Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Atapi rootkit infection, google redirecting etc'.. GMER log included, HELP please?


  • This topic is locked This topic is locked
28 replies to this topic

#16 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:49 PM

Posted 18 April 2010 - 12:41 PM

Hello,

Delete that copy of Combofix from your desktop and proceed with step 3

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


BC AdBot (Login to Remove)

 


#17 Roooose

Roooose
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London
  • Local time:05:49 AM

Posted 18 April 2010 - 02:07 PM

ComboFix 10-04-17.07 - Administrator 04/18/2010 18:58:57.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.2185 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
FW: McAfee Host Intrusion Prevention Firewall *enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\3792746378.dat
c:\windows\system32\algh.exe
.
---- Previous Run -------
.
c:\documents and settings\Administrator\Local Settings\Application Data\ave.exe
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\2BRkV.jpg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\aTjNnW17.jpg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\R6S8yi74.jpg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\TW4gy.jpg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ALERTER_SERVICE
-------\Legacy_OSEPOLICYAGENT
-------\Legacy_WSCSVCNAPAGENT
-------\Service_Alerter Service
-------\Service_osePolicyAgent
-------\Service_wscsvcnapagent


((((((((((((((((((((((((( Files Created from 2010-03-18 to 2010-04-18 )))))))))))))))))))))))))))))))
.

2010-04-18 16:34 . 2010-04-18 16:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
2010-04-18 13:41 . 2010-04-18 13:41 -------- d-----w- C:\_OTL
2010-04-18 02:08 . 2010-04-18 02:08 -------- d-----w- c:\program files\Trend Micro
2010-04-17 20:08 . 2010-04-17 20:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-04-16 21:07 . 2009-11-16 08:06 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-04-16 21:07 . 2009-11-16 07:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-04-16 21:07 . 2009-11-16 08:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-04-16 18:39 . 2010-04-16 18:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2010-04-16 17:32 . 2010-04-16 17:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-04-16 17:17 . 2010-04-16 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-04-15 21:45 . 2010-04-15 21:45 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-15 21:40 . 2010-04-15 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-15 17:24 . 2010-04-15 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-15 15:30 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-15 15:30 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-15 13:46 . 2010-04-15 15:34 -------- d-----w- c:\windows\ie8updates
2010-04-15 11:56 . 2010-04-15 11:56 0 ----a-w- c:\windows\nsreg.dat
2010-04-15 11:56 . 2010-04-15 11:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-04-15 11:40 . 2010-04-15 11:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-15 11:39 . 2010-04-15 11:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-04-14 20:23 . 2010-04-14 20:23 -------- d-----w- c:\program files\CCleaner
2010-04-14 20:22 . 2010-04-14 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-14 20:21 . 2010-04-15 11:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-04-14 19:12 . 2010-04-14 19:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-14 19:11 . 2010-04-14 19:11 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-04-14 19:10 . 2010-04-14 19:10 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-04-14 19:08 . 2010-04-14 19:08 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-04-14 19:00 . 2010-04-14 19:03 -------- dc-h--w- c:\windows\ie8
2010-04-14 18:16 . 2010-04-14 18:16 -------- d-----w- c:\program files\Alwil Software
2010-04-14 18:16 . 2010-04-14 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-14 16:43 . 2010-04-14 16:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth
2010-04-14 16:43 . 2010-04-14 16:43 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-14 16:42 . 2010-04-14 16:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Gave
2010-04-14 15:19 . 2010-04-14 15:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-04-14 15:18 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-14 15:18 . 2010-04-14 16:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-14 15:18 . 2010-04-14 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-14 15:18 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 09:40 . 2010-04-14 16:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-13 17:01 . 2010-04-13 17:01 -------- d-----w- c:\program files\TrendMicro
2010-04-13 16:37 . 2010-04-13 22:00 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-13 16:34 . 2010-04-13 22:12 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-13 16:33 . 2010-04-14 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-13 16:09 . 2010-04-13 16:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-13 16:09 . 2010-04-13 16:09 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-04-13 16:08 . 2010-04-13 16:08 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-13 07:32 . 2009-10-21 05:38 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2010-04-13 07:32 . 2009-10-21 05:38 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2010-04-13 07:32 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2010-04-12 22:21 . 2010-04-12 22:21 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-12 22:16 . 2010-04-12 22:16 -------- d-----w- C:\e35671f1723c07541ae84bcf
2010-04-12 22:11 . 2010-04-12 22:11 -------- d-----w- c:\program files\Microsoft
2010-04-12 22:11 . 2010-04-12 22:11 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-11 23:50 . 2010-04-12 21:57 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-11 23:50 . 2010-04-11 23:50 -------- d-----w- c:\program files\MSBuild
2010-04-11 23:49 . 2010-04-11 23:49 -------- d-----w- c:\program files\Reference Assemblies
2010-04-11 23:49 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-11 23:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-11 23:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-11 23:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-11 23:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-11 23:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-11 23:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-11 23:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-11 23:49 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-11 15:32 . 2001-08-17 12:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-04-11 15:32 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-04-11 15:32 . 2008-04-13 13:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-04-11 15:32 . 2008-04-13 13:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-04-11 15:04 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-11 14:53 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-11 14:53 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-04-10 19:11 . 2010-04-18 16:34 -------- d-----w- c:\documents and settings\Administrator\Tracing
2010-04-10 19:09 . 2010-04-12 22:01 -------- d-----w- c:\program files\Windows Live
2010-04-10 19:06 . 2010-04-10 19:06 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-10 18:53 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-04-10 18:50 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-10 18:49 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-04-10 18:49 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-04-10 18:49 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-04-10 18:49 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-10 18:49 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-10 18:48 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-04-10 18:45 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-04-10 18:45 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-04-10 18:45 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-04-10 18:45 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-04-10 18:45 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-04-10 18:45 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-04-10 18:45 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-04-10 18:45 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-04-10 18:45 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-10 18:45 . 2010-02-17 08:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-10 18:44 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-10 18:37 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-04-10 18:37 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-04-10 18:37 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-10 18:34 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-04-10 18:33 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-10 18:32 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-04-09 18:15 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-09 18:15 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-04-09 18:14 . 2010-04-09 18:14 -------- d-----w- c:\program files\iPod
2010-04-09 18:14 . 2010-04-12 22:10 -------- d-----w- c:\program files\iTunes
2010-04-09 18:14 . 2010-04-09 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-09 18:13 . 2010-04-12 22:10 -------- d-----w- c:\program files\QuickTime
2010-04-09 18:12 . 2010-04-12 22:02 -------- d-----r- C:\Sandbox
2010-04-09 18:11 . 2010-04-12 22:09 -------- d-----w- c:\program files\Apple Software Update
2010-04-09 18:11 . 2009-10-16 06:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-09 18:11 . 2009-10-16 06:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-09 18:11 . 2010-04-12 22:09 -------- d-----w- c:\program files\Bonjour
2010-04-09 18:10 . 2010-04-09 18:14 -------- d-----w- c:\program files\Common Files\Apple
2010-04-04 01:37 . 2007-03-30 23:58 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-04-04 01:33 . 2008-04-14 00:12 151552 ----a-w- c:\windows\system32\irftp.exe
2010-04-04 01:33 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-04-04 01:33 . 2008-04-14 00:11 28160 ----a-w- c:\windows\system32\irmon.dll
2010-04-04 01:33 . 2010-04-04 01:33 -------- d-----w- c:\windows\system32\x64
2010-04-04 01:33 . 2010-04-04 01:33 -------- d-----w- c:\windows\system32\Lang
2010-04-04 01:33 . 2007-03-31 02:11 400152 ----a-w- c:\windows\system32\igxpun.exe
2010-03-26 05:48 . 2010-03-26 05:48 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 17:57 . 2008-07-11 17:08 96512 ----a-w- c:\windows\system32\drivers\ATAPI.SYS
2010-04-18 17:49 . 2007-03-30 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-18 17:49 . 2007-03-30 16:57 -------- d-----w- c:\program files\McAfee
2010-04-18 17:17 . 2010-04-18 17:17 96512 ----a-w- c:\windows\system32\drivers\tsk28.tmp
2010-04-17 17:05 . 2006-02-28 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2010-04-15 15:11 . 2007-02-16 07:29 -------- d-----w- c:\program files\Common Files\Real
2010-04-15 15:11 . 2007-02-16 07:29 -------- d-----w- c:\program files\Real
2010-04-13 16:09 . 2007-02-15 23:19 -------- d-----w- c:\program files\Java
2010-04-12 22:32 . 2007-02-16 07:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-04-12 22:09 . 2007-02-16 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-11 15:15 . 2007-03-05 14:43 52600 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-10 06:15 . 2006-02-28 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-02-28 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 08:10 . 2006-02-28 12:00 2189952 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2006-02-28 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2006-02-28 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-04-14_13.59.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2010-04-18 18:08 . 2010-04-18 18:08 16384 c:\windows\temp\Perflib_Perfdata_7ac.dat
+ 2007-02-15 23:21 . 2009-01-07 17:21 26144 c:\windows\system32\spupdsvc.exe
+ 2008-04-10 14:33 . 2009-01-07 17:20 16928 c:\windows\system32\spmsg.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 46592 c:\windows\system32\pngfilt.dll
- 2006-02-28 12:00 . 2010-04-14 13:30 81798 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2010-04-14 22:45 81798 c:\windows\system32\perfc009.dat
+ 2006-06-29 12:05 . 2009-01-07 17:20 23552 c:\windows\system32\normaliz.dll
- 2006-06-29 12:05 . 2006-06-29 12:05 23552 c:\windows\system32\normaliz.dll
+ 2006-06-28 21:59 . 2009-01-07 17:20 24576 c:\windows\system32\nlsdl.dll
- 2006-06-28 21:59 . 2006-06-28 21:59 24576 c:\windows\system32\nlsdl.dll
- 2006-02-28 12:00 . 2006-10-17 15:28 48128 c:\windows\system32\mshtmler.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 48128 c:\windows\system32\mshtmler.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 66560 c:\windows\system32\mshtmled.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 45568 c:\windows\system32\mshta.exe
- 2006-02-28 12:00 . 2006-10-17 15:56 45568 c:\windows\system32\mshta.exe
+ 2006-10-17 15:58 . 2009-03-08 03:31 13312 c:\windows\system32\msfeedssync.exe
+ 2006-11-08 01:03 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
+ 2010-04-15 13:52 . 2010-04-15 13:52 85173 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2006-02-28 12:00 . 2009-03-08 03:34 43008 c:\windows\system32\licmgr10.dll
+ 2006-02-28 12:00 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
+ 2006-02-28 12:00 . 2009-03-08 03:32 94720 c:\windows\system32\inseng.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 34816 c:\windows\system32\imgutil.dll
+ 2006-11-07 07:26 . 2009-03-08 03:32 36864 c:\windows\system32\ieudinit.exe
+ 2006-02-28 12:00 . 2009-03-08 03:32 71680 c:\windows\system32\iesetup.dll
+ 2006-02-28 12:00 . 2009-03-08 03:32 55808 c:\windows\system32\iernonce.dll
- 2006-06-29 12:05 . 2006-06-29 12:05 26112 c:\windows\system32\idndl.dll
+ 2006-06-29 12:05 . 2009-01-07 17:20 26112 c:\windows\system32\idndl.dll
+ 2006-10-17 15:58 . 2009-03-08 03:31 59904 c:\windows\system32\icardie.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 46592 c:\windows\system32\dllcache\pngfilt.dll
- 2006-02-28 12:00 . 2006-10-17 15:28 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 45568 c:\windows\system32\dllcache\mshta.exe
- 2006-02-28 12:00 . 2006-10-17 15:56 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-05-24 19:56 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-02-28 12:00 . 2009-03-08 03:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2006-02-28 12:00 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-02-28 12:00 . 2009-03-08 03:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2006-02-28 12:00 . 2009-03-08 03:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2006-02-28 12:00 . 2009-03-08 03:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-20 10:04 . 2009-03-08 03:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2007-02-15 22:39 . 2009-03-08 03:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2010-03-11 12:38 . 2009-03-08 03:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2006-02-28 12:00 . 2008-04-13 18:40 96512 c:\windows\system32\dllcache\atapi.sys
+ 2006-02-28 12:00 . 2009-03-08 03:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2006-02-28 12:00 . 2009-03-08 03:33 18944 c:\windows\system32\corpol.dll
- 2007-02-15 22:51 . 2010-04-12 22:22 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-02-15 22:51 . 2010-04-17 15:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-02-15 22:51 . 2010-04-17 15:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-02-15 22:51 . 2010-04-12 22:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-04-15 11:56 . 2010-04-17 15:02 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-02-28 12:00 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
+ 2006-02-28 12:00 . 2009-03-08 03:32 72704 c:\windows\system32\admparse.dll
+ 2010-04-15 15:35 . 2009-03-08 03:33 12288 c:\windows\ie8updates\KB980182-IE8\xpshims.dll
+ 2010-04-15 15:35 . 2009-03-08 03:31 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll
+ 2010-04-15 15:35 . 2009-03-08 03:33 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
+ 2010-04-14 19:02 . 2009-03-08 13:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 44544 c:\windows\ie8\pngfilt.dll
+ 2010-04-14 19:00 . 2006-10-17 15:28 48128 c:\windows\ie8\mshtmler.dll
+ 2010-04-14 19:00 . 2006-10-17 15:56 45568 c:\windows\ie8\mshta.exe
+ 2010-04-14 19:00 . 2006-10-17 15:58 12288 c:\windows\ie8\msfeedssync.exe
+ 2010-04-14 19:00 . 2010-03-11 12:38 52224 c:\windows\ie8\msfeedsbs.dll
+ 2010-04-14 19:00 . 2006-10-17 16:05 40960 c:\windows\ie8\licmgr10.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 27648 c:\windows\ie8\jsproxy.dll
+ 2010-04-14 19:00 . 2006-11-07 07:26 92672 c:\windows\ie8\inseng.dll
+ 2010-04-14 19:00 . 2006-10-17 15:57 36352 c:\windows\ie8\imgutil.dll
+ 2010-04-14 19:00 . 2006-11-07 07:26 55296 c:\windows\ie8\iesetup.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 44544 c:\windows\ie8\iernonce.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 78336 c:\windows\ie8\ieencode.dll
+ 2010-04-14 19:00 . 2010-03-10 13:18 70656 c:\windows\ie8\ie4uinit.exe
+ 2010-04-14 19:00 . 2010-03-11 12:38 63488 c:\windows\ie8\icardie.dll
+ 2010-04-14 19:00 . 2006-10-17 15:44 60416 c:\windows\ie8\hmmapi.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 17408 c:\windows\ie8\corpol.dll
+ 2010-04-14 19:00 . 2006-11-07 07:26 71680 c:\windows\ie8\admparse.dll
+ 2010-04-15 10:59 . 2010-04-15 10:59 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2010-04-15 12:07 . 2010-04-15 12:07 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2010-04-15 12:07 . 2010-04-15 12:07 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2010-04-15 12:05 . 2010-04-15 12:05 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-04-15 12:05 . 2010-04-15 12:05 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2010-04-15 10:51 . 2010-04-15 10:51 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2010-04-15 10:50 . 2010-04-15 10:50 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2010-04-15 12:06 . 2010-04-15 12:06 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2010-04-15 12:05 . 2010-04-15 12:05 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2010-04-15 12:05 . 2010-04-15 12:05 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2010-04-15 12:04 . 2010-04-15 12:04 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2010-04-15 12:04 . 2010-04-15 12:04 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-04-13 21:54 . 2010-04-13 21:54 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-04-13 21:54 . 2010-04-13 21:54 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2007-05-24 19:40 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
+ 2007-05-24 19:40 . 2009-01-07 17:21 121856 c:\windows\system32\xmllite.dll
+ 2006-02-28 12:00 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2006-10-17 16:05 . 2009-03-08 03:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2006-02-28 12:00 . 2009-03-08 03:34 236544 c:\windows\system32\webcheck.dll
+ 2006-02-28 12:00 . 2009-03-08 03:34 105984 c:\windows\system32\url.dll
- 2006-02-28 12:00 . 2010-03-11 12:38 105984 c:\windows\system32\url.dll
- 2006-02-28 12:00 . 2010-04-14 13:30 467656 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2010-04-14 22:45 467656 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
+ 2006-02-28 12:00 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
+ 2006-02-28 12:00 . 2009-03-08 03:34 193536 c:\windows\system32\msrating.dll
- 2006-02-28 12:00 . 2006-11-08 01:03 156160 c:\windows\system32\msls31.dll
+ 2006-02-28 12:00 . 2009-03-08 03:22 156160 c:\windows\system32\msls31.dll
+ 2006-11-08 01:03 . 2010-02-25 06:24 594432 c:\windows\system32\msfeeds.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 265720 c:\windows\system32\msdbg2.dll
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2006-02-28 12:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
+ 2006-11-08 01:03 . 2009-03-08 03:22 164352 c:\windows\system32\ieui.dll
+ 2006-02-28 12:00 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
+ 2006-02-28 12:00 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 15:27 . 2009-03-08 03:11 445952 c:\windows\system32\ieapfltr.dll
+ 2006-02-28 12:00 . 2009-03-08 03:32 163840 c:\windows\system32\ieakui.dll
+ 2006-02-28 12:00 . 2009-03-08 03:33 229376 c:\windows\system32\ieaksie.dll
+ 2006-02-28 12:00 . 2009-03-08 03:33 125952 c:\windows\system32\ieakeng.dll
+ 2006-02-28 12:00 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
+ 2006-02-28 12:00 . 2009-03-08 03:31 216064 c:\windows\system32\dxtrans.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 348160 c:\windows\system32\dxtmsft.dll
+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2006-02-28 12:00 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
+ 2006-02-28 12:00 . 2009-03-08 03:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2007-02-15 22:40 . 2009-03-08 03:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:53 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2006-02-28 12:00 . 2009-03-08 03:34 105984 c:\windows\system32\dllcache\url.dll
- 2006-02-28 12:00 . 2010-03-11 12:38 105984 c:\windows\system32\dllcache\url.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2009-01-07 17:20 . 2009-01-07 17:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2006-02-28 12:00 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-02-28 12:00 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-02-28 12:00 . 2009-03-08 03:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2006-02-28 12:00 . 2009-03-08 03:22 156160 c:\windows\system32\dllcache\msls31.dll
- 2006-02-28 12:00 . 2006-11-08 01:03 156160 c:\windows\system32\dllcache\msls31.dll
+ 2007-05-24 19:56 . 2010-02-25 06:24 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-05-09 10:53 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
+ 2007-02-15 22:39 . 2009-03-08 13:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2006-02-28 12:00 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-02-28 12:00 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-05-24 19:56 . 2009-03-08 03:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2006-02-28 12:00 . 2009-03-08 03:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2006-02-28 12:00 . 2009-03-08 03:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-02-28 12:00 . 2009-03-08 03:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-02-28 12:00 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-02-28 12:00 . 2009-03-08 03:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-02-28 12:00 . 2009-03-08 03:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
- 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
+ 2006-02-28 12:00 . 2010-04-17 17:05 138496 c:\windows\system32\dllcache\afd.sys
+ 2006-02-28 12:00 . 2009-03-08 03:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
- 2007-02-16 06:40 . 2008-07-11 11:00 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2007-02-16 06:40 . 2010-04-18 16:58 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2006-02-28 12:00 . 2009-03-08 03:32 128512 c:\windows\system32\advpack.dll
+ 2009-08-07 22:51 . 2009-08-07 22:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-04-15 21:40 . 2010-04-15 21:40 236032 c:\windows\Installer\9c5640.msi
+ 2010-04-14 18:17 . 2010-04-14 18:17 219648 c:\windows\Installer\4ca8a6.msi
+ 2010-04-15 13:46 . 2009-03-08 03:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-04-15 13:46 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-04-15 13:46 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-04-15 15:35 . 2009-03-08 03:34 914944 c:\windows\ie8updates\KB980182-IE8\wininet.dll
+ 2010-04-15 15:35 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll
+ 2010-04-15 15:35 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe
+ 2010-04-15 15:35 . 2009-03-08 03:34 109568 c:\windows\ie8updates\KB980182-IE8\occache.dll
+ 2010-04-15 15:35 . 2009-03-08 03:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll
+ 2010-04-15 15:35 . 2009-03-08 03:32 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll
+ 2010-04-15 15:35 . 2009-03-08 03:33 246784 c:\windows\ie8updates\KB980182-IE8\ieproxy.dll
+ 2010-04-15 15:35 . 2009-03-08 03:31 183808 c:\windows\ie8updates\KB980182-IE8\iepeers.dll
+ 2010-04-15 15:35 . 2009-03-08 13:09 391536 c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll
+ 2010-04-15 15:35 . 2009-03-08 03:32 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
+ 2010-04-15 13:47 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-04-15 13:47 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-04-15 13:47 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-04-15 13:46 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2010-04-15 13:46 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2010-04-15 13:46 . 2009-03-08 03:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 832512 c:\windows\ie8\wininet.dll
+ 2010-04-14 19:00 . 2006-10-17 16:05 206336 c:\windows\ie8\winfxdocobj.exe
+ 2010-04-14 19:00 . 2010-03-11 12:38 233472 c:\windows\ie8\webcheck.dll
+ 2010-04-14 19:00 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
+ 2010-04-14 19:00 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 105984 c:\windows\ie8\url.dll
+ 2010-04-14 19:02 . 2009-01-07 17:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2010-04-14 19:02 . 2009-01-07 17:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2010-04-14 19:00 . 2006-09-06 20:43 213216 c:\windows\ie8\spuninst.exe
+ 2010-04-14 19:00 . 2010-03-11 12:38 102912 c:\windows\ie8\occache.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 671232 c:\windows\ie8\mstime.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 193024 c:\windows\ie8\msrating.dll
+ 2010-04-14 19:00 . 2006-11-08 01:03 156160 c:\windows\ie8\msls31.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 477696 c:\windows\ie8\mshtmled.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 459264 c:\windows\ie8\msfeeds.dll
+ 2010-04-14 19:00 . 2009-08-13 15:16 512000 c:\windows\ie8\jscript.dll
+ 2010-04-14 19:00 . 2010-02-23 05:20 634648 c:\windows\ie8\iexplore.exe
+ 2010-04-14 19:00 . 2006-11-08 01:03 180736 c:\windows\ie8\ieui.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 268288 c:\windows\ie8\iertutil.dll
+ 2010-04-14 19:00 . 2006-11-08 01:03 287744 c:\windows\ie8\ieproxy.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 192512 c:\windows\ie8\iepeers.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 385024 c:\windows\ie8\iedkcs32.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 380928 c:\windows\ie8\ieapfltr.dll
+ 2010-04-14 19:00 . 2010-02-23 05:18 161792 c:\windows\ie8\ieakui.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 230400 c:\windows\ie8\ieaksie.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 153088 c:\windows\ie8\ieakeng.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 214528 c:\windows\ie8\dxtrans.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 347136 c:\windows\ie8\dxtmsft.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 124928 c:\windows\ie8\advpack.dll
+ 2010-04-10 18:49 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-04-15 12:05 . 2010-04-15 12:05 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2010-04-15 10:59 . 2010-04-15 10:59 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2010-04-15 10:59 . 2010-04-15 10:59 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2010-04-15 10:59 . 2010-04-15 10:59 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2010-04-15 12:07 . 2010-04-15 12:07 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2010-04-15 12:07 . 2010-04-15 12:07 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2010-04-15 12:07 . 2010-04-15 12:07 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2010-04-15 12:07 . 2010-04-15 12:07 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2010-04-15 12:07 . 2010-04-15 12:07 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2010-04-15 12:07 . 2010-04-15 12:07 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2010-04-15 12:07 . 2010-04-15 12:07 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2010-04-15 12:07 . 2010-04-15 12:07 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2010-04-15 12:07 . 2010-04-15 12:07 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2010-04-15 12:06 . 2010-04-15 12:06 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2010-04-15 12:05 . 2010-04-15 12:05 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2010-04-15 12:06 . 2010-04-15 12:06 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-04-15 12:06 . 2010-04-15 12:06 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2010-04-15 12:06 . 2010-04-15 12:06 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2010-04-15 12:06 . 2010-04-15 12:06 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2010-04-15 12:04 . 2010-04-15 12:04 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2010-04-15 12:04 . 2010-04-15 12:04 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2010-04-15 12:06 . 2010-04-15 12:06 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2010-04-15 12:06 . 2010-04-15 12:06 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2010-04-15 10:58 . 2010-04-15 10:58 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2010-04-15 12:06 . 2010-04-15 12:06 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-04-15 12:06 . 2010-04-15 12:06 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2010-04-15 12:06 . 2010-04-15 12:06 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2010-04-15 12:06 . 2010-04-15 12:06 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2010-04-15 12:06 . 2010-04-15 12:06 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2010-04-15 12:05 . 2010-04-15 12:05 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2010-04-15 12:05 . 2010-04-15 12:05 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2010-04-15 12:06 . 2010-04-15 12:06 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2010-04-15 12:05 . 2010-04-15 12:05 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2010-04-15 12:05 . 2010-04-15 12:05 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2010-04-15 12:04 . 2010-04-15 12:04 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2010-04-15 12:04 . 2010-04-15 12:04 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2010-04-15 10:54 . 2010-04-15 10:54 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2010-04-15 10:54 . 2010-04-15 10:54 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2010-04-15 10:53 . 2010-04-15 10:53 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2010-04-15 10:53 . 2010-04-15 10:53 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2010-04-15 12:05 . 2010-04-15 12:05 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2010-04-15 12:04 . 2010-04-15 12:04 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-04-15 12:05 . 2010-04-15 12:05 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2010-04-15 12:05 . 2010-04-15 12:05 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-04-15 12:05 . 2010-04-15 12:05 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2010-04-15 12:05 . 2010-04-15 12:05 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-04-15 12:05 . 2010-04-15 12:05 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2010-04-15 12:04 . 2010-04-15 12:04 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2010-04-15 12:04 . 2010-04-15 12:04 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-04-13 21:54 . 2010-04-13 21:54 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-04-13 21:54 . 2010-04-13 21:54 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-04-13 21:54 . 2010-04-13 21:54 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-04-13 21:54 . 2010-04-13 21:54 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-04-13 21:54 . 2010-04-13 21:54 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
+ 2006-02-28 12:00 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll
+ 2010-04-12 21:54 . 2010-04-14 16:44 9607192 c:\windows\system32\Restore\rstrlog.dat
+ 2006-02-28 12:00 . 2010-02-25 06:24 5944832 c:\windows\system32\mshtml.dll
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2006-10-17 15:57 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll
+ 2006-09-06 03:01 . 2009-02-06 20:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2006-02-28 12:00 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-02-07 18:02 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2006-02-28 12:00 . 2010-02-25 06:24 5944832 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-24 19:56 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2007-05-24 19:56 . 2009-02-06 20:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-01-07 17:20 . 2009-01-07 17:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2009-08-07 22:51 . 2009-08-07 22:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2008-11-25 03:59 . 2008-11-25 03:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-08-07 22:51 . 2009-08-07 22:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2010-04-15 15:35 . 2009-03-08 03:34 1206784 c:\windows\ie8updates\KB980182-IE8\urlmon.dll
+ 2010-04-15 15:35 . 2009-03-08 03:41 5937152 c:\windows\ie8updates\KB980182-IE8\mshtml.dll
+ 2010-04-15 15:35 . 2009-03-08 03:32 1985024 c:\windows\ie8updates\KB980182-IE8\iertutil.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 1168384 c:\windows\ie8\urlmon.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 3599872 c:\windows\ie8\mshtml.dll
+ 2010-04-14 19:00 . 2010-03-11 12:38 6067200 c:\windows\ie8\ieframe.dll
+ 2010-04-14 19:00 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
+ 2010-04-10 18:45 . 2010-02-17 08:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-04-10 18:44 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-07 18:02 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-04-10 18:45 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-04-15 10:50 . 2010-04-15 10:50 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2010-04-15 10:59 . 2010-04-15 10:59 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2010-04-15 10:50 . 2010-04-15 10:50 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2010-04-15 10:59 . 2010-04-15 10:59 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2010-04-15 12:07 . 2010-04-15 12:07 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2010-04-15 12:07 . 2010-04-15 12:07 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2010-04-15 12:07 . 2010-04-15 12:07 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2010-04-15 12:07 . 2010-04-15 12:07 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2010-04-15 12:07 . 2010-04-15 12:07 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2010-04-15 12:07 . 2010-04-15 12:07 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2010-04-15 12:07 . 2010-04-15 12:07 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2010-04-15 10:59 . 2010-04-15 10:59 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2010-04-15 12:06 . 2010-04-15 12:06 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2010-04-15 12:04 . 2010-04-15 12:04 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2010-04-15 10:58 . 2010-04-15 10:58 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2010-04-15 12:04 . 2010-04-15 12:04 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2010-04-15 10:58 . 2010-04-15 10:58 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2010-04-15 12:06 . 2010-04-15 12:06 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2010-04-15 12:06 . 2010-04-15 12:06 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2010-04-15 10:57 . 2010-04-15 10:57 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2010-04-15 12:05 . 2010-04-15 12:05 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2010-04-15 12:06 . 2010-04-15 12:06 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2010-04-15 10:58 . 2010-04-15 10:58 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2010-04-15 12:06 . 2010-04-15 12:06 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2010-04-15 10:56 . 2010-04-15 10:56 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2010-04-15 10:54 . 2010-04-15 10:54 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2010-04-15 10:54 . 2010-04-15 10:54 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2010-04-15 10:50 . 2010-04-15 10:50 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2010-04-15 12:05 . 2010-04-15 12:05 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2010-04-15 12:04 . 2010-04-15 12:04 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2010-04-15 12:06 . 2010-04-15 12:06 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2010-04-15 12:05 . 2010-04-15 12:05 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2010-04-15 12:05 . 2010-04-15 12:05 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-04-15 12:05 . 2010-04-15 12:05 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
- 2010-04-13 21:54 . 2010-04-13 21:54 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-04-13 21:54 . 2010-04-13 21:54 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-04-13 21:54 . 2010-04-13 21:54 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-04-14 22:45 . 2010-04-14 22:45 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-04-13 21:53 . 2010-04-13 21:53 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2006-11-08 01:03 . 2010-02-25 10:54 11070976 c:\windows\system32\ieframe.dll
+ 2007-05-24 19:56 . 2010-02-25 10:54 11070976 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-14 19:32 . 2009-08-14 19:32 11110912 c:\windows\Installer\c6012a.msp
+ 2010-04-15 15:35 . 2009-03-08 03:39 11063808 c:\windows\ie8updates\KB980182-IE8\ieframe.dll
+ 2010-04-15 10:59 . 2010-04-15 10:59 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2010-04-15 12:07 . 2010-04-15 12:07 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2010-04-15 12:04 . 2010-04-15 12:04 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2010-04-15 10:58 . 2010-04-15 10:58 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2010-04-15 10:53 . 2010-04-15 10:53 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2010-04-15 10:51 . 2010-04-15 10:51 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2010-04-15 10:48 . 2010-04-15 10:49 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 86016]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-13 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-12 2150400]
McAfee Host Intrusion Prevention Tray.lnk - c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe [2008-5-21 856064]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/16/2010 10:07 PM 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4/16/2010 10:07 PM 96408]
R1 NEOFLTR_550_11711;Juniper Networks TDI Filter Driver (NEOFLTR_550_11711);c:\windows\system32\drivers\NEOFLTR_550_11711.sys [4/11/2007 3:24 AM 63264]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [5/21/2008 8:28 PM 1138688]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 5:32 PM 97536]
S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2/16/2007 8:06 AM 92550]
.
Contents of the 'Scheduled Tasks' folder

2010-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-18 19:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AF50AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> tsk28.tmp @ 0xb9f19852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: Bluetooth Device (Personal Area Network) -> SendCompleteHandler -> NDIS.sys @ 0xb9de2bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9dd1a0d
SendHandler -> 0x8a7763fc
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\atapi]
"ImagePath"="system32\drivers\tsk28.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3938079143-720132981-2489646438-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,72,1e,65,50,a6,69,48,8f,05,1d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,72,1e,65,50,a6,69,48,8f,05,1d,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,72,1e,65,50,a6,69,48,8f,05,1d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2224)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Network Associates\Common Framework\McTray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-04-18 19:38:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-18 18:38

Pre-Run: 58,006,769,664 bytes free
Post-Run: 58,328,907,776 bytes free

- - End Of File - - E28604CBB2793F4E49BDB200D4B57DAD


I will check for pop ups when an hour has passed, since redirects haven't been an issue since I updated IE.

#18 Roooose

Roooose
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London
  • Local time:05:49 AM

Posted 18 April 2010 - 02:15 PM

Still getting popups. sad.gif

#19 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:49 PM

Posted 18 April 2010 - 03:31 PM

Hello
Lets have another GMER log.This time make sure Sections checked.


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#20 Roooose

Roooose
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London
  • Local time:05:49 AM

Posted 18 April 2010 - 04:15 PM

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2010-04-18 22:12:41
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwnyafod.sys


---- Devices - GMER 1.0.15 ----

Device -> \Driver\atapi \Device\Harddisk0\DR0 8AF50AC8

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\Drivers\FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.) ZwClose [0xA7D4C370]
SSDT \??\C:\WINDOWS\system32\Drivers\FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.) ZwCreateProcess [0xA7D4C250]
SSDT \??\C:\WINDOWS\system32\Drivers\FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.) ZwCreateProcessEx [0xA7D4C2E0]
SSDT \??\C:\WINDOWS\system32\Drivers\FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.) ZwCreateSection [0xA7D4C1D0]
SSDT \??\C:\WINDOWS\system32\Drivers\FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.) ZwCreateThread [0xA7D4C3E0]

Device \Driver\BTHUSB \Device\00000095 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000097 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_550_11711.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_550_11711.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Tcp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_550_11711.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Udp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_550_11711.SYS (NetBIOS Redirector/Juniper Networks)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \Fat A530FD20
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

---- Kernel code sections - GMER 1.0.15 ----

? C:\ComboFix\catchme.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\explorer.exe[2224] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
.text C:\WINDOWS\explorer.exe[2224] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\explorer.exe[2224] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\Drivers\FireTDI.sys entry point in "init" section [0xA7D51130]
page C:\WINDOWS\System32\Drivers\oz776.sys entry point in "page" section [0xBA242E34]
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1252] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\System32\svchost.exe[1252] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[1252] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1252] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1252] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 029E000A
.text C:\WINDOWS\System32\svchost.exe[1252] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 02B2000A

---- Kernel code sections - GMER 1.0.15 ----

? Combo-Fix.sys The system cannot find the file specified. !

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00164176055c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00164176055c (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00164176055c

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----



#21 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:49 PM

Posted 18 April 2010 - 05:19 PM

HELLO,


1.
We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

CODE
Killall::

File::
c:\WINDOWS\SYSTEM32\tsk28.tmp

Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\atapi]
"ImagePath"=-


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

2.
Print out these instructions to use while in the Recovery Console: (This is for XP only)

1. Restart your computer.
2. Before Windows loads, you will be prompted to choose which Operating System to start.
3. Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press 'Enter'.
5. At the C:\Windows prompt, type the following bolded entries, and press 'Enter' (note the spaces):

cd c:\windows\system32\drivers
ren atapi.sys atapi.old
copy C:\windows\ServicePackFiles\i386\atapi.sys c:\windows\system32\drivers
exit


You should see a message '1 file copied'. If you did not see that message, try again and ensure there is a space after the word copy and another space between the file paths.
(if you do not see 1 file copied on the screen, even after ensuring the commands are correct, rename the file back to it's original name by typing the following command then hitting Enter.
ren atapi.old atapi.sys
you should NOT be prompted to overwrite an existing file, but if you are, select No then type exit to restart and notify me of your results)

6. Type exit and press 'Enter'. Your computer should reboot.

Things to include in your next reply:
Combofix.txt
Redirects still there?

Edited by fireman4it, 18 April 2010 - 05:19 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#22 Roooose

Roooose
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London
  • Local time:05:49 AM

Posted 18 April 2010 - 05:21 PM

I will do this tomorrow, as its pretty late here at the moment and I need to rest.
Thankyou for your help so far, I'll get back to you tomorrow.

#23 Roooose

Roooose
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London
  • Local time:05:49 AM

Posted 19 April 2010 - 12:00 PM

ComboFix 10-04-18.04 - Administrator 04/19/2010 17:38:39.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.2188 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
FW: McAfee Host Intrusion Prevention Firewall *enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}

FILE ::
"c:\windows\SYSTEM32\tsk28.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
.

2010-04-18 16:34 . 2010-04-18 16:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
2010-04-18 13:41 . 2010-04-18 13:41 -------- d-----w- C:\_OTL
2010-04-18 02:08 . 2010-04-18 02:08 -------- d-----w- c:\program files\Trend Micro
2010-04-17 20:08 . 2010-04-17 20:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-04-16 21:07 . 2009-11-16 08:06 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-04-16 21:07 . 2009-11-16 07:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-04-16 21:07 . 2009-11-16 08:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-04-16 18:39 . 2010-04-16 18:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2010-04-16 17:32 . 2010-04-16 17:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-04-16 17:17 . 2010-04-16 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-04-15 21:45 . 2010-04-15 21:45 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-15 21:40 . 2010-04-15 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-15 17:24 . 2010-04-15 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-15 15:30 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-15 15:30 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-15 13:46 . 2010-04-15 15:34 -------- d-----w- c:\windows\ie8updates
2010-04-15 11:56 . 2010-04-15 11:56 0 ----a-w- c:\windows\nsreg.dat
2010-04-15 11:56 . 2010-04-15 11:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-04-15 11:40 . 2010-04-15 11:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-15 11:39 . 2010-04-15 11:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-04-14 20:23 . 2010-04-14 20:23 -------- d-----w- c:\program files\CCleaner
2010-04-14 20:22 . 2010-04-14 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-14 20:21 . 2010-04-15 11:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-04-14 19:12 . 2010-04-14 19:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-14 19:11 . 2010-04-14 19:11 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-04-14 19:10 . 2010-04-14 19:10 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-04-14 19:08 . 2010-04-14 19:08 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-04-14 19:00 . 2010-04-14 19:03 -------- dc-h--w- c:\windows\ie8
2010-04-14 18:16 . 2010-04-14 18:16 -------- d-----w- c:\program files\Alwil Software
2010-04-14 18:16 . 2010-04-14 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-14 16:43 . 2010-04-14 16:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth
2010-04-14 16:43 . 2010-04-14 16:43 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-14 16:42 . 2010-04-14 16:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Gave
2010-04-14 15:19 . 2010-04-14 15:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-04-14 15:18 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-14 15:18 . 2010-04-14 16:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-14 15:18 . 2010-04-14 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-14 15:18 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 09:40 . 2010-04-14 16:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-13 17:01 . 2010-04-13 17:01 -------- d-----w- c:\program files\TrendMicro
2010-04-13 16:37 . 2010-04-13 22:00 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-13 16:34 . 2010-04-13 22:12 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-13 16:33 . 2010-04-14 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-13 16:09 . 2010-04-13 16:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-13 16:09 . 2010-04-13 16:09 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-04-13 16:08 . 2010-04-13 16:08 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-13 07:32 . 2009-10-21 05:38 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2010-04-13 07:32 . 2009-10-21 05:38 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2010-04-13 07:32 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2010-04-12 22:21 . 2010-04-12 22:21 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-12 22:16 . 2010-04-12 22:16 -------- d-----w- C:\e35671f1723c07541ae84bcf
2010-04-12 22:11 . 2010-04-12 22:11 -------- d-----w- c:\program files\Microsoft
2010-04-12 22:11 . 2010-04-12 22:11 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-11 23:50 . 2010-04-12 21:57 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-11 23:50 . 2010-04-11 23:50 -------- d-----w- c:\program files\MSBuild
2010-04-11 23:49 . 2010-04-11 23:49 -------- d-----w- c:\program files\Reference Assemblies
2010-04-11 23:49 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-11 23:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-11 23:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-11 23:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-11 23:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-11 23:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-11 23:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-11 23:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-11 23:49 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-11 15:32 . 2001-08-17 12:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-04-11 15:32 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-04-11 15:32 . 2008-04-13 13:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-04-11 15:32 . 2008-04-13 13:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-04-11 15:04 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-11 14:53 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-11 14:53 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-04-10 19:11 . 2010-04-19 16:18 -------- d-----w- c:\documents and settings\Administrator\Tracing
2010-04-10 19:09 . 2010-04-12 22:01 -------- d-----w- c:\program files\Windows Live
2010-04-10 19:06 . 2010-04-10 19:06 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-10 18:53 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-04-10 18:50 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-10 18:49 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-04-10 18:49 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-04-10 18:49 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-04-10 18:49 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-10 18:49 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-10 18:48 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-04-10 18:45 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-04-10 18:45 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-04-10 18:45 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-04-10 18:45 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-04-10 18:45 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-04-10 18:45 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-04-10 18:45 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-04-10 18:45 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-04-10 18:45 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-10 18:45 . 2010-02-17 08:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-10 18:44 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-10 18:37 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-04-10 18:37 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-04-10 18:37 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-10 18:34 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-04-10 18:33 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-10 18:32 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-04-09 18:15 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-09 18:15 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-04-09 18:14 . 2010-04-09 18:14 -------- d-----w- c:\program files\iPod
2010-04-09 18:14 . 2010-04-12 22:10 -------- d-----w- c:\program files\iTunes
2010-04-09 18:14 . 2010-04-09 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-09 18:13 . 2010-04-12 22:10 -------- d-----w- c:\program files\QuickTime
2010-04-09 18:12 . 2010-04-12 22:02 -------- d-----r- C:\Sandbox
2010-04-09 18:11 . 2010-04-12 22:09 -------- d-----w- c:\program files\Apple Software Update
2010-04-09 18:11 . 2009-10-16 06:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-09 18:11 . 2009-10-16 06:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-09 18:11 . 2010-04-12 22:09 -------- d-----w- c:\program files\Bonjour
2010-04-09 18:10 . 2010-04-09 18:14 -------- d-----w- c:\program files\Common Files\Apple
2010-04-04 01:37 . 2007-03-30 23:58 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-04-04 01:33 . 2008-04-14 00:12 151552 ----a-w- c:\windows\system32\irftp.exe
2010-04-04 01:33 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-04-04 01:33 . 2008-04-14 00:11 28160 ----a-w- c:\windows\system32\irmon.dll
2010-04-04 01:33 . 2010-04-04 01:33 -------- d-----w- c:\windows\system32\x64
2010-04-04 01:33 . 2010-04-04 01:33 -------- d-----w- c:\windows\system32\Lang
2010-04-04 01:33 . 2007-03-31 02:11 400152 ----a-w- c:\windows\system32\igxpun.exe
2010-03-26 05:48 . 2010-03-26 05:48 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 18:58 . 2006-02-28 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2010-04-18 17:57 . 2008-07-11 17:08 96512 ----a-w- c:\windows\system32\drivers\ATAPI.SYS
2010-04-18 17:49 . 2007-03-30 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-18 17:49 . 2007-03-30 16:57 -------- d-----w- c:\program files\McAfee
2010-04-18 17:17 . 2010-04-18 17:17 96512 ----a-w- c:\windows\system32\drivers\tsk28.tmp
2010-04-15 15:11 . 2007-02-16 07:29 -------- d-----w- c:\program files\Common Files\Real
2010-04-15 15:11 . 2007-02-16 07:29 -------- d-----w- c:\program files\Real
2010-04-13 16:09 . 2007-02-15 23:19 -------- d-----w- c:\program files\Java
2010-04-12 22:32 . 2007-02-16 07:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-04-12 22:09 . 2007-02-16 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-11 15:15 . 2007-03-05 14:43 52600 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-10 06:15 . 2006-02-28 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-02-28 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 08:10 . 2006-02-28 12:00 2189952 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2006-02-28 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2006-02-28 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 86016]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-13 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-12 2150400]
McAfee Host Intrusion Prevention Tray.lnk - c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe [2008-5-21 856064]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/16/2010 10:07 PM 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4/16/2010 10:07 PM 96408]
R1 NEOFLTR_550_11711;Juniper Networks TDI Filter Driver (NEOFLTR_550_11711);c:\windows\system32\drivers\NEOFLTR_550_11711.sys [4/11/2007 3:24 AM 63264]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [5/21/2008 8:28 PM 1138688]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 5:32 PM 97536]
S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2/16/2007 8:06 AM 92550]
.
Contents of the 'Scheduled Tasks' folder

2010-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 17:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3938079143-720132981-2489646438-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,72,1e,65,50,a6,69,48,8f,05,1d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,72,1e,65,50,a6,69,48,8f,05,1d,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,72,1e,65,50,a6,69,48,8f,05,1d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2920)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\Network Associates\Common Framework\McTray.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-04-19 17:50:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-19 16:50
ComboFix2.txt 2010-04-18 18:38

Pre-Run: 58,296,438,784 bytes free
Post-Run: 58,286,796,800 bytes free

- - End Of File - - 0B0138888AEBD6D51126D01557140206

I'll restart and run step 2 now.

#24 Roooose

Roooose
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London
  • Local time:05:49 AM

Posted 19 April 2010 - 12:15 PM

Tried step 2 much like before, but unlike before, it said there was already a file named atapi.old.
Other than that, when it got to copy C;\windows\servicepackfiles\i386\atapi.sys it didnt give me the sign folder copied like before, but asked me if I wanted to overright it. I said no.

Oh yes, both times I've run combofix its restarted pretty much automatically because it detects a rootkit, and once it reloads it begins scanning.. is this normal?

Edited by Roooose, 19 April 2010 - 12:16 PM.


#25 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:49 PM

Posted 19 April 2010 - 06:07 PM

Hello

QUOTE
yes, both times I've run combofix its restarted pretty much automatically because it detects a rootkit, and once it reloads it begins scanning.. is this normal?

Yes this is normal.

Still receiving redirects?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#26 Roooose

Roooose
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London
  • Local time:05:49 AM

Posted 20 April 2010 - 02:10 PM

No, the popups and redirects have stopped, and my laptop is running much faster smile.gif thankyou!

#27 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:49 PM

Posted 20 April 2010 - 07:47 PM

Hello, Roooose.
Congratulations! You now appear clean! specool.gif

Are things running okay? Do you have any more questions?

Uninstall Combofix
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on then Run....
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall



    <Notice the space between the "x" and "/".> <--- It needs to be there
    Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall


  • Please advise if this step is missed for any reason as it performs some important actions:
    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".
System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Recommendations
Below are some recommendations to lower your chances of (re)infection.
  1. Install and maintain an outbound firewall
  2. Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  3. Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  4. Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  5. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    1. Click the "Start Menu" (or Windows Orb)
    2. Click "All Programs"
    3. Click "Windows Update"
    4. On the left, choose "Change Settings"
    5. Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    6. Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    7. Click "Check for Updates" in the upper left corner.
    8. Follow the instructions to install the latest updates.
    9. Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  6. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  7. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.

Edited by fireman4it, 20 April 2010 - 07:47 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#28 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:49 PM

Posted 22 April 2010 - 09:18 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding smile.gif

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#29 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:49 PM

Posted 24 April 2010 - 10:34 AM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send a Private Message to any one of the moderating team member or myself. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users