:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/02 22:56:02 | 024,481,792 | ---- | M] () -- C:\WINDOWS\System32\EYAXDG
[2010/03/02 16:01:23 | 000,543,728 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/02 16:01:23 | 000,456,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/02 16:01:23 | 000,077,202 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/02 15:59:59 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/03/02 15:59:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/02 15:55:44 | 000,002,639 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/02 15:40:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/03/02 12:42:19 | 000,012,782 | -HS- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\GyBl5ci
[2010/03/01 06:53:07 | 000,044,160 | ---- | M] () -- E:\Documents and Settings\Paul\My Documents\Guards.erf
[2010/02/28 04:20:59 | 000,065,666 | ---- | M] () -- E:\Documents and Settings\Paul\My Documents\Menzo.erf
[2010/02/24 11:19:45 | 000,045,696 | ---- | M] () -- E:\Documents and Settings\Paul\My Documents\D&D.rar
[2010/02/19 21:47:06 | 000,025,088 | ---- | M] () -- E:\Documents and Settings\Paul\My Documents\edit.doc
[2010/02/19 21:46:44 | 000,026,624 | ---- | M] () -- E:\Documents and Settings\Paul\My Documents\Changes.doc
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/04 07:00:40 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/03/04 07:00:40 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/03/04 00:39:18 | 000,031,744 | ---- | C] () -- E:\Documents and Settings\Paul\My Documents\Night Paper.doc
[2010/03/03 14:09:15 | 000,003,474 | -HS- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\58La0
[2010/03/03 13:38:09 | 000,015,240 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\58La0
[2010/03/03 13:38:04 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/03/03 06:39:40 | 007,093,016 | ---- | C] () -- C:\WINDOWS\System32\VHPC
[2010/03/03 06:24:36 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\housecall.guid.cache
[2010/03/02 23:26:34 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/03/02 22:55:06 | 024,481,792 | ---- | C] () -- C:\WINDOWS\System32\EYAXDG
[2010/03/02 06:31:30 | 000,012,782 | -HS- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\GyBl5ci
[2010/03/01 06:53:07 | 000,044,160 | ---- | C] () -- E:\Documents and Settings\Paul\My Documents\Guards.erf
[2010/02/28 04:16:54 | 000,065,666 | ---- | C] () -- E:\Documents and Settings\Paul\My Documents\Menzo.erf
[2010/02/27 18:05:37 | 009,961,472 | ---- | C] () -- C:\Documents and Settings\Paul\ntuser.dat
[2010/02/24 11:19:44 | 000,045,696 | ---- | C] () -- E:\Documents and Settings\Paul\My Documents\D&D.rar
[2010/02/19 21:27:12 | 000,026,624 | ---- | C] () -- E:\Documents and Settings\Paul\My Documents\Changes.doc
[2010/02/19 21:10:09 | 000,025,088 | ---- | C] () -- E:\Documents and Settings\Paul\My Documents\edit.doc
[2009/12/05 07:27:49 | 000,000,193 | ---- | C] () -- C:\WINDOWS\kgff.ini
[2009/12/04 06:07:07 | 000,004,940 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2009/10/14 18:12:12 | 011,808,768 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2009/10/14 17:48:42 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/07/05 06:14:48 | 000,456,192 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/07/05 06:13:16 | 000,708,096 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/06/24 06:45:55 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/06/24 06:45:54 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/06/22 12:34:00 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/06/13 06:39:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/06/12 13:36:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/03/12 09:03:39 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/04 12:21:04 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/01/30 11:10:02 | 000,000,537 | ---- | C] () -- C:\WINDOWS\FICEDULA.INI
[2008/01/04 16:56:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/12/16 18:35:57 | 000,002,898 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/11/26 20:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/10/19 10:48:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2007/07/12 14:13:17 | 000,001,138 | ---- | C] () -- C:\WINDOWS\vampire.ini
[2007/07/11 12:31:00 | 000,000,292 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2007/07/10 11:10:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/05/12 14:15:01 | 000,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2007/04/29 16:14:46 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\fusioncache.dat
[2007/04/11 01:16:47 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/03/29 06:23:44 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
[2007/03/29 06:21:08 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
[2007/03/10 21:31:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/01 09:02:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/02/01 03:10:03 | 000,440,320 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2007/01/16 22:06:09 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/01/11 00:14:36 | 000,000,322 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/08 16:00:57 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/08 15:59:10 | 000,189,952 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/14 05:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/14 05:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 05:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 05:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 05:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 05:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 05:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 05:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2004/10/03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

========== LOP Check ==========

[2007/03/29 06:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2007/01/30 00:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/09/14 15:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2007/04/11 02:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/09/13 23:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine
[2008/07/30 22:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/03/02 18:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Activision
[2009/05/14 01:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\BSplayer
[2009/05/14 01:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\BSplayer Pro
[2007/04/02 13:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\cYo
[2007/03/29 06:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Final Draft
[2007/04/02 13:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\GetRightToGo
[2007/11/06 13:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\HouseCall 6.6
[2007/07/03 22:13:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Paul\Application Data\ijjigame
[2007/02/03 06:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Leadertech
[2008/03/30 15:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\My Battle for Middle-earth™ II Files
[2007/08/07 19:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
[2007/02/14 16:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\NCH Swift Sound
[2010/03/03 23:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\OpenOffice.org
[2007/10/19 10:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Smith Micro
[2009/09/14 23:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Turbine

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/06/27 21:00:25 | 002,330,624 | ---- | M] () -- C:\LaunchPad.exe
[2008/06/27 21:02:04 | 000,011,264 | ---- | M] () -- C:\lp_plugin.exe


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/03/02 15:35:17 | 023,852,700 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/03/02 15:35:17 | 023,852,700 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010/03/02 15:35:17 | 023,852,700 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: AHCIX86.SYS >
[2008/03/07 20:24:52 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\ATI\SUPPORT\8-10_xp32_dd_ccc_wdm_enu_69561\SBDrv\RAID7xx\x86\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/03/02 15:35:17 | 023,852,700 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/03/02 15:35:17 | 023,852,700 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/03/02 15:35:17 | 023,852,700 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2010/03/02 15:40:37 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=1494C60EE680E8E79A2D3E25D5FE50FF -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[18 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

The log for GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-04 11:57:12
Windows 5.1.2600 Service Pack 3
Running: yv0oxnge.exe; Driver: E:\Temp\kwkirkog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAFE200B0]

---- Devices - GMER 1.0.15 ----

Device -> \Driver\atapi \Device\Harddisk0\DR0 8A35CB4C

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x67 0x25 0xC2 0x66 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x90 0x5F 0x7F 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6A 0x51 0xD1 0x46 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x67 0x25 0xC2 0x66 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x90 0x5F 0x7F 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6A 0x51 0xD1 0x46 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x67 0x25 0xC2 0x66 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x90 0x5F 0x7F 0x18 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6A 0x51 0xD1 0x46 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@



#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:50 PM

Posted 05 March 2010 - 07:57 PM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
    [18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.



===========================



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Dan5553

Dan5553
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 05 March 2010 - 11:40 PM

Again, thanks for the response. Here's the OTL Log:

All processes killed
========== OTL ==========
C:\WINDOWS\002954_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml38B.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml38C.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\xml38D.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\ope3E.tmp deleted successfully.
C:\WINDOWS\System32\ope6F.tmp deleted successfully.
C:\WINDOWS\System32\ope7A.tmp deleted successfully.
C:\WINDOWS\System32\ope80.tmp deleted successfully.
C:\WINDOWS\System32\SET39.tmp deleted successfully.
C:\WINDOWS\System32\SET3B.tmp deleted successfully.
C:\WINDOWS\System32\SET42.tmp deleted successfully.
C:\WINDOWS\System32\SET49.tmp deleted successfully.
C:\WINDOWS\System32\SET57.tmp deleted successfully.
C:\WINDOWS\System32\SET62.tmp deleted successfully.
C:\WINDOWS\System32\SET65.tmp deleted successfully.
C:\WINDOWS\System32\SET6E.tmp deleted successfully.
C:\WINDOWS\System32\SET77.tmp deleted successfully.
C:\WINDOWS\System32\SET79.tmp deleted successfully.
C:\WINDOWS\System32\SET7A.tmp deleted successfully.
C:\WINDOWS\System32\SET7C.tmp deleted successfully.
C:\WINDOWS\System32\SET7F.tmp deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 340584 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1906074 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 7171 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3578268 bytes
->Java cache emptied: 5309 bytes
->Flash cache emptied: 7508 bytes

User: Paul
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 929538 bytes
->Java cache emptied: 75178011 bytes
->FireFox cache emptied: 77783293 bytes
->Flash cache emptied: 1622700 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Session Manager Temp folder emptied: 16307429 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 16736960 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 185.00 mb


OTL by OldTimer - Version 3.1.33.0 log created on 03052010_230641

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UPGDU0ZS\20100214_MBB_U301_CoffeeShop_v4_DATRAN_728x90[1].swf moved successfully.

Registry entries deleted on Reboot...

And here's the ComboFix log:

ComboFix 10-03-05.01 - Paul 03/05/2010 23:21:54.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1202 [GMT -5:00]
Running from: c:\documents and settings\Paul\Desktop\Virus stuff\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-02-06 to 2010-03-06 )))))))))))))))))))))))))))))))
.

2010-03-06 04:06 . 2010-03-06 04:06 -------- d-----w- C:\_OTL
2010-03-04 05:50 . 2010-03-04 05:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-03-04 04:38 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-03-04 04:37 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-03-04 04:37 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-04 04:19 . 2010-03-04 04:19 1 ----a-w- c:\documents and settings\Paul\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-04 04:19 . 2010-03-04 04:19 -------- d-----w- c:\documents and settings\Paul\Application Data\OpenOffice.org
2010-03-04 04:06 . 2010-03-04 04:35 -------- d-----w- c:\program files\OpenOffice.org 3
2010-03-04 04:05 . 2010-03-04 04:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-03 18:38 . 2010-03-03 18:38 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-03 18:37 . 2010-03-03 18:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-03-03 04:26 . 2010-03-03 04:26 50504 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-03-03 04:26 . 2010-03-03 04:26 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-03-02 23:31 . 2010-03-02 23:31 -------- d-----w- c:\documents and settings\Paul\Application Data\Activision
2010-03-02 20:45 . 2010-03-02 20:45 -------- d-----w- c:\windows\system32\scripting
2010-03-02 20:45 . 2010-03-02 20:45 -------- d-----w- c:\windows\l2schemas
2010-03-02 20:45 . 2010-03-02 20:45 -------- d-----w- c:\windows\system32\en
2010-03-02 20:45 . 2010-03-02 20:45 -------- d-----w- c:\windows\system32\bits
2010-03-02 20:43 . 2010-03-02 20:43 -------- d-----w- c:\windows\ServicePackFiles
2010-03-02 20:35 . 2010-03-02 20:35 -------- d-----w- c:\windows\EHome
2010-03-02 20:22 . 2010-03-02 20:22 52224 ----a-w- c:\documents and settings\Paul\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-02 20:18 . 2010-03-02 20:18 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-02 13:23 . 2010-03-02 13:23 -------- d-----w- c:\windows\C
2010-02-07 00:43 . 2010-02-07 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-02-06 23:03 . 2010-02-06 23:03 -------- d-----w- c:\documents and settings\Paul\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 18:53 . 2004-08-04 12:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-03-04 05:53 . 2007-01-07 04:33 -------- d-----w- c:\program files\Trillian
2010-03-04 05:50 . 2008-10-31 16:06 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-04 04:06 . 2007-03-16 00:31 -------- d-----w- c:\program files\Common Files\Java
2010-03-04 04:04 . 2007-03-16 00:31 -------- d-----w- c:\program files\Java
2010-03-04 00:47 . 2008-11-17 12:50 -------- d-----w- c:\program files\AC3Filter
2010-03-04 00:23 . 2007-02-26 11:59 -------- d-----w- c:\program files\DScaler5
2010-03-04 00:23 . 2007-02-26 11:59 -------- d-----w- c:\program files\OpenSource Flash Video Splitter
2010-03-03 19:10 . 2007-01-07 06:05 23416 -c--a-w- c:\documents and settings\Paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-03 11:37 . 2008-11-18 09:37 -------- d-----w- c:\program files\Easy Decrypter
2010-03-02 20:48 . 2007-01-06 14:18 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-02 20:17 . 2008-12-06 02:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-06 23:05 . 2007-01-07 05:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-05 10:00 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-25 03:01 . 2009-12-14 20:40 69 ----a-w- c:\documents and settings\Paul\jagex_runescape_preferences2.dat
2009-12-25 03:00 . 2009-12-14 20:38 39 ----a-w- c:\documents and settings\Paul\jagex_runescape_preferences.dat
2009-12-16 18:43 . 2007-01-06 14:14 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-06 14:25 . 2009-12-06 14:25 237568 -c--a-w- c:\windows\Pool of Radiance RoMD remove.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-11-18 10:51 . 2008-11-18 10:51 2 --shatr- c:\windows\winstart.bat
.

------- Sigcheck -------

[-] 2010-03-05 . 1494C60EE680E8E79A2D3E25D5FE50FF . 96512 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot_2010-03-03_04.53.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 12:00 . 2008-05-09 10:53 90112 c:\windows\system32\wshext.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 90112 c:\windows\system32\wshext.dll
+ 2004-08-04 12:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
- 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
- 2004-08-04 12:00 . 2008-04-14 00:12 75776 c:\windows\system32\strmfilt.dll
+ 2004-08-04 12:00 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
+ 2007-01-07 05:20 . 2007-07-27 15:41 26488 c:\windows\system32\spupdsvc.exe
- 2007-01-07 05:20 . 2007-08-11 01:46 26488 c:\windows\system32\spupdsvc.exe
+ 2004-08-04 12:00 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
- 2004-08-04 12:00 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2004-08-04 12:00 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 79872 c:\windows\system32\raschap.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 44544 c:\windows\system32\pngfilt.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 44544 c:\windows\system32\pngfilt.dll
- 2004-08-04 12:00 . 2010-03-02 21:01 77202 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-03-05 17:03 77202 c:\windows\system32\perfc009.dat
- 2007-01-06 14:14 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
+ 2007-01-06 14:14 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 12:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 00:56 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll
+ 2004-08-04 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll
+ 2004-08-04 12:00 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 11264 c:\windows\system32\msrle32.dll
- 2006-11-08 05:03 . 2008-04-23 04:16 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 05:03 . 2010-01-05 10:00 52224 c:\windows\system32\msfeedsbs.dll
- 2007-01-06 14:14 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
+ 2007-01-06 14:14 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
- 2004-08-04 12:00 . 2005-01-28 17:44 96768 c:\windows\system32\logagent.exe
+ 2004-08-04 12:00 . 2008-06-10 10:52 96768 c:\windows\system32\logagent.exe
- 2004-08-04 12:00 . 2008-04-23 04:16 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-04 00:56 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll
+ 2006-11-07 11:26 . 2009-12-31 15:33 13824 c:\windows\system32\ieudinit.exe
- 2006-11-07 11:26 . 2008-04-22 07:39 13824 c:\windows\system32\ieudinit.exe
- 2004-08-04 12:00 . 2008-04-23 04:16 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 12:00 . 2009-12-31 15:33 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-04 12:00 . 2008-04-22 07:39 70656 c:\windows\system32\ie4uinit.exe
+ 2006-10-17 19:58 . 2010-01-05 10:00 63488 c:\windows\system32\icardie.dll
- 2006-10-17 19:58 . 2008-04-23 04:16 63488 c:\windows\system32\icardie.dll
+ 2004-08-04 12:00 . 2009-10-21 05:38 25088 c:\windows\system32\httpapi.dll
+ 2004-08-04 12:00 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
- 2004-08-04 12:00 . 2009-07-29 04:37 81920 c:\windows\system32\fontsub.dll
+ 2004-08-04 12:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2008-05-09 10:53 . 2008-05-09 10:53 90112 c:\windows\system32\dllcache\wshext.dll
+ 2009-11-30 01:02 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
- 2009-11-29 05:00 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-11-29 05:00 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-04 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2007-05-09 02:36 . 2010-01-05 10:00 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-05-09 02:36 . 2008-04-23 04:16 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2004-08-04 12:00 . 2005-01-28 17:44 96768 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-04 12:00 . 2008-06-10 10:52 96768 c:\windows\system32\dllcache\logagent.exe
+ 2009-11-30 01:02 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
- 2004-08-04 12:00 . 2008-04-23 04:16 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
- 2007-05-09 02:36 . 2008-04-22 07:39 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-05-09 02:36 . 2009-12-31 15:33 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2004-08-04 12:00 . 2008-04-23 04:16 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2010-01-05 10:00 . 2010-01-05 10:00 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 12:00 . 2009-12-31 15:33 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 12:00 . 2008-04-22 07:39 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-20 10:04 . 2010-01-05 10:00 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-08-20 10:04 . 2008-04-23 04:16 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2009-07-29 04:37 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll
- 2009-07-29 04:37 . 2009-07-29 04:37 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2010-01-05 10:00 . 2010-01-05 10:00 17408 c:\windows\system32\dllcache\corpol.dll
- 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-06-10 14:13 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
- 2004-08-04 12:00 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll
+ 2004-08-04 12:00 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll
+ 2009-06-25 00:56 . 2009-06-25 00:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2007-04-14 00:58 . 2007-04-14 00:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 01:30 . 2007-04-14 01:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2009-11-29 09:00 . 2009-11-29 09:00 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-03-05 17:02 . 2010-03-05 17:02 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2006-10-27 02:13 . 2006-10-27 02:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XL12CNVP.DLL
+ 2006-10-27 02:07 . 2006-10-27 02:07 17680 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBPROXY.DLL
+ 2010-03-04 20:09 . 2008-04-23 04:16 44544 c:\windows\ie7updates\KB978207-IE7\pngfilt.dll
+ 2010-03-04 20:09 . 2008-04-23 04:16 52224 c:\windows\ie7updates\KB978207-IE7\msfeedsbs.dll
+ 2010-03-04 20:09 . 2008-04-23 04:16 27648 c:\windows\ie7updates\KB978207-IE7\jsproxy.dll
+ 2010-03-04 20:09 . 2008-04-22 07:39 13824 c:\windows\ie7updates\KB978207-IE7\ieudinit.exe
+ 2010-03-04 20:09 . 2008-04-23 04:16 44544 c:\windows\ie7updates\KB978207-IE7\iernonce.dll
+ 2010-03-04 20:09 . 2008-04-14 00:11 81920 c:\windows\ie7updates\KB978207-IE7\ieencode.dll
+ 2010-03-04 20:09 . 2008-04-22 07:39 70656 c:\windows\ie7updates\KB978207-IE7\ie4uinit.exe
+ 2010-03-04 20:09 . 2008-04-23 04:16 63488 c:\windows\ie7updates\KB978207-IE7\icardie.dll
+ 2010-03-04 20:09 . 2008-04-14 00:11 35328 c:\windows\ie7updates\KB978207-IE7\corpol.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-03-04 04:07 . 2010-03-04 04:07 11264 c:\windows\assembly\tmp\AOSY37CG\cli_basetypes.dll
+ 2010-03-04 04:08 . 2010-03-04 04:08 64000 c:\windows\assembly\tmp\2AGKOTX1\cli_cppuhelper.dll
+ 2010-03-04 21:45 . 2010-03-04 21:45 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_abdeb21f\System.Drawing.Design.dll
+ 2010-03-04 21:45 . 2010-03-04 21:45 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_5a64a7ad\CustomMarshalers.dll
+ 2010-03-05 13:31 . 2010-03-05 13:31 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\946c582dd68fd3bd12479841e90391d4\Microsoft.Build.Framework.ni.dll
+ 2010-03-05 13:31 . 2010-03-05 13:31 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\e3adb754fc181d07ba9798064436efab\dfsvc.ni.exe
+ 2010-03-05 13:31 . 2010-03-05 13:31 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4fa74462ee1789cab005c46417ab29d4\Accessibility.ni.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-11-29 09:05 . 2009-11-29 09:05 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-11-29 09:05 . 2009-11-29 09:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-11-29 09:05 . 2009-11-29 09:05 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-11-29 09:05 . 2009-11-29 09:05 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-11-29 09:05 . 2009-11-29 09:05 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-11-29 09:05 . 2009-11-29 09:05 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-03-04 20:09 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975467\update\spcustom.dll
+ 2010-03-04 20:09 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975467\spmsg.dll
+ 2010-03-04 20:10 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973815\update\spcustom.dll
+ 2010-03-04 20:10 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973815\spmsg.dll
+ 2010-03-04 20:08 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB968389\update\spcustom.dll
+ 2010-03-04 20:08 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB968389\spmsg.dll
+ 2009-11-30 01:02 . 2009-06-25 08:41 54272 c:\windows\$hf_mig$\KB968389\SP3QFE\wdigest.dll
+ 2009-11-30 01:02 . 2009-06-25 08:41 56832 c:\windows\$hf_mig$\KB968389\SP3QFE\secur32.dll
+ 2009-11-30 01:02 . 2009-06-24 10:28 92928 c:\windows\$hf_mig$\KB968389\SP3QFE\ksecdd.sys
+ 2010-03-04 21:49 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2010-03-04 21:49 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2010-03-04 20:11 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB960803\update\spcustom.dll
+ 2010-03-04 20:11 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB960803\spmsg.dll
+ 2010-03-04 20:10 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2010-03-04 20:10 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2010-03-04 21:55 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB952004\update\spcustom.dll
+ 2010-03-04 21:55 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB952004\spmsg.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 91648 c:\windows\$hf_mig$\KB952004\SP3QFE\mtxoci.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 66560 c:\windows\$hf_mig$\KB952004\SP3QFE\mtxclu.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 58880 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtclog.dll
- 2009-11-29 09:05 . 2009-11-29 09:05 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll
+ 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2010-03-04 04:07 . 2010-03-04 04:07 3072 c:\windows\assembly\tmp\Z6BFJOSW\policy.1.0.cli_ure.dll
+ 2010-03-04 04:07 . 2010-03-04 04:07 7680 c:\windows\assembly\tmp\X6BFJOSW\cli_ure.dll
+ 2010-03-04 04:07 . 2010-03-04 04:07 3072 c:\windows\assembly\tmp\JQVZ38CG\policy.1.0.cli_basetypes.dll
+ 2010-03-04 04:07 . 2010-03-04 04:07 3072 c:\windows\assembly\tmp\CKOSW159\policy.1.0.cli_uretypes.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-11-29 09:05 . 2009-11-29 09:05 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-11-29 09:04 . 2009-11-29 09:04 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-11-29 09:05 . 2009-11-29 09:05 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 155648 c:\windows\system32\wscript.exe
+ 2004-08-04 12:00 . 2008-05-08 11:24 155648 c:\windows\system32\wscript.exe
+ 2004-08-04 12:00 . 2009-07-13 15:08 286720 c:\windows\system32\wmpdxm.dll
+ 2004-08-04 12:00 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 233472 c:\windows\system32\webcheck.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 233472 c:\windows\system32\webcheck.dll
+ 2004-08-04 12:00 . 2008-05-09 10:53 430080 c:\windows\system32\vbscript.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
- 2004-08-04 12:00 . 2009-07-29 04:37 119808 c:\windows\system32\t2embed.dll
+ 2004-08-04 12:00 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-04 12:00 . 2008-05-09 10:53 172032 c:\windows\system32\scrrun.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 172032 c:\windows\system32\scrrun.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 180224 c:\windows\system32\scrobj.dll
+ 2004-08-04 12:00 . 2008-05-09 10:53 180224 c:\windows\system32\scrobj.dll
+ 2004-08-04 12:00 . 2009-06-25 08:25 147456 c:\windows\system32\schannel.dll
+ 2004-08-04 12:00 . 2009-10-12 13:38 149504 c:\windows\system32\rastls.dll
+ 2004-08-04 12:00 . 2010-03-05 17:03 456536 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-03-02 21:01 456536 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2008-04-23 04:16 102912 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 102912 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 270336 c:\windows\system32\oakley.dll
+ 2004-08-04 12:00 . 2009-10-13 10:30 270336 c:\windows\system32\oakley.dll
+ 2004-08-04 12:00 . 2009-08-05 09:01 204800 c:\windows\system32\mswebdvd.dll
+ 2004-08-04 12:00 . 2009-09-11 14:18 136192 c:\windows\system32\msv1_0.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 671232 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 671232 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 193024 c:\windows\system32\msrating.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 193024 c:\windows\system32\msrating.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 477696 c:\windows\system32\mshtmled.dll
- 2006-11-08 05:03 . 2008-04-23 04:16 459264 c:\windows\system32\msfeeds.dll
+ 2006-11-08 05:03 . 2010-01-05 10:00 459264 c:\windows\system32\msfeeds.dll
- 2007-01-06 14:14 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
+ 2007-01-06 14:14 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
+ 2007-01-06 14:14 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
- 2007-01-06 14:14 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2007-01-06 14:14 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-04 12:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2004-08-04 12:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2010-03-04 04:05 . 2010-03-04 04:04 153376 c:\windows\system32\javaws.exe
+ 2010-03-04 04:05 . 2010-03-04 04:04 145184 c:\windows\system32\javaw.exe
+ 2010-03-04 04:05 . 2010-03-04 04:04 145184 c:\windows\system32\java.exe
- 2007-01-06 14:16 . 2008-04-14 00:11 691712 c:\windows\system32\inetcomm.dll
+ 2007-01-06 14:16 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
+ 2006-10-17 19:57 . 2010-01-05 10:00 268288 c:\windows\system32\iertutil.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 192512 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 385024 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 19:27 . 2010-01-05 10:00 380928 c:\windows\system32\ieapfltr.dll
+ 2004-08-04 12:00 . 2009-12-18 13:04 161792 c:\windows\system32\ieakui.dll
- 2004-08-04 12:00 . 2008-04-20 05:07 161792 c:\windows\system32\ieakui.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 153088 c:\windows\system32\ieakeng.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-04 12:00 . 2008-10-23 12:36 286720 c:\windows\system32\gdi32.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 133120 c:\windows\system32\extmgr.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 347136 c:\windows\system32\dxtmsft.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-12-04 18:22 455424 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-04 12:00 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys
+ 2008-05-08 11:24 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe
+ 2004-08-04 12:00 . 2009-07-13 15:08 286720 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 832512 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 105984 c:\windows\system32\dllcache\url.dll
- 2009-07-29 04:37 . 2009-07-29 04:37 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-07-29 04:37 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-12-08 09:23 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 172032 c:\windows\system32\dllcache\scrrun.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 180224 c:\windows\system32\dllcache\scrobj.dll
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
+ 2009-11-30 05:18 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-11-30 01:02 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 193024 c:\windows\system32\dllcache\msrating.dll
+ 2009-12-16 18:43 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2004-08-04 12:00 . 2010-01-05 10:00 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-09 02:36 . 2008-04-23 04:16 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-09 02:36 . 2010-01-05 10:00 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-11-30 05:24 . 2008-05-01 14:33 331776 c:\windows\system32\dllcache\msadce.dll
+ 2009-11-29 04:47 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-11-30 01:02 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-11-30 05:23 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2007-01-06 14:16 . 2009-12-18 13:05 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2007-05-09 02:36 . 2010-01-05 10:00 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-05-09 02:36 . 2010-01-05 10:00 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-04 12:00 . 2009-12-18 13:04 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-04 12:00 . 2008-04-20 05:07 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2008-10-23 12:36 . 2008-10-23 12:36 286720 c:\windows\system32\dllcache\gdi32.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-05-07 09:07 . 2008-05-07 09:07 135168 c:\windows\system32\dllcache\cscript.exe
- 2004-08-04 12:00 . 2008-04-23 04:16 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 12:00 . 2008-05-07 09:07 135168 c:\windows\system32\cscript.exe
+ 2004-08-04 12:00 . 2010-01-05 10:00 124928 c:\windows\system32\advpack.dll
- 2004-08-04 12:00 . 2008-04-23 04:16 124928 c:\windows\system32\advpack.dll
+ 2009-08-08 04:51 . 2009-08-08 04:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2007-04-14 00:58 . 2007-04-14 00:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 00:56 . 2007-04-14 00:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 01:30 . 2007-04-14 01:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-03-04 04:06 . 2010-03-04 04:06 178176 c:\windows\Installer\b23ba0.msi
+ 2010-03-04 04:04 . 2010-03-04 04:04 577536 c:\windows\Installer\b23b9a.msi
+ 2006-10-27 01:49 . 2006-10-27 01:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12CVR.DLL
+ 2010-03-04 20:09 . 2008-04-23 04:16 826368 c:\windows\ie7updates\KB978207-IE7\wininet.dll
+ 2010-03-04 20:09 . 2008-04-23 04:16 233472 c:\windows\ie7updates\KB978207-IE7\webcheck.dll
+ 2010-03-04 20:09 . 2008-04-23 04:16 105984 c:\windows\ie7updates\KB978207-IE7\url.dll
+ 2010-03-04 20:09 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB978207-IE7\spuninst\updspapi.dll
+ 2010-03-04 20:09 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB978207-IE7\spuninst\spuninst.exe
+ 2010-03-04 20:09 . 2008-04-23 04:16 102912 c:\windows\ie7updates\KB978207-IE7\occache.dll
+ 2010-03-04 20:09 . 2008-04-23 04:16 671232 c:\windows\ie7updates\KB978207-IE7\mstime.dll
+ 2010-03-04 20:09 . 2008-04-23 04:16 193024 c:\windows\ie7updates\KB978207-IE7\msrating.dll
+ 2010-03-04 20:09 . 2008-04-23 04:16 478208 c:\windows\ie7updates\KB978207-IE7\mshtmled.dll
+ 2010-03-04 20:09 . 2008-04-23 04:16 459264 c:\windows\ie7updates\KB978207-IE7\msfeeds.dll
+ 2010-03-04 20:09 . 2008-04-22 07:40 625664 c:\windows\ie7updates\KB978207-IE7\iexplore.exe
+ 2010-03-04 20:09 . 2008-04-23 04:16 267776 c:\windows\ie7updates\KB978207-IE7\iertutil.dll
+ 2010-03-04 20:09 . 2006-11-08 05:03 191488 c:\windows\ie7updates\KB978207-IE7\iepeers.dll
+ 2010-03-04 20:09 . 2008-04-23 04:16 384512 c:\windows\ie7updates\KB978207-IE7\iedkcs32.dll
+ 2010-03-04 20:09 . 2008-04-23 04:16 383488 c:\windows\ie7updates\KB978207-IE7\ieapfltr.dll
+ 2010-03-04 20:09 . 2008-04-20 05:07 161792 c:\windows\ie7updates\KB978207-IE7\ieakui.dll
+ 2010-03-04 20:09 . 2008-04-23 04:16 230400 c:\windows\ie7updates\KB978207-IE7\ieaksie.dll
+ 2010-03-04 20:09 . 2008-04-23 04:16 153088 c:\windows\ie7updates\KB978207-IE7\ieakeng.dll
+ 2010-03-04 20:09 . 2008-04-23 04:16 133120 c:\windows\ie7updates\KB978207-IE7\extmgr.dll
+ 2010-03-04 20:09 . 2008-04-23 04:16 214528 c:\windows\ie7updates\KB978207-IE7\dxtrans.dll
+ 2010-03-04 20:09 . 2008-04-23 04:16 347136 c:\windows\ie7updates\KB978207-IE7\dxtmsft.dll
+ 2010-03-04 20:09 . 2008-04-23 04:16 124928 c:\windows\ie7updates\KB978207-IE7\advpack.dll
+ 2010-03-04 04:37 . 2009-12-04 18:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2010-03-04 04:08 . 2010-03-04 04:08 856064 c:\windows\assembly\tmp\7EINRVZ4\cli_oootypes.dll
+ 2010-03-04 04:07 . 2010-03-04 04:07 118784 c:\windows\assembly\tmp\6DHLQUY3\cli_uretypes.dll
+ 2010-03-04 21:46 . 2010-03-04 21:46 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_b5cea6da\System.Drawing.dll
+ 2010-03-04 21:46 . 2010-03-04 21:46 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_9ccf9b8e\System.Drawing.Design.dll
+ 2010-03-04 21:46 . 2010-03-04 21:46 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_6fac2379\CustomMarshalers.dll
+ 2010-03-05 13:32 . 2010-03-05 13:32 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\f5c7138d9d04f3a1561f41aec9835ea2\System.Web.RegularExpressions.ni.dll
+ 2010-03-05 13:31 . 2010-03-05 13:31 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b0fe8f366b80db700a9ddd6ca535cc91\System.Transactions.ni.dll
+ 2010-03-05 13:31 . 2010-03-05 13:31 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7c95f4d3cbeb0dd34d76358bbec3047\System.ServiceProcess.ni.dll
+ 2010-03-05 13:31 . 2010-03-05 13:31 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\78612dcaab25f029217743b04c525984\System.Security.ni.dll
+ 2010-03-05 13:31 . 2010-03-05 13:31 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\6631ed8566af6d3d8563fc4c0c2578d9\System.EnterpriseServices.Wrapper.dll
+ 2010-03-05 13:31 . 2010-03-05 13:31 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\6631ed8566af6d3d8563fc4c0c2578d9\System.EnterpriseServices.ni.dll
+ 2010-03-05 02:45 . 2010-03-05 02:45 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e79cacbe1259ef88b1fa03a01b6fc6bf\System.Drawing.Design.ni.dll
+ 2010-03-05 13:31 . 2010-03-05 13:31 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\5a685b5957b5155da7a937049a06956c\System.DirectoryServices.Protocols.ni.dll
+ 2010-03-05 13:31 . 2010-03-05 13:31 970752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\60b25b27fbf5f0f94fd65fcbdc3f3b2b\System.Configuration.ni.dll
+ 2010-03-05 13:31 . 2010-03-05 13:31 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\5d384f36fdd4c4d3cce61de683838265\Microsoft.Build.Utilities.ni.dll
+ 2010-03-05 13:31 . 2010-03-05 13:31 838656 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\647ad95bdbd360b742b66bbb6ec24b3f\Microsoft.Build.Engine.ni.dll
+ 2010-03-05 13:31 . 2010-03-05 13:31 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\ed7165f230179ddb231ebfc2a6177bc8\CustomMarshalers.ni.dll
+ 2010-03-05 13:31 . 2010-03-05 13:31 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\41f25f2d4d997096a964c47068035da2\AspNetMMCExt.ni.dll
- 2009-11-29 09:05 . 2009-11-29 09:05 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-11-29 09:05 . 2009-11-29 09:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-11-29 09:05 . 2009-11-29 09:05 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-11-29 09:05 . 2009-11-29 09:05 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2004-08-04 12:00 . 2009-11-21 15:51 471552 c:\windows\AppPatch\aclayers.dll
+ 2010-03-04 20:09 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975467\update\updspapi.dll
+ 2010-03-04 20:09 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975467\update\update.exe
+ 2010-03-04 20:09 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975467\spuninst.exe
+ 2009-11-30 01:01 . 2009-09-11 14:13 136704 c:\windows\$hf_mig$\KB975467\SP3QFE\msv1_0.dll
+ 2010-03-04 20:10 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973815\update\updspapi.dll
+ 2010-03-04 20:10 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973815\update\update.exe
+ 2010-03-04 20:10 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973815\spuninst.exe
+ 2009-11-30 05:18 . 2009-08-05 08:52 204800 c:\windows\$hf_mig$\KB973815\SP3QFE\mswebdvd.dll
+ 2010-03-04 20:08 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB968389\update\updspapi.dll
+ 2010-03-04 20:08 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB968389\update\update.exe
+ 2010-03-04 20:08 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB968389\spuninst.exe
+ 2009-11-30 01:02 . 2009-06-25 08:41 147456 c:\windows\$hf_mig$\KB968389\SP3QFE\schannel.dll
+ 2009-11-30 01:02 . 2009-06-25 08:41 136704 c:\windows\$hf_mig$\KB968389\SP3QFE\msv1_0.dll
+ 2009-06-26 20:11 . 2009-06-26 20:11 730112 c:\windows\$hf_mig$\KB968389\SP3QFE\lsasrv.dll
+ 2009-11-30 01:02 . 2009-06-25 08:41 301568 c:\windows\$hf_mig$\KB968389\SP3QFE\kerberos.dll
+ 2010-03-04 21:49 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB967715\update\updspapi.dll
+ 2010-03-04 21:49 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2010-03-04 21:49 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2010-03-04 20:11 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB960803\update\updspapi.dll
+ 2010-03-04 20:11 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB960803\update\update.exe
+ 2010-03-04 20:11 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB960803\spuninst.exe
+ 2008-12-16 12:22 . 2008-12-16 12:22 354304 c:\windows\$hf_mig$\KB960803\SP3QFE\winhttp.dll
+ 2010-03-04 20:10 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2010-03-04 20:10 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2010-03-04 20:10 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-10-23 12:43 . 2008-10-23 12:43 286720 c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2010-03-04 21:55 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB952004\update\updspapi.dll
+ 2010-03-04 21:55 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB952004\update\update.exe
+ 2010-03-04 21:55 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB952004\spuninst.exe
+ 2008-06-12 14:09 . 2008-06-12 14:09 161792 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtcuiu.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 956928 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtctm.dll
+ 2008-06-12 14:09 . 2008-06-12 14:09 428032 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtcprx.dll
+ 2004-08-04 12:00 . 2009-07-13 15:08 5537792 c:\windows\system32\wmp.dll
- 2004-08-04 12:00 . 2007-04-30 12:20 5537792 c:\windows\system32\wmp.dll
+ 2004-08-04 12:00 . 2008-06-10 11:28 1028096 c:\windows\system32\WMNetmgr.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 1168384 c:\windows\system32\urlmon.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 8461312 c:\windows\system32\shell32.dll
+ 2004-08-04 12:00 . 2008-06-17 19:02 8461312 c:\windows\system32\shell32.dll
+ 2004-08-04 12:00 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2004-08-04 12:00 . 2009-08-05 01:44 2189184 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2009-08-04 14:20 2066048 c:\windows\system32\ntkrnlpa.exe
- 2004-08-03 22:59 . 2009-02-08 00:02 2066048 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 12:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2007-01-06 14:14 . 2009-06-10 14:19 2066432 c:\windows\system32\mstscax.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 3599360 c:\windows\system32\mshtml.dll
+ 2006-11-08 05:03 . 2010-01-05 10:00 6067200 c:\windows\system32\ieframe.dll
+ 2006-09-06 07:01 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat
+ 2007-01-06 06:03 . 2010-03-04 05:13 1456920 c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 12:00 . 2007-04-30 12:20 5537792 c:\windows\system32\dllcache\wmp.dll
+ 2004-08-04 12:00 . 2009-07-13 15:08 5537792 c:\windows\system32\dllcache\wmp.dll
+ 2004-08-04 12:00 . 2008-06-10 11:28 1028096 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2008-06-17 19:02 8461312 c:\windows\system32\dllcache\shell32.dll
+ 2008-05-07 05:12 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2009-11-29 04:47 . 2009-08-05 01:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-11-29 04:47 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-11-29 04:47 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-02-08 00:02 . 2009-02-08 00:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-02-08 00:02 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-11-29 04:47 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-11-29 04:47 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-11-30 05:21 . 2009-07-31 15:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2004-08-04 12:00 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2007-01-06 14:14 . 2009-06-10 14:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2009-11-30 05:24 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 3599360 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-09 02:36 . 2010-01-05 10:00 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2007-05-09 02:36 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-08-08 04:51 . 2009-08-08 04:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-08-08 04:51 . 2009-08-08 04:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 00:50 . 2007-04-14 00:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-08-18 17:58 . 2009-08-18 17:58 8301056 c:\windows\Installer\58e859.msp
+ 2009-04-24 17:31 . 2009-04-24 17:31 1425920 c:\windows\Installer\58e84f.msp
+ 2009-04-24 17:30 . 2009-04-24 17:30 2583552 c:\windows\Installer\58e844.msp
+ 2009-07-27 09:31 . 2009-07-27 09:31 3738624 c:\windows\Installer\58e839.msp
+ 2010-03-04 20:09 . 2008-04-23 04:16 1159680 c:\windows\ie7updates\KB978207-IE7\urlmon.dll
+ 2010-03-04 20:09 . 2008-04-24 02:16 3591680 c:\windows\ie7updates\KB978207-IE7\mshtml.dll
+ 2010-03-04 20:09 . 2008-04-23 04:16 6066176 c:\windows\ie7updates\KB978207-IE7\ieframe.dll
+ 2010-03-04 20:09 . 2007-04-17 09:28 2455488 c:\windows\ie7updates\KB978207-IE7\ieapfltr.dat
+ 2009-11-29 04:47 . 2009-08-05 01:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-11-29 04:47 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-11-29 04:47 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-08 00:02 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-02-08 00:02 . 2009-02-08 00:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-11-29 04:47 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-11-29 04:47 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-03-04 21:46 . 2010-03-04 21:46 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_9e510828\System.dll
+ 2010-03-04 21:45 . 2010-03-04 21:45 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2142ce6b\System.dll
+ 2010-03-04 21:46 . 2010-03-04 21:46 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_ab7d2425\System.Xml.dll
+ 2010-03-04 21:47 . 2010-03-04 21:47 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_5109c39b\System.Xml.dll
+ 2010-03-04 21:46 . 2010-03-04 21:46 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b7321e3f\System.Windows.Forms.dll
+ 2010-03-04 21:46 . 2010-03-04 21:46 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6d37ac8a\System.Windows.Forms.dll
+ 2010-03-04 21:47 . 2010-03-04 21:47 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_67bacc5d\System.Drawing.dll
+ 2010-03-04 21:47 . 2010-03-04 21:47 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_ef8286c1\System.Design.dll
+ 2010-03-04 21:46 . 2010-03-04 21:46 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_6ee682c2\System.Design.dll
+ 2010-03-04 21:46 . 2010-03-04 21:46 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a431e3ea\mscorlib.dll
+ 2010-03-04 21:47 . 2010-03-04 21:47 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0bf92a6f\mscorlib.dll
+ 2010-03-05 02:43 . 2010-03-05 02:43 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\2e356db128ec7354bd70a3ecc84b1f87\System.ni.dll
+ 2010-03-05 02:46 . 2010-03-05 02:46 5450240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\28cee07c1277b35abcb83560cd8c677c\System.Xml.ni.dll
+ 2010-03-05 13:32 . 2010-03-05 13:32 1840128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f4f2da215c1558cc952f993b46cee500\System.Web.Services.ni.dll
+ 2010-03-05 13:32 . 2010-03-05 13:32 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\2c2359a43c0623f343893805ed50e320\System.Web.Mobile.ni.dll
+ 2010-03-05 02:45 . 2010-03-05 02:45 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f9c517646d0706b9c61a41af685ff6b7\System.Drawing.ni.dll
+ 2010-03-05 13:31 . 2010-03-05 13:31 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\35ed64ce9b52d5c0d8fd7bc57b4d7567\System.DirectoryServices.ni.dll
+ 2010-03-05 13:31 . 2010-03-05 13:31 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\6d697a2d4a40e33d2bef6f013bc24172\System.Deployment.ni.dll
+ 2010-03-05 02:44 . 2010-03-05 02:44 6615040 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\288044f77c184ff68e0200f762c395f4\System.Data.ni.dll
+ 2010-03-05 13:31 . 2010-03-05 13:31 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\78e5f513b0f72eefd2520487234e2682\Microsoft.VisualBasic.ni.dll
+ 2010-03-05 13:31 . 2010-03-05 13:31 1620480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\8f93d800182e905d077708000000c2ed\Microsoft.Build.Tasks.ni.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-11-29 09:05 . 2009-11-29 09:05 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-11-29 09:05 . 2009-11-29 09:05 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-11-29 09:05 . 2009-11-29 09:05 5238784 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 5238784 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-11-29 09:04 . 2009-11-29 09:04 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-03-05 02:41 . 2010-03-05 02:41 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-07-11 14:07 . 2007-07-11 14:07 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-03-04 21:45 . 2010-03-04 21:45 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2007-07-11 14:07 . 2007-07-11 14:07 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-03-04 21:45 . 2010-03-04 21:45 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-06-17 19:04 . 2008-06-17 19:04 8461824 c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2009-08-11 02:08 . 2009-08-11 02:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2010-02-02 13:09 . 2010-02-02 13:09 10177536 c:\windows\Installer\b23ba1.msi
+ 2009-08-15 01:32 . 2009-08-15 01:32 11110912 c:\windows\Installer\58e85b.msp
+ 2009-08-10 19:09 . 2009-08-10 19:09 17254912 c:\windows\Installer\58e831.msp
+ 2009-02-26 00:07 . 2009-02-26 00:07 11646464 c:\windows\Installer\58e819.msp
+ 2009-04-04 12:35 . 2009-04-04 12:35 38325760 c:\windows\Installer\49bcf.msp
+ 2009-08-15 01:32 . 2009-08-15 01:32 11110912 c:\windows\Installer\2be9b.msp
+ 2010-03-05 02:46 . 2010-03-05 02:46 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1d1239cae67610d8659752751abc7856\System.Windows.Forms.ni.dll
+ 2010-03-05 13:32 . 2010-03-05 13:32 11792384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\7ab978a5d4256384ba0af0dc24198117\System.Web.ni.dll
+ 2010-03-05 02:45 . 2010-03-05 02:45 10682368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\5f5f201fb2705a1523212fcaf593bf5e\System.Design.ni.dll
+ 2010-03-05 02:43 . 2010-03-05 02:43 11485184 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\4b10d8196bb368996ec5d24fca777456\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-05-26 257088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\documents and settings\Paul\My Documents\sonata.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= c:\documents and settings\Paul\My Documents\arctica.jpg
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\LucasArts\\SWKotOR2\\swupdate.exe"=
"c:\\LaunchPad.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"e:\\Program Files\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Python25\\pythonw.exe"=
"e:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=
"e:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP4\\WNt500x86\\RpcSandraSrv.exe"=
"e:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"e:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"e:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"e:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/18/2007 10:51 PM 685816]
S3 BABV;BABV;e:\temp\BABV.exe --> e:\temp\BABV.exe [?]
S3 jnv4_mib;jnv4_mib;\??\c:\docume~1\Paul\LOCALS~1\Temp\jnv4_mib.sys --> c:\docume~1\Paul\LOCALS~1\Temp\jnv4_mib.sys [?]
S3 LiveTurbineMessageService;Turbine Message Service - Live;e:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [9/13/2009 11:43 PM 267760]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;e:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [9/13/2009 11:43 PM 218608]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [11/18/2008 7:33 AM 30946]
S3 QD;QD;c:\docume~1\Paul\LOCALS~1\Temp\QD.exe --> c:\docume~1\Paul\LOCALS~1\Temp\QD.exe [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe [10/14/2009 6:12 PM 99176]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
Trusted Zone: thatguywiththeglasses.com\www
FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\fq0f9926.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 23:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A35CB4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf74accb8
\Driver\atapi -> atapi.sys @ 0xf78567b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: VIA Compatable Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7a37bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7a44a21
SendHandler -> NDIS.sys @ 0xf7a2287b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-57989841-1035525444-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:cf,b1,33,2c,c4,99,59,73,d1,90,88,f3,3a,0b,e9,b3,ed,a1,bd,6a,eb,09,b0,
dd,9c,33,4c,5f,45,f2,4b,35,7c,d7,2e,0d,a6,b9,c7,f9,3a,9f,27,ef,f6,62,ad,bc,\
"??"=hex:0c,7c,41,a4,91,f9,e7,98,45,71,04,fa,39,81,4a,00

[HKEY_USERS\S-1-5-21-57989841-1035525444-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:39,69,a7,e0,be,6c,b2,fe,d0,22,99,56,71,01,9d,a6,88,69,1e,8d,59,
dd,90,c6,e2,1b,60,68,23,df,9d,3f,13,d7,39,2a,49,33,38,16,f9,66,b9,d7,61,c0,\
"rkeysecu"=hex:a1,e7,84,55,19,98,6b,f0,92,8d,aa,16,b8,94,68,a1

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(676)
c:\windows\system32\WININET.dll
.
Completion time: 2010-03-05 23:38:22
ComboFix-quarantined-files.txt 2010-03-06 04:38
ComboFix2.txt 2010-03-03 19:41
ComboFix3.txt 2010-03-03 05:01
ComboFix4.txt 2009-11-29 10:23

Pre-Run: 3,883,880,448 bytes free
Post-Run: 3,843,186,688 bytes free

- - End Of File - - B21F875788867C48E8E92FE7F7A73CD9


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:50 PM

Posted 06 March 2010 - 03:10 PM

We need to run this special tool.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • If prompted to reboot, please do so.
  • When it is done, a log file should be created on your desktop called "TDSSKiller.txt" please copy and paste the contents of that file here.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Dan5553

Dan5553
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 06 March 2010 - 04:15 PM

Well, there's certainly a noticeable improvement already...it actually booted up normally without me having to prompt it to go into Debug Mode. Here's the log file:

16:11:11:312 3664 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
16:11:11:312 3664 ================================================================================
16:11:11:312 3664 SystemInfo:

16:11:11:312 3664 OS Version: 5.1.2600 ServicePack: 3.0
16:11:11:312 3664 Product type: Workstation
16:11:11:312 3664 ComputerName: DONG-8EB1AD83BF
16:11:11:312 3664 UserName: Paul
16:11:11:312 3664 Windows directory: C:\WINDOWS
16:11:11:312 3664 Processor architecture: Intel x86
16:11:11:312 3664 Number of processors: 1
16:11:11:312 3664 Page size: 0x1000
16:11:11:640 3664 Boot type: Normal boot
16:11:11:640 3664 ================================================================================
16:11:11:656 3664 UnloadDriverW: NtUnloadDriver error 2
16:11:11:656 3664 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
16:11:11:734 3664 Initialize success
16:11:11:734 3664
16:11:11:734 3664 Scanning Services ...
16:11:11:734 3664 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
16:11:11:734 3664 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:11:11:734 3664 wfopen_ex: Trying to KLMD file open
16:11:11:734 3664 wfopen_ex: File opened ok (Flags 2)
16:11:11:734 3664 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
16:11:11:734 3664 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:11:11:734 3664 wfopen_ex: Trying to KLMD file open
16:11:11:734 3664 wfopen_ex: File opened ok (Flags 2)
16:11:12:265 3664 GetAdvancedServicesInfo: Raw services enum returned 321 services
16:11:12:281 3664 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
16:11:12:281 3664 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
16:11:12:281 3664
16:11:12:281 3664 Scanning Kernel memory ...
16:11:12:281 3664 Devices to scan: 4
16:11:12:281 3664
16:11:12:281 3664 Driver Name: Disk
16:11:12:281 3664 IRP_MJ_CREATE : F763DBB0
16:11:12:281 3664 IRP_MJ_CREATE_NAMED_PIPE : 804FA87E
16:11:12:281 3664 IRP_MJ_CLOSE : F763DBB0
16:11:12:281 3664 IRP_MJ_READ : F7637D1F
16:11:12:281 3664 IRP_MJ_WRITE : F7637D1F
16:11:12:281 3664 IRP_MJ_QUERY_INFORMATION : 804FA87E
16:11:12:281 3664 IRP_MJ_SET_INFORMATION : 804FA87E
16:11:12:281 3664 IRP_MJ_QUERY_EA : 804FA87E
16:11:12:281 3664 IRP_MJ_SET_EA : 804FA87E
16:11:12:281 3664 IRP_MJ_FLUSH_BUFFERS : F76382E2
16:11:12:281 3664 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E
16:11:12:281 3664 IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E
16:11:12:281 3664 IRP_MJ_DIRECTORY_CONTROL : 804FA87E
16:11:12:281 3664 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E
16:11:12:281 3664 IRP_MJ_DEVICE_CONTROL : F76383BB
16:11:12:281 3664 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BF28
16:11:12:281 3664 IRP_MJ_SHUTDOWN : F76382E2
16:11:12:281 3664 IRP_MJ_LOCK_CONTROL : 804FA87E
16:11:12:281 3664 IRP_MJ_CLEANUP : 804FA87E
16:11:12:281 3664 IRP_MJ_CREATE_MAILSLOT : 804FA87E
16:11:12:281 3664 IRP_MJ_QUERY_SECURITY : 804FA87E
16:11:12:281 3664 IRP_MJ_SET_SECURITY : 804FA87E
16:11:12:281 3664 IRP_MJ_POWER : F7639C82
16:11:12:281 3664 IRP_MJ_SYSTEM_CONTROL : F763E99E
16:11:12:281 3664 IRP_MJ_DEVICE_CHANGE : 804FA87E
16:11:12:281 3664 IRP_MJ_QUERY_QUOTA : 804FA87E
16:11:12:281 3664 IRP_MJ_SET_QUOTA : 804FA87E
16:11:12:312 3664 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
16:11:12:312 3664 sion
16:11:12:328 3664 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
16:11:12:328 3664
16:11:12:328 3664 Driver Name: Disk
16:11:12:328 3664 IRP_MJ_CREATE : F763DBB0
16:11:12:328 3664 IRP_MJ_CREATE_NAMED_PIPE : 804FA87E
16:11:12:328 3664 IRP_MJ_CLOSE : F763DBB0
16:11:12:328 3664 IRP_MJ_READ : F7637D1F
16:11:12:328 3664 IRP_MJ_WRITE : F7637D1F
16:11:12:328 3664 IRP_MJ_QUERY_INFORMATION : 804FA87E
16:11:12:328 3664 IRP_MJ_SET_INFORMATION : 804FA87E
16:11:12:328 3664 IRP_MJ_QUERY_EA : 804FA87E
16:11:12:328 3664 IRP_MJ_SET_EA : 804FA87E
16:11:12:328 3664 IRP_MJ_FLUSH_BUFFERS : F76382E2
16:11:12:328 3664 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E
16:11:12:328 3664 IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E
16:11:12:328 3664 IRP_MJ_DIRECTORY_CONTROL : 804FA87E
16:11:12:328 3664 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E
16:11:12:328 3664 IRP_MJ_DEVICE_CONTROL : F76383BB
16:11:12:328 3664 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BF28
16:11:12:328 3664 IRP_MJ_SHUTDOWN : F76382E2
16:11:12:328 3664 IRP_MJ_LOCK_CONTROL : 804FA87E
16:11:12:328 3664 IRP_MJ_CLEANUP : 804FA87E
16:11:12:328 3664 IRP_MJ_CREATE_MAILSLOT : 804FA87E
16:11:12:328 3664 IRP_MJ_QUERY_SECURITY : 804FA87E
16:11:12:328 3664 IRP_MJ_SET_SECURITY : 804FA87E
16:11:12:328 3664 IRP_MJ_POWER : F7639C82
16:11:12:328 3664 IRP_MJ_SYSTEM_CONTROL : F763E99E
16:11:12:328 3664 IRP_MJ_DEVICE_CHANGE : 804FA87E
16:11:12:328 3664 IRP_MJ_QUERY_QUOTA : 804FA87E
16:11:12:328 3664 IRP_MJ_SET_QUOTA : 804FA87E
16:11:12:328 3664 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
16:11:12:328 3664 sion
16:11:12:343 3664 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
16:11:12:343 3664
16:11:12:343 3664 Driver Name: atapi
16:11:12:343 3664 IRP_MJ_CREATE : F785A572
16:11:12:343 3664 IRP_MJ_CREATE_NAMED_PIPE : 804FA87E
16:11:12:343 3664 IRP_MJ_CLOSE : F785A572
16:11:12:343 3664 IRP_MJ_READ : 804FA87E
16:11:12:343 3664 IRP_MJ_WRITE : 804FA87E
16:11:12:343 3664 IRP_MJ_QUERY_INFORMATION : 804FA87E
16:11:12:343 3664 IRP_MJ_SET_INFORMATION : 804FA87E
16:11:12:343 3664 IRP_MJ_QUERY_EA : 804FA87E
16:11:12:343 3664 IRP_MJ_SET_EA : 804FA87E
16:11:12:343 3664 IRP_MJ_FLUSH_BUFFERS : 804FA87E
16:11:12:343 3664 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E
16:11:12:343 3664 IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E
16:11:12:343 3664 IRP_MJ_DIRECTORY_CONTROL : 804FA87E
16:11:12:343 3664 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E
16:11:12:343 3664 IRP_MJ_DEVICE_CONTROL : F785A592
16:11:12:343 3664 IRP_MJ_INTERNAL_DEVICE_CONTROL : F78567B4
16:11:12:343 3664 IRP_MJ_SHUTDOWN : 804FA87E
16:11:12:343 3664 IRP_MJ_LOCK_CONTROL : 804FA87E
16:11:12:343 3664 IRP_MJ_CLEANUP : 804FA87E
16:11:12:343 3664 IRP_MJ_CREATE_MAILSLOT : 804FA87E
16:11:12:343 3664 IRP_MJ_QUERY_SECURITY : 804FA87E
16:11:12:343 3664 IRP_MJ_SET_SECURITY : 804FA87E
16:11:12:343 3664 IRP_MJ_POWER : F785A5BC
16:11:12:343 3664 IRP_MJ_SYSTEM_CONTROL : F7861164
16:11:12:343 3664 IRP_MJ_DEVICE_CHANGE : 804FA87E
16:11:12:343 3664 IRP_MJ_QUERY_QUOTA : 804FA87E
16:11:12:343 3664 IRP_MJ_SET_QUOTA : 804FA87E
16:11:12:343 3664 siohd: 0
16:11:12:343 3664 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Corrupted
16:11:12:343 3664 (silent) File C:\WINDOWS\system32\DRIVERS\atapi.sys possibly corrupted by TDSS rootkit
16:11:12:343 3664
16:11:12:343 3664 Driver Name: atapi
16:11:12:343 3664 IRP_MJ_CREATE : 8A35CB4C
16:11:12:343 3664 IRP_MJ_CREATE_NAMED_PIPE : 8A35CB4C
16:11:12:343 3664 IRP_MJ_CLOSE : 8A35CB4C
16:11:12:343 3664 IRP_MJ_READ : 8A35CB4C
16:11:12:343 3664 IRP_MJ_WRITE : 8A35CB4C
16:11:12:343 3664 IRP_MJ_QUERY_INFORMATION : 8A35CB4C
16:11:12:343 3664 IRP_MJ_SET_INFORMATION : 8A35CB4C
16:11:12:343 3664 IRP_MJ_QUERY_EA : 8A35CB4C
16:11:12:343 3664 IRP_MJ_SET_EA : 8A35CB4C
16:11:12:343 3664 IRP_MJ_FLUSH_BUFFERS : 8A35CB4C
16:11:12:343 3664 IRP_MJ_QUERY_VOLUME_INFORMATION : 8A35CB4C
16:11:12:343 3664 IRP_MJ_SET_VOLUME_INFORMATION : 8A35CB4C
16:11:12:343 3664 IRP_MJ_DIRECTORY_CONTROL : 8A35CB4C
16:11:12:343 3664 IRP_MJ_FILE_SYSTEM_CONTROL : 8A35CB4C
16:11:12:343 3664 IRP_MJ_DEVICE_CONTROL : 8A35CB4C
16:11:12:343 3664 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A35CB4C
16:11:12:343 3664 IRP_MJ_SHUTDOWN : 8A35CB4C
16:11:12:343 3664 IRP_MJ_LOCK_CONTROL : 8A35CB4C
16:11:12:343 3664 IRP_MJ_CLEANUP : 8A35CB4C
16:11:12:343 3664 IRP_MJ_CREATE_MAILSLOT : 8A35CB4C
16:11:12:343 3664 IRP_MJ_QUERY_SECURITY : 8A35CB4C
16:11:12:343 3664 IRP_MJ_SET_SECURITY : 8A35CB4C
16:11:12:343 3664 IRP_MJ_POWER : 8A35CB4C
16:11:12:343 3664 IRP_MJ_SYSTEM_CONTROL : 8A35CB4C
16:11:12:343 3664 IRP_MJ_DEVICE_CHANGE : 8A35CB4C
16:11:12:343 3664 IRP_MJ_QUERY_QUOTA : 8A35CB4C
16:11:12:343 3664 IRP_MJ_SET_QUOTA : 8A35CB4C
16:11:12:343 3664 ihd: 0, 0, 697, 138, 3, 120, 1
16:11:12:343 3664 Driver "atapi" Irp handler infected by TDSS rootkit ... 16:11:12:343 3664 cured
16:11:12:343 3664 Driver "atapi" StartIo handler infected by TDSS rootkit ... 16:11:12:343 3664 cured
16:11:12:359 3664 siohd: 0
16:11:12:375 3664 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Infected
16:11:12:375 3664 File C:\WINDOWS\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 16:11:12:375 3664 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
16:11:12:375 3664 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
16:11:12:625 3664 vfvi6
16:11:12:796 3664 !dsvbh1
16:11:16:015 3664 dsvbh2
16:11:16:015 3664 fdfb2
16:11:16:015 3664 Backup copy found, using it..
16:11:16:062 3664 will be cured on next reboot
16:11:16:062 3664 Reboot required for cure complete..
16:11:16:093 3664 Cure on reboot scheduled successfully
16:11:16:093 3664
16:11:16:093 3664 Completed
16:11:16:093 3664
16:11:16:093 3664 Results:
16:11:16:093 3664 Memory objects infected / cured / cured on reboot: 2 / 2 / 0
16:11:16:093 3664 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
16:11:16:093 3664 File objects infected / cured / cured on reboot: 1 / 0 / 1
16:11:16:093 3664
16:11:16:093 3664 UnloadDriverW: NtUnloadDriver error 1
16:11:16:093 3664 KLMD_Unload: UnloadDriverW(klmd21) error 1
16:11:16:093 3664 KLMD(ARK) unloaded successfully


I'm hoping that fixed whatever the issue is...no random pop ups so far, and no odd tasks running which I'm very grateful for.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:50 PM

Posted 08 March 2010 - 08:05 AM

Let's see if you can Malwarebytes now to clean up any remnants.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:50 PM

Posted 19 March 2010 - 08:21 AM

Unfortunately there has been no response. dry.gif
This topic will now be closed.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users