Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirecting from Google after XP Security Center


  • This topic is locked This topic is locked
17 replies to this topic

#1 passthedip

passthedip

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 01 May 2011 - 10:57 PM

When I turned my computer on this morning I found it had been infected with XP Security Center. The virus changed all my file associations and gave me a great deal of trouble. I manually deleted the program executable file rov.exe and edited several registry values before using xp_exe_fix.reg to restore my associations and then running Malewarebytes. Malewarebytes got a few more bad registry values and I have included the log along with DDS and GMER. Don't know if any of this is relevant but I figure I should include everything I've done.

My problem is that ever since that I have been occasionally redirected from my google searches and I can't figure out what is behind this. Any help you can offer is greatly appreciated. And I know that I have an old machine (5 years) but I'm a student and need to make this thing last as long as possible. Here are the logs (order is 1. Malewarebytes 2. DDS 3. GMER). Thank you!




Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6485

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/1/2011 6:34:10 PM
mbam-log-2011-05-01 (18-34-09).txt

Scan type: Quick scan
Objects scanned: 183942
Time elapsed: 40 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\James\Local Settings\Application Data\rov.exe" -a "") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)











.
DDS (Ver_11-03-05.01) - NTFSx86
Run by James at 20:37:27.03 on Sun 05/01/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.956 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\James\My Documents\Malware\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101228185304.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Google Update] "c:\documents and settings\james\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /installquiet
mRun: [NVHotkey] "rundll32.exe" nvHotkey.dll,Start
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [SigmatelSysTrayApp] "%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe"
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249299087320
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://beachcam.kdhnc.com/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://uacwireless.gmu.edu/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-12-28 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-12-28 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-4 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-28 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-28 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-28 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-12-28 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-12-28 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-28 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-12-28 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-12-28 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-28 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-12-28 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-12-28 88544]
S0 cerc6;cerc6; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-3-31 38224]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-12-28 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-28 84264]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-6-28 30576]
S3 Normandy;Normandy SR2; [x]
.
=============== Created Last 30 ================
.
2011-05-01 21:10:51 -------- d-----w- c:\windows\pss
2011-05-01 19:30:48 192512 --sha-w- c:\windows\system32\76k7p.dll
2011-04-16 00:58:32 -------- d-----w- c:\program files\iPod
2011-04-16 00:53:13 -------- d-----w- c:\program files\Bonjour
2011-04-15 06:42:06 -------- d-----w- c:\docume~1\james\applic~1\SSH
2011-04-15 06:41:09 -------- d-----w- c:\program files\SSH Communications Security
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 20:38:48.64 ===============













GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-05-01 23:40:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541080G9SA00 rev.MB4OC60R
Running: gmer.exe; Driver: C:\DOCUME~1\James\LOCALS~1\Temp\pxtdipob.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9EAF0E0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9EAF0F4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9EAF120]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9EAF176]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9EAF0CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9EAF0A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9EAF0B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9EAF10A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9EAF14C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9EAF136]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9EAF1A0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9EAF18C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9EAF160]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP B9EAF164 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP B9EAF17A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E48 5 Bytes JMP B9EAF190 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805C062E 5 Bytes JMP B9EAF150 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP B9EAF0A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP B9EAF0BC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 5 Bytes JMP B9EAF1A4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80622662 7 Bytes JMP B9EAF13A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80623B12 7 Bytes JMP B9EAF10E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806240F0 5 Bytes JMP B9EAF0E4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8062458C 7 Bytes JMP B9EAF0F8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8062475C 7 Bytes JMP B9EAF124 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806254CE 5 Bytes JMP B9EAF0D0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8ECB380, 0x21FEFD, 0xE8000020]
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xB67D1280]
? C:\DOCUME~1\James\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[620] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes JMP 00910000
.text C:\WINDOWS\system32\svchost.exe[620] ntdll.dll!NtCreateFile + 4 7C90D0B2 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[620] ntdll.dll!NtCreateProcess 7C90D14E 3 Bytes JMP 00910FCA
.text C:\WINDOWS\system32\svchost.exe[620] ntdll.dll!NtCreateProcess + 4 7C90D152 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[620] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 00910FE5
.text C:\WINDOWS\system32\svchost.exe[620] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00900F7C
.text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00900F8D
.text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00900071
.text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00900FA8
.text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00900FCD
.text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009000A7
.text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0090008C
.text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00900F18
.text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00900F33
.text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009000CC
.text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0090004A
.text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00900014
.text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00900F61
.text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00900FDE
.text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0090002F
.text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00900F44
.text C:\WINDOWS\system32\svchost.exe[620] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF0025
.text C:\WINDOWS\system32\svchost.exe[620] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF005B
.text C:\WINDOWS\system32\svchost.exe[620] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF0FD4
.text C:\WINDOWS\system32\svchost.exe[620] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\svchost.exe[620] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF004A
.text C:\WINDOWS\system32\svchost.exe[620] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[620] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BF0F9E
.text C:\WINDOWS\system32\svchost.exe[620] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DF, 88]
.text C:\WINDOWS\system32\svchost.exe[620] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0FAF
.text C:\WINDOWS\system32\svchost.exe[620] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0F9C
.text C:\WINDOWS\system32\svchost.exe[620] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0FAD
.text C:\WINDOWS\system32\svchost.exe[620] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0FC8
.text C:\WINDOWS\system32\svchost.exe[620] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[620] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0027
.text C:\WINDOWS\system32\svchost.exe[620] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[620] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[620] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\svchost.exe[620] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00920FCA
.text C:\WINDOWS\system32\svchost.exe[620] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00920FB9
.text C:\WINDOWS\system32\svchost.exe[620] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00930FEF
.text C:\WINDOWS\Explorer.EXE[988] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01720FEF
.text C:\WINDOWS\Explorer.EXE[988] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0172001B
.text C:\WINDOWS\Explorer.EXE[988] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 6 Bytes JMP 0172000A
.text C:\WINDOWS\Explorer.EXE[988] ntdll.dll!NtSuspendThread 7C90DE3E 6 Bytes PUSH 011DB6C1; RET
.text C:\WINDOWS\Explorer.EXE[988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01710FEF
.text C:\WINDOWS\Explorer.EXE[988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01710F1F
.text C:\WINDOWS\Explorer.EXE[988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01710F3A
.text C:\WINDOWS\Explorer.EXE[988] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01710F57
.text C:\WINDOWS\Explorer.EXE[988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01710F68
.text C:\WINDOWS\Explorer.EXE[988] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01710F79
.text C:\WINDOWS\Explorer.EXE[988] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01710067
.text C:\WINDOWS\Explorer.EXE[988] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01710040
.text C:\WINDOWS\Explorer.EXE[988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01710089
.text C:\WINDOWS\Explorer.EXE[988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01710078
.text C:\WINDOWS\Explorer.EXE[988] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0171009A
.text C:\WINDOWS\Explorer.EXE[988] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01710000
.text C:\WINDOWS\Explorer.EXE[988] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01710FCA
.text C:\WINDOWS\Explorer.EXE[988] kernel32.dll!CreateProcessInternalW + 1 7C8197B1 5 Bytes [8C, B7, 1D, 01, C3]
.text C:\WINDOWS\Explorer.EXE[988] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0171002F
.text C:\WINDOWS\Explorer.EXE[988] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01710F9E
.text C:\WINDOWS\Explorer.EXE[988] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01710FAF
.text C:\WINDOWS\Explorer.EXE[988] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01710F04
.text C:\WINDOWS\Explorer.EXE[988] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0191001B
.text C:\WINDOWS\Explorer.EXE[988] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01910F94
.text C:\WINDOWS\Explorer.EXE[988] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01910FD4
.text C:\WINDOWS\Explorer.EXE[988] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01910FEF
.text C:\WINDOWS\Explorer.EXE[988] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01910FAF
.text C:\WINDOWS\Explorer.EXE[988] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01910000
.text C:\WINDOWS\Explorer.EXE[988] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01910051
.text C:\WINDOWS\Explorer.EXE[988] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0191002C
.text C:\WINDOWS\Explorer.EXE[988] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01900F95
.text C:\WINDOWS\Explorer.EXE[988] msvcrt.dll!system 77C293C7 5 Bytes JMP 01900FB0
.text C:\WINDOWS\Explorer.EXE[988] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01900FD2
.text C:\WINDOWS\Explorer.EXE[988] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01900000
.text C:\WINDOWS\Explorer.EXE[988] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01900FC1
.text C:\WINDOWS\Explorer.EXE[988] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01900FE3
.text C:\WINDOWS\Explorer.EXE[988] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0173000A
.text C:\WINDOWS\Explorer.EXE[988] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01730025
.text C:\WINDOWS\Explorer.EXE[988] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01730FEF
.text C:\WINDOWS\Explorer.EXE[988] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 01730036
.text C:\WINDOWS\Explorer.EXE[988] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01740000
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1168] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 6 Bytes PUSH 0697B6F4; RET
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1168] ntdll.dll!NtSuspendThread 7C90DE3E 6 Bytes PUSH 0697B6C1; RET
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1168] kernel32.dll!CreateProcessInternalW + 1 7C8197B1 5 Bytes [8C, B7, 97, 06, C3]
.text C:\WINDOWS\system32\services.exe[1480] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[1480] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00050FDE
.text C:\WINDOWS\system32\services.exe[1480] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00050014
.text C:\WINDOWS\system32\services.exe[1480] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\services.exe[1480] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00040051
.text C:\WINDOWS\system32\services.exe[1480] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00040F5C
.text C:\WINDOWS\system32\services.exe[1480] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00040036
.text C:\WINDOWS\system32\services.exe[1480] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00040025
.text C:\WINDOWS\system32\services.exe[1480] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00040F94
.text C:\WINDOWS\system32\services.exe[1480] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00040073
.text C:\WINDOWS\system32\services.exe[1480] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00040062
.text C:\WINDOWS\system32\services.exe[1480] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00040EE4
.text C:\WINDOWS\system32\services.exe[1480] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00040EF5
.text C:\WINDOWS\system32\services.exe[1480] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00040098
.text C:\WINDOWS\system32\services.exe[1480] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00040F79
.text C:\WINDOWS\system32\services.exe[1480] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\services.exe[1480] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00040F37
.text C:\WINDOWS\system32\services.exe[1480] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00040FA5
.text C:\WINDOWS\system32\services.exe[1480] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00040FC0
.text C:\WINDOWS\system32\services.exe[1480] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00040F10
.text C:\WINDOWS\system32\services.exe[1480] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006B0FC3
.text C:\WINDOWS\system32\services.exe[1480] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006B005B
.text C:\WINDOWS\system32\services.exe[1480] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006B0FD4
.text C:\WINDOWS\system32\services.exe[1480] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006B0FEF
.text C:\WINDOWS\system32\services.exe[1480] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006B0040
.text C:\WINDOWS\system32\services.exe[1480] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006B000A
.text C:\WINDOWS\system32\services.exe[1480] ADVAPI32.dll!RegCreateKeyW 77DFBA55 3 Bytes JMP 006B002F
.text C:\WINDOWS\system32\services.exe[1480] ADVAPI32.dll!RegCreateKeyW + 4 77DFBA59 1 Byte [88]
.text C:\WINDOWS\system32\services.exe[1480] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 3 Bytes JMP 006B0FA8
.text C:\WINDOWS\system32\services.exe[1480] ADVAPI32.dll!RegCreateKeyA + 4 77DFBCF7 1 Byte [88]
.text C:\WINDOWS\system32\services.exe[1480] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00070F8B
.text C:\WINDOWS\system32\services.exe[1480] msvcrt.dll!system 77C293C7 5 Bytes JMP 00070F9C
.text C:\WINDOWS\system32\services.exe[1480] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00070FD2
.text C:\WINDOWS\system32\services.exe[1480] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0007000C
.text C:\WINDOWS\system32\services.exe[1480] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00070FB7
.text C:\WINDOWS\system32\services.exe[1480] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[1480] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\lsass.exe[1492] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\lsass.exe[1492] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BB0014
.text C:\WINDOWS\system32\lsass.exe[1492] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BB0FDE
.text C:\WINDOWS\system32\lsass.exe[1492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\lsass.exe[1492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0062
.text C:\WINDOWS\system32\lsass.exe[1492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0F77
.text C:\WINDOWS\system32\lsass.exe[1492] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0051
.text C:\WINDOWS\system32\lsass.exe[1492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0F9E
.text C:\WINDOWS\system32\lsass.exe[1492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0FC0
.text C:\WINDOWS\system32\lsass.exe[1492] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA0F41
.text C:\WINDOWS\system32\lsass.exe[1492] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0089
.text C:\WINDOWS\system32\lsass.exe[1492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA00B5
.text C:\WINDOWS\system32\lsass.exe[1492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA00A4
.text C:\WINDOWS\system32\lsass.exe[1492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA00C6
.text C:\WINDOWS\system32\lsass.exe[1492] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0FAF
.text C:\WINDOWS\system32\lsass.exe[1492] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0FDB
.text C:\WINDOWS\system32\lsass.exe[1492] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0F52
.text C:\WINDOWS\system32\lsass.exe[1492] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0036
.text C:\WINDOWS\system32\lsass.exe[1492] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0011
.text C:\WINDOWS\system32\lsass.exe[1492] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0F26
.text C:\WINDOWS\system32\lsass.exe[1492] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C6001B
.text C:\WINDOWS\system32\lsass.exe[1492] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C60047
.text C:\WINDOWS\system32\lsass.exe[1492] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C60FCA
.text C:\WINDOWS\system32\lsass.exe[1492] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C60FE5
.text C:\WINDOWS\system32\lsass.exe[1492] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C60F94
.text C:\WINDOWS\system32\lsass.exe[1492] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\lsass.exe[1492] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C60036
.text C:\WINDOWS\system32\lsass.exe[1492] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C60FAF
.text C:\WINDOWS\system32\lsass.exe[1492] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD0F89
.text C:\WINDOWS\system32\lsass.exe[1492] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0F9A
.text C:\WINDOWS\system32\lsass.exe[1492] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD0FB5
.text C:\WINDOWS\system32\lsass.exe[1492] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\lsass.exe[1492] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD000A
.text C:\WINDOWS\system32\lsass.exe[1492] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD0FD2
.text C:\WINDOWS\system32\lsass.exe[1492] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] ntdll.dll!NtSuspendThread 7C90DE3E 4 Bytes [68, C1, B6, B4]
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] ntdll.dll!NtSuspendThread + 5 7C90DE43 1 Byte [C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] kernel32.dll!CreateProcessInternalW + 1 7C8197B1 3 Bytes [8C, B7, B4]
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] kernel32.dll!CreateProcessInternalW + 5 7C8197B5 1 Byte [C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00370025
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00370051
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00370FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00370FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00370F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0037000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00370FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [57, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00370040
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0038003D
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] msvcrt.dll!system 77C293C7 5 Bytes JMP 0038002C
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00380FD7
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00380000
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00380FBC
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00380011
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00B4ADE7; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] WS2_32.dll!WSASocketW 71AB404E 6 Bytes PUSH 00B4ADB0; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] WS2_32.dll!socket 71AB4211 6 Bytes PUSH 00B4AD54; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] WS2_32.dll!connect 71AB4A07 6 Bytes PUSH 00B4AE42; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00B4AEC4; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes PUSH 00B4B86A; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] WS2_32.dll!recv 71AB676F 6 Bytes PUSH 00B4AE84; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00B4B81A; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes PUSH 00B4B99F; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] wininet.dll!InternetOpenA 3D95D690 5 Bytes JMP 009E0000
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] wininet.dll!InternetOpenW 3D95DB09 5 Bytes JMP 009E0011
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] wininet.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 009E0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[1632] wininet.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 009E0040
.text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FE0011
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FD0093
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FD0082
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FD005B
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FD004A
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FD0025
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FD0F72
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FD00AE
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FD0F4D
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FD00E6
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FD0F32
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FD0F9E
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FD0FE5
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FD0F83
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FD0FB9
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FD0FD4
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FD00D5
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02420FC3
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02420080
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02420014
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02420FDE
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02420065
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02420FEF
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02420054
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02420039
.text C:\WINDOWS\system32\svchost.exe[1656] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02410027
.text C:\WINDOWS\system32\svchost.exe[1656] msvcrt.dll!system 77C293C7 5 Bytes JMP 02410016
.text C:\WINDOWS\system32\svchost.exe[1656] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02410FC1
.text C:\WINDOWS\system32\svchost.exe[1656] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02410FEF
.text C:\WINDOWS\system32\svchost.exe[1656] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02410FA6
.text C:\WINDOWS\system32\svchost.exe[1656] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02410FD2
.text C:\WINDOWS\system32\svchost.exe[1656] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\svchost.exe[1748] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[1748] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C20036
.text C:\WINDOWS\system32\svchost.exe[1748] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C2001B
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C100A5
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C10080
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C1006F
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C10054
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10FCD
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C100D3
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C10F8B
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C10F55
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C10F66
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C10109
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C10FB2
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C100B6
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C10039
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C10FDE
.text C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C100EE
.text C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CD0FCA
.text C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CD0F9E
.text C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CD0FDB
.text C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CD0011
.text C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CD0FAF
.text C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CD0051
.text C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CD0036
.text C:\WINDOWS\system32\svchost.exe[1748] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C40FB4
.text C:\WINDOWS\system32\svchost.exe[1748] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C4003F
.text C:\WINDOWS\system32\svchost.exe[1748] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C4002E
.text C:\WINDOWS\system32\svchost.exe[1748] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C4000C
.text C:\WINDOWS\system32\svchost.exe[1748] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C40FCF
.text C:\WINDOWS\system32\svchost.exe[1748] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C4001D
.text C:\WINDOWS\system32\svchost.exe[1748] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C30000
.text C:\WINDOWS\System32\svchost.exe[1788] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 015B0FEF
.text C:\WINDOWS\System32\svchost.exe[1788] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 015B0FD4
.text C:\WINDOWS\System32\svchost.exe[1788] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 015B000A
.text C:\WINDOWS\System32\svchost.exe[1788] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 015A0000
.text C:\WINDOWS\System32\svchost.exe[1788] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 015A0F3A
.text C:\WINDOWS\System32\svchost.exe[1788] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 015A0F5F
.text C:\WINDOWS\System32\svchost.exe[1788] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 015A0F7C
.text C:\WINDOWS\System32\svchost.exe[1788] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 015A0F8D
.text C:\WINDOWS\System32\svchost.exe[1788] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 015A0FB9
.text C:\WINDOWS\System32\svchost.exe[1788] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 015A0065
.text C:\WINDOWS\System32\svchost.exe[1788] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 015A0F13
.text C:\WINDOWS\System32\svchost.exe[1788] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 015A0091
.text C:\WINDOWS\System32\svchost.exe[1788] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 015A0F02
.text C:\WINDOWS\System32\svchost.exe[1788] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 015A0EDD
.text C:\WINDOWS\System32\svchost.exe[1788] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 015A0FA8
.text C:\WINDOWS\System32\svchost.exe[1788] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 015A0FE5
.text C:\WINDOWS\System32\svchost.exe[1788] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 015A004A
.text C:\WINDOWS\System32\svchost.exe[1788] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 015A0025
.text C:\WINDOWS\System32\svchost.exe[1788] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 015A0FD4
.text C:\WINDOWS\System32\svchost.exe[1788] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 015A0080
.text C:\WINDOWS\System32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 025F0FC0
.text C:\WINDOWS\System32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 025F0058
.text C:\WINDOWS\System32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 025F0FDB
.text C:\WINDOWS\System32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 025F0011
.text C:\WINDOWS\System32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 025F003D
.text C:\WINDOWS\System32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 025F0000
.text C:\WINDOWS\System32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 025F002C
.text C:\WINDOWS\System32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 025F0FA5
.text C:\WINDOWS\System32\svchost.exe[1788] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 025E0038
.text C:\WINDOWS\System32\svchost.exe[1788] msvcrt.dll!system 77C293C7 5 Bytes JMP 025E001D
.text C:\WINDOWS\System32\svchost.exe[1788] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 025E0FB7
.text C:\WINDOWS\System32\svchost.exe[1788] msvcrt.dll!_open 77C2F566 5 Bytes JMP 025E0FEF
.text C:\WINDOWS\System32\svchost.exe[1788] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 025E000C
.text C:\WINDOWS\System32\svchost.exe[1788] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 025E0FD2
.text C:\WINDOWS\System32\svchost.exe[1788] WS2_32.dll!socket 71AB4211 5 Bytes JMP 025D0FEF
.text C:\WINDOWS\System32\svchost.exe[1788] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 015C0000
.text C:\WINDOWS\System32\svchost.exe[1788] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 015C001B
.text C:\WINDOWS\System32\svchost.exe[1788] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 015C002C
.text C:\WINDOWS\System32\svchost.exe[1788] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 015C003D
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ntdll.dll!NtSuspendThread 7C90DE3E 4 Bytes [68, C1, B6, B4]
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ntdll.dll!NtSuspendThread + 5 7C90DE43 1 Byte [C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] kernel32.dll!CreateProcessInternalW + 1 7C8197B1 3 Bytes [8C, B7, B4]
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] kernel32.dll!CreateProcessInternalW + 5 7C8197B5 1 Byte [C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00370051
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00370087
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00370040
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00370025
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00370FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0037000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00370FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [57, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00370062
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00380F8B
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] msvcrt.dll!system 77C293C7 5 Bytes JMP 00380016
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00380FC1
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00380FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00380FA6
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00380FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00B4ADE7; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] WS2_32.dll!WSASocketW 71AB404E 6 Bytes PUSH 00B4ADB0; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] WS2_32.dll!socket 71AB4211 6 Bytes PUSH 00B4AD54; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] WS2_32.dll!connect 71AB4A07 6 Bytes PUSH 00B4AE42; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00B4AEC4; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes PUSH 00B4B86A; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] WS2_32.dll!recv 71AB676F 6 Bytes PUSH 00B4AE84; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00B4B81A; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes PUSH 00B4B99F; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] wininet.dll!InternetOpenA 3D95D690 5 Bytes JMP 009E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] wininet.dll!InternetOpenW 3D95DB09 5 Bytes JMP 009E0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] wininet.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 009E0025
.text C:\Program Files\Internet Explorer\iexplore.exe[1832] wininet.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 009E0036
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BC002C
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BC001B
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0F48
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0F63
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB003D
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0F80
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0FAF
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0084
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB0073
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB0EFC
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0F17
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB0EEB
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB002C
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB0058
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB001B
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB000A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB0095
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BA0FDB
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BA007D
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BA0022
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BA0011
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BA0062
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BA0047
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BA0FC0
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD0FB0
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0031
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD0FD2
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD0FC1
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD0FE3
.text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007A0000
.text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007A0FCA
.text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007A0FDB
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00790FEF
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00790F8D
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00790082
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!LoadLibraryExW 7C801AF5 3 Bytes JMP 00790F9E
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!LoadLibraryExW + 4 7C801AF9 1 Byte [83]
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00790FAF
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00790047
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00790F5C
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007900A4
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00790F1C
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007900BF
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007900DA
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00790FC0
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00790000
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00790093
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00790036
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0079001B
.text C:\WINDOWS\system32\svchost.exe[1976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00790F41
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007D0025
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007D0040
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007D0FD4
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007D0000
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007D0F8D
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007D0FE5
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007D0FA8
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9D, 88]
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007D0FB9
.text C:\WINDOWS\system32\svchost.exe[1976] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007C002C
.text C:\WINDOWS\system32\svchost.exe[1976] msvcrt.dll!system 77C293C7 5 Bytes JMP 007C0FA1
.text C:\WINDOWS\system32\svchost.exe[1976] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007C0011
.text C:\WINDOWS\system32\svchost.exe[1976] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007C0FEF
.text C:\WINDOWS\system32\svchost.exe[1976] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007C0FB2
.text C:\WINDOWS\system32\svchost.exe[1976] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007C0000
.text C:\WINDOWS\system32\svchost.exe[1976] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007B0FEF
.text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BF001B
.text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0F96
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0FA7
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE008B
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE007A
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0058
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE00D4
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE00C3
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0100
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE00EF
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE0F4C
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0069
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE0011
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE009C
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE0047
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE002C
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE0F71
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C20036
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C20FA8
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C20FE5
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C2001B
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C20FB9
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C20FD4
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E2, 88] {LOOP 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C2005B
.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C10FA6
.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C10031
.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C10016
.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C10FC1
.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C10FD2
.text C:\WINDOWS\system32\svchost.exe[2032] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C00000
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] ntdll.dll!NtSuspendThread 7C90DE3E 4 Bytes [68, C1, B6, B4]
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] ntdll.dll!NtSuspendThread + 5 7C90DE43 1 Byte [C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] kernel32.dll!CreateProcessInternalW + 1 7C8197B1 3 Bytes [8C, B7, B4]
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] kernel32.dll!CreateProcessInternalW + 5 7C8197B5 1 Byte [C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00370040
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00370FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0037002F
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00370FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00370FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0037000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00370065
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00370FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00380FAD
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] msvcrt.dll!system 77C293C7 5 Bytes JMP 0038002E
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0038000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00380FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0038001D
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00380FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] WS2_32.dll!closesocket 71AB3E2B 6 Bytes PUSH 00B4ADE7; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] WS2_32.dll!WSASocketW 71AB404E 6 Bytes PUSH 00B4ADB0; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] WS2_32.dll!socket 71AB4211 6 Bytes PUSH 00B4AD54; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] WS2_32.dll!connect 71AB4A07 6 Bytes PUSH 00B4AE42; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00B4AEC4; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes PUSH 00B4B86A; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] WS2_32.dll!recv 71AB676F 6 Bytes PUSH 00B4AE84; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00B4B81A; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes PUSH 00B4B99F; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] wininet.dll!InternetOpenA 3D95D690 5 Bytes JMP 009E0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] wininet.dll!InternetOpenW 3D95DB09 5 Bytes JMP 009E0FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] wininet.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 009E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2564] wininet.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 009E001B
.text C:\WINDOWS\System32\svchost.exe[3804] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090FE5
.text C:\WINDOWS\System32\svchost.exe[3804] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090000
.text C:\WINDOWS\System32\svchost.exe[3804] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FCA
.text C:\WINDOWS\System32\svchost.exe[3804] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000
.text C:\WINDOWS\System32\svchost.exe[3804] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0085
.text C:\WINDOWS\System32\svchost.exe[3804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F86
.text C:\WINDOWS\System32\svchost.exe[3804] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0F97
.text C:\WINDOWS\System32\svchost.exe[3804] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0FA8
.text C:\WINDOWS\System32\svchost.exe[3804] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B004A
.text C:\WINDOWS\System32\svchost.exe[3804] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B00A0
.text C:\WINDOWS\System32\svchost.exe[3804] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F64
.text C:\WINDOWS\System32\svchost.exe[3804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00D6
.text C:\WINDOWS\System32\svchost.exe[3804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0F3D
.text C:\WINDOWS\System32\svchost.exe[3804] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B00F1
.text C:\WINDOWS\System32\svchost.exe[3804] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0FC3
.text C:\WINDOWS\System32\svchost.exe[3804] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\System32\svchost.exe[3804] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F75
.text C:\WINDOWS\System32\svchost.exe[3804] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FD4
.text C:\WINDOWS\System32\svchost.exe[3804] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0025
.text C:\WINDOWS\System32\svchost.exe[3804] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B00BB
.text C:\WINDOWS\System32\svchost.exe[3804] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0FC3
.text C:\WINDOWS\System32\svchost.exe[3804] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0F7C
.text C:\WINDOWS\System32\svchost.exe[3804] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0014
.text C:\WINDOWS\System32\svchost.exe[3804] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0FDE
.text C:\WINDOWS\System32\svchost.exe[3804] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0039
.text C:\WINDOWS\System32\svchost.exe[3804] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\System32\svchost.exe[3804] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002A0F8D
.text C:\WINDOWS\System32\svchost.exe[3804] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4A, 88]
.text C:\WINDOWS\System32\svchost.exe[3804] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0FA8
.text C:\WINDOWS\System32\svchost.exe[3804] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003F0FA3
.text C:\WINDOWS\System32\svchost.exe[3804] msvcrt.dll!system 77C293C7 5 Bytes JMP 003F002E
.text C:\WINDOWS\System32\svchost.exe[3804] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003F001D
.text C:\WINDOWS\System32\svchost.exe[3804] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003F0000
.text C:\WINDOWS\System32\svchost.exe[3804] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003F0FC8
.text C:\WINDOWS\System32\svchost.exe[3804] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003F0FEF
.text C:\WINDOWS\System32\svchost.exe[3804] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009C0FEF

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat B1E85D20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\James\Cookies\james@supremeadserver[5].txt 0 bytes
File C:\Documents and Settings\James\Cookies\james@collective-media[4].txt 798 bytes
File C:\Documents and Settings\James\Cookies\james@CAGF0D06.txt 1152 bytes
File C:\Documents and Settings\James\Cookies\james@CAGTDMQW.txt 514 bytes
File C:\Documents and Settings\James\Cookies\james@CA5MW1UK.txt 0 bytes
File C:\Documents and Settings\James\Cookies\james@CATFBMAT.txt 110 bytes
File C:\Documents and Settings\James\Cookies\james@bleepingcomputer[2].txt 1049 bytes
File C:\Documents and Settings\James\Cookies\james@CA91QH6L.txt 514 bytes
File C:\Documents and Settings\James\Local Settings\Temporary Internet Files\Content.IE5\W8XAD5UK\fhD-jyUVWH0J[1].jpg 1850 bytes
File C:\Documents and Settings\James\Local Settings\Temporary Internet Files\Content.IE5\W8XAD5UK\search[4].htm 149866 bytes

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:20 PM

Posted 09 May 2011 - 07:53 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 passthedip

passthedip
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 09 May 2011 - 07:58 PM

Hi m0le,

The only thing I have done since posting the logs is install Firefox, as this browser seems to be less affected by the redirect.

Thanks!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:20 PM

Posted 09 May 2011 - 08:06 PM

Let's check for rootkits first

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 passthedip

passthedip
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 09 May 2011 - 08:37 PM

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-09 21:25:55
-----------------------------
21:25:55.671 OS Version: Windows 5.1.2600 Service Pack 3
21:25:55.687 Number of processors: 2 586 0xE08
21:25:55.687 ComputerName: TOAD UserName:
21:25:58.843 Initialize success
21:26:13.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:26:13.984 Disk 0 Vendor: Hitachi_HTS541080G9SA00 MB4OC60R Size: 74881MB BusType: 3
21:26:16.015 Disk 0 MBR read successfully
21:26:16.015 Disk 0 MBR scan
21:26:16.015 Disk 0 Windows XP default MBR code
21:26:18.015 Disk 0 scanning sectors +153340425
21:26:18.093 Disk 0 scanning C:\WINDOWS\system32\drivers
21:26:36.578 Service scanning
21:26:38.187 Disk 0 trace - called modules:
21:26:38.218 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:26:38.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a713ab8]
21:26:38.218 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000007a[0x8a6d89e8]
21:26:38.218 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a719940]
21:26:38.218 Scan finished successfully
21:36:54.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\James\Desktop\MBR.dat"
21:36:54.343 The log file has been saved successfully to "C:\Documents and Settings\James\Desktop\aswMBR.txt"

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:20 PM

Posted 10 May 2011 - 01:38 PM

Okay, no rootkit so we should be able to go after the trojan that's causing this

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 passthedip

passthedip
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 10 May 2011 - 02:48 PM

ComboFix 11-05-09.03 - James 05/10/2011 15:24:17.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.710 [GMT -4:00]
Running from: c:\documents and settings\James\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))
.
.
2011-05-09 20:59 . 2011-05-09 21:11 -------- d-----w- c:\documents and settings\James\dwhelper
2011-05-03 23:55 . 2011-05-03 23:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2011-05-02 07:40 . 2011-05-02 07:40 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Mozilla
2011-04-26 23:55 . 2011-04-26 23:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-04-16 00:58 . 2011-04-16 00:58 -------- d-----w- c:\program files\iPod
2011-04-16 00:55 . 2011-04-16 00:55 -------- d-----w- c:\program files\Apple Software Update
2011-04-16 00:53 . 2011-04-16 00:53 -------- d-----w- c:\program files\Bonjour
2011-04-15 06:42 . 2011-04-15 07:41 -------- d-----w- c:\documents and settings\James\Application Data\SSH
2011-04-15 06:41 . 2011-04-15 06:41 -------- d-----w- c:\program files\SSH Communications Security
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2009-08-03 06:26 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-13 23:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-04-13 23:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2008-04-13 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2008-04-13 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2008-04-13 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-04-13 23:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2008-04-13 23:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-13 23:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-08-03 11:36 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-13 23:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-04-14 16:26 . 2011-05-02 07:40 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-10-14 03:28 . 2011-05-03 06:06 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2010-10-12_19.04.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-13 23:00 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
- 2008-04-13 23:00 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2008-04-13 23:00 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
- 2010-06-28 04:21 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
+ 2010-06-28 04:21 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll
+ 2009-08-03 11:17 . 2011-05-08 23:20 80539 c:\windows\system32\nvModes.dat
+ 2008-04-13 23:00 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
- 2008-04-13 23:00 . 2009-03-08 08:31 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 08:31 . 2010-06-24 12:21 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 08:31 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-11-03 05:35 . 2011-01-08 00:57 23324 c:\windows\system32\mlfcache.dat
- 2009-11-03 05:35 . 2010-07-23 18:11 23324 c:\windows\system32\mlfcache.dat
+ 2008-04-13 23:00 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
- 2008-04-13 23:00 . 2010-06-24 12:21 25600 c:\windows\system32\jsproxy.dll
+ 2010-10-07 16:23 . 2010-10-07 16:23 75040 c:\windows\system32\jdns_sd.dll
+ 2009-08-03 06:26 . 2010-11-18 18:12 81920 c:\windows\system32\isign32.dll
- 2009-08-03 06:26 . 2008-04-13 23:00 81920 c:\windows\system32\isign32.dll
+ 2011-04-16 00:54 . 2011-02-18 20:36 41984 c:\windows\system32\DRVSTORE\usbaapl_05A32DBD3911A2EF4222EF5BE7BB535FAB37D6C4\usbaapl.sys
+ 2011-04-16 00:54 . 2010-04-20 00:29 18432 c:\windows\system32\DRVSTORE\netaapl_8A27A03003759CB01567E831096473C330131D64\netaapl.sys
+ 2010-12-31 17:00 . 2008-04-14 05:15 15104 c:\windows\system32\drivers\usbscan.sys
+ 2009-11-02 19:34 . 2010-09-28 20:44 41984 c:\windows\system32\drivers\usbaapl.sys
+ 2008-04-13 23:00 . 2010-11-02 15:17 40960 c:\windows\system32\drivers\ndproxy.sys
+ 2010-12-28 23:52 . 2010-10-14 03:28 84072 c:\windows\system32\drivers\mfetdi2k.sys
+ 2010-12-28 23:52 . 2010-10-14 03:28 84264 c:\windows\system32\drivers\mferkdet.sys
+ 2010-12-28 23:52 . 2010-10-14 03:28 88544 c:\windows\system32\drivers\mfendisk.sys
+ 2010-12-28 23:52 . 2010-10-14 03:28 52104 c:\windows\system32\drivers\mfebopk.sys
+ 2010-12-28 23:52 . 2010-10-14 03:28 95600 c:\windows\system32\drivers\mfeapfk.sys
- 2010-10-03 00:02 . 2010-04-29 19:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2011-03-31 04:48 . 2010-12-20 22:09 38224 c:\windows\system32\drivers\mbamswissarmy.sys
- 2010-10-03 00:02 . 2010-04-29 19:39 20952 c:\windows\system32\drivers\mbam.sys
+ 2011-03-31 04:48 . 2010-12-20 22:08 20952 c:\windows\system32\drivers\mbam.sys
+ 2010-12-28 23:52 . 2010-10-14 03:28 55840 c:\windows\system32\drivers\cfwids.sys
+ 2010-10-07 16:23 . 2010-10-07 16:23 91424 c:\windows\system32\dnssd.dll
+ 2008-04-13 23:00 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
- 2008-04-13 23:00 . 2008-04-13 23:00 45568 c:\windows\system32\dnsrslvr.dll
+ 2009-08-03 13:36 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-08-03 13:36 . 2010-06-24 12:22 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-08-03 06:26 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe
+ 2010-12-31 17:00 . 2008-04-14 05:15 15104 c:\windows\system32\dllcache\usbscan.sys
+ 2008-04-13 23:00 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2008-04-13 23:00 . 2010-11-02 15:17 40960 c:\windows\system32\dllcache\ndproxy.sys
+ 2008-04-13 23:00 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2008-04-13 23:00 . 2009-03-08 08:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-08-03 13:36 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-08-03 13:36 . 2010-06-24 12:21 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-04-13 23:00 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-04-13 23:00 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2008-04-13 23:00 . 2010-06-24 12:21 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-08-03 06:26 . 2008-04-13 23:00 81920 c:\windows\system32\dllcache\isign32.dll
+ 2009-08-03 06:26 . 2010-11-18 18:12 81920 c:\windows\system32\dllcache\isign32.dll
- 2008-04-13 23:00 . 2008-04-13 23:00 45568 c:\windows\system32\dllcache\dnsrslvr.dll
+ 2008-04-13 23:00 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
- 2008-04-13 23:00 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2008-04-13 23:00 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2008-04-13 23:00 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2008-04-13 23:00 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2009-08-03 10:41 . 2011-05-10 02:17 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-03 10:41 . 2010-10-12 15:46 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-03 10:41 . 2011-05-10 02:17 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-03 10:41 . 2010-10-12 15:46 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-10-12 23:56 . 2011-05-10 02:17 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-08-03 10:41 . 2010-10-12 15:46 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-04-16 00:55 . 2011-04-16 00:55 27136 c:\windows\Installer\{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe
+ 2009-10-20 06:32 . 2011-04-17 18:48 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-10-20 06:32 . 2010-09-15 04:46 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-10-20 06:32 . 2011-04-17 18:48 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-10-20 06:32 . 2010-09-15 04:46 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-10-20 06:32 . 2010-09-15 04:46 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-10-20 06:32 . 2011-04-17 18:48 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-10-20 06:32 . 2010-09-15 04:46 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-10-20 06:32 . 2011-04-17 18:48 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-09-15 04:43 . 2010-09-15 04:43 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-04-17 18:40 . 2011-04-17 18:40 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-06-05 03:29 . 2010-09-29 09:52 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-05 03:29 . 2011-04-21 16:45 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-04-17 18:44 . 2010-12-20 23:59 12800 c:\windows\ie8updates\KB2497640-IE8\xpshims.dll
+ 2011-04-17 18:44 . 2010-12-20 23:59 66560 c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll
+ 2011-04-17 18:44 . 2010-12-20 23:59 55296 c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll
+ 2011-04-17 18:44 . 2010-12-20 23:59 43520 c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll
+ 2011-04-17 18:44 . 2010-12-20 23:59 25600 c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll
+ 2011-02-13 16:49 . 2010-11-06 00:26 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-02-13 16:49 . 2010-11-06 00:26 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-02-13 16:49 . 2010-11-06 00:26 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-02-13 16:49 . 2010-11-06 00:26 43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-02-13 16:49 . 2010-11-06 00:26 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
+ 2010-12-22 06:50 . 2010-09-10 05:58 12800 c:\windows\ie8updates\KB2416400-IE8\xpshims.dll
+ 2010-12-22 06:50 . 2010-09-10 05:58 66560 c:\windows\ie8updates\KB2416400-IE8\mshtmled.dll
+ 2010-12-22 06:50 . 2010-09-10 05:58 55296 c:\windows\ie8updates\KB2416400-IE8\msfeedsbs.dll
+ 2010-12-22 06:50 . 2010-09-10 05:58 43520 c:\windows\ie8updates\KB2416400-IE8\licmgr10.dll
+ 2010-12-22 06:50 . 2010-09-10 05:58 25600 c:\windows\ie8updates\KB2416400-IE8\jsproxy.dll
+ 2010-10-14 13:15 . 2010-06-24 12:22 12800 c:\windows\ie8updates\KB2360131-IE8\xpshims.dll
+ 2010-10-14 13:15 . 2009-03-08 08:31 66560 c:\windows\ie8updates\KB2360131-IE8\mshtmled.dll
+ 2010-10-14 13:15 . 2010-06-24 12:21 55296 c:\windows\ie8updates\KB2360131-IE8\msfeedsbs.dll
+ 2010-10-14 13:15 . 2009-03-08 08:34 43008 c:\windows\ie8updates\KB2360131-IE8\licmgr10.dll
+ 2010-10-14 13:15 . 2010-06-24 12:21 25600 c:\windows\ie8updates\KB2360131-IE8\jsproxy.dll
+ 2011-04-17 18:47 . 2011-04-17 18:47 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\368187bcb570d202a019fc7c53b1df4c\UIAutomationProvider.ni.dll
+ 2011-04-17 22:23 . 2011-04-17 22:23 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\3f621b90371e67197bd4d0b86aa6f21d\System.Windows.Presentation.ni.dll
+ 2011-04-17 22:22 . 2011-04-17 22:22 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\577b049541803541e6b00e2c36c00852\System.Web.DynamicData.Design.ni.dll
+ 2011-04-17 22:20 . 2011-04-17 22:20 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\636ed65b7e5481320e3010b78a5e6cfa\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-04-17 22:19 . 2011-04-17 22:19 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f83b1e8dd8c90490c8d924826c8b107d\System.AddIn.Contract.ni.dll
+ 2011-04-17 18:45 . 2011-04-17 18:45 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2740ba673b1040f1995f13c6044da64c\PresentationFontCache.ni.exe
+ 2011-04-17 18:44 . 2011-04-17 18:44 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8514e7de63d46b6f8232ef70d93a1650\PresentationCFFRasterizer.ni.dll
+ 2011-04-17 22:21 . 2011-04-17 22:21 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\108426b4dc654100c9a99bfa71f69886\Microsoft.Vsa.ni.dll
+ 2011-04-17 22:19 . 2011-04-17 22:19 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8905268997c77a27c7f9c54aeba37f24\Microsoft.Build.Framework.ni.dll
+ 2011-04-17 22:19 . 2011-04-17 22:19 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\11bb8ef375848eb1c074da1afd5cecdc\Microsoft.Build.Framework.ni.dll
+ 2011-04-17 22:18 . 2011-04-17 22:18 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\6d74b9308a1517bfe959e597c3dd2427\dfsvc.ni.exe
+ 2011-04-17 19:58 . 2011-04-17 19:58 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\fdf7f1404f4a5c7f5a0463d8e7a442e4\Accessibility.ni.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-10-05 20:11 . 2010-10-05 20:11 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-04-17 18:43 . 2011-04-17 18:43 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-10-05 20:11 . 2010-10-05 20:11 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-10-05 20:11 . 2010-10-05 20:11 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-02-13 16:48 . 2009-12-14 07:08 33280 c:\windows\$NtUninstallKB2476687$\csrsrv.dll
+ 2010-12-22 06:48 . 2010-06-21 14:46 46080 c:\windows\$NtUninstallKB2443685$\tzchange.exe
+ 2010-12-22 06:48 . 2010-11-05 05:57 16896 c:\windows\$NtUninstallKB2443685$\spuninst\tzchange.dll
+ 2010-12-22 06:50 . 2008-04-13 23:00 81920 c:\windows\$NtUninstallKB2443105$\isign32.dll
+ 2010-12-22 06:50 . 2008-04-13 23:00 40576 c:\windows\$NtUninstallKB2440591$\ndproxy.sys
+ 2010-12-22 06:45 . 2008-04-13 23:00 46080 c:\windows\$NtUninstallKB2423089$\wab.exe
+ 2010-10-16 18:45 . 2008-04-13 23:00 96768 c:\windows\$NtUninstallKB2345886$\srvsvc.dll
+ 2010-10-16 18:45 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB982132\update\spcustom.dll
+ 2010-10-16 18:45 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB982132\spmsg.dll
+ 2010-10-14 13:12 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB981957\update\spcustom.dll
+ 2010-10-14 13:12 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB981957\spmsg.dll
+ 2010-10-14 13:16 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979687\update\spcustom.dll
+ 2010-10-14 13:16 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB979687\spmsg.dll
+ 2011-02-25 17:22 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971029\update\spcustom.dll
+ 2011-02-25 17:22 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971029\spmsg.dll
+ 2011-03-28 03:57 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2524375\update\spcustom.dll
+ 2011-03-28 03:57 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2524375\spmsg.dll
+ 2011-02-13 16:52 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2485376\update\spcustom.dll
+ 2011-02-13 16:52 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2485376\spmsg.dll
+ 2011-02-13 16:52 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2483185\update\spcustom.dll
+ 2011-02-13 16:52 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2483185\spmsg.dll
+ 2011-02-13 16:49 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2482017-IE8\update\spcustom.dll
+ 2011-02-13 16:49 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2482017-IE8\spmsg.dll
+ 2011-02-09 04:15 . 2010-12-20 23:58 12800 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\xpshims.dll
+ 2011-02-09 04:15 . 2010-12-20 23:58 66560 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtmled.dll
+ 2011-02-09 04:15 . 2010-12-20 23:58 55296 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeedsbs.dll
+ 2011-02-09 04:15 . 2010-12-20 23:58 43520 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\licmgr10.dll
+ 2011-02-09 04:15 . 2010-12-20 23:58 25600 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\jsproxy.dll
+ 2011-03-11 18:37 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2481109\update\spcustom.dll
+ 2011-03-11 18:37 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2481109\spmsg.dll
+ 2011-02-02 07:57 . 2011-02-02 07:57 53248 c:\windows\$hf_mig$\KB2481109\SP3QFE\tsgqec.dll
+ 2011-03-11 18:40 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2479943\update\spcustom.dll
+ 2011-03-11 18:40 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2479943\spmsg.dll
+ 2011-02-13 16:52 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2479628\update\spcustom.dll
+ 2011-02-13 16:52 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2479628\spmsg.dll
+ 2011-02-13 16:53 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2478971\update\spcustom.dll
+ 2011-02-13 16:53 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2478971\spmsg.dll
+ 2011-02-13 16:48 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2478960\update\spcustom.dll
+ 2011-02-13 16:48 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2478960\spmsg.dll
+ 2011-02-13 16:48 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2476687\update\spcustom.dll
+ 2011-02-13 16:48 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2476687\spmsg.dll
+ 2010-12-09 14:29 . 2010-12-09 14:29 33280 c:\windows\$hf_mig$\KB2476687\SP3QFE\csrsrv.dll
+ 2010-12-22 06:48 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2467659\update\spcustom.dll
+ 2010-12-22 06:48 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2467659\spmsg.dll
+ 2010-12-22 06:50 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2443105\update\spcustom.dll
+ 2010-12-22 06:50 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2443105\spmsg.dll
+ 2010-11-18 18:12 . 2010-11-18 18:12 81920 c:\windows\$hf_mig$\KB2443105\SP3QFE\isign32.dll
+ 2010-12-22 06:50 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2440591\update\spcustom.dll
+ 2010-12-22 06:50 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2440591\spmsg.dll
+ 2010-12-15 02:18 . 2010-11-03 05:55 40960 c:\windows\$hf_mig$\KB2440591\SP3QFE\ndproxy.sys
+ 2010-12-22 06:48 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2436673\update\spcustom.dll
+ 2010-12-22 06:48 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2436673\spmsg.dll
+ 2010-12-22 06:45 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2423089\update\spcustom.dll
+ 2010-12-22 06:45 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2423089\spmsg.dll
+ 2010-12-15 02:17 . 2010-10-11 14:55 45568 c:\windows\$hf_mig$\KB2423089\SP3QFE\wab.exe
+ 2011-01-12 06:31 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2419632\update\spcustom.dll
+ 2011-01-12 06:31 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2419632\spmsg.dll
+ 2010-12-22 06:50 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2416400-IE8\update\spcustom.dll
+ 2010-12-22 06:50 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2416400-IE8\spmsg.dll
+ 2010-12-15 02:18 . 2010-11-06 00:27 12800 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\xpshims.dll
+ 2010-12-15 02:18 . 2010-11-06 00:27 66560 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtmled.dll
+ 2010-12-15 02:18 . 2010-11-06 00:27 55296 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\msfeedsbs.dll
+ 2010-12-15 02:18 . 2010-11-06 00:27 43520 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\licmgr10.dll
+ 2010-12-15 02:18 . 2010-11-06 00:27 25600 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\jsproxy.dll
+ 2011-02-13 16:48 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2393802\update\spcustom.dll
+ 2011-02-09 04:13 . 2010-12-09 15:15 16896 c:\windows\$hf_mig$\KB2393802\update\mpsyschk.dll
+ 2011-02-13 16:48 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2393802\spmsg.dll
+ 2010-10-16 18:46 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2387149\update\spcustom.dll
+ 2010-10-16 18:46 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2387149\spmsg.dll
+ 2010-10-14 13:10 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2360937\update\spcustom.dll
+ 2010-10-14 13:10 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2360937\spmsg.dll
+ 2010-10-14 13:15 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB2360131-IE8\update\spcustom.dll
+ 2010-10-14 13:15 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB2360131-IE8\spmsg.dll
+ 2010-10-14 00:29 . 2010-09-10 05:57 12800 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\xpshims.dll
+ 2010-10-14 00:29 . 2010-09-10 05:57 66560 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtmled.dll
+ 2010-10-14 00:29 . 2010-09-10 05:57 55296 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\msfeedsbs.dll
+ 2010-10-14 00:29 . 2010-09-10 05:57 43520 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\licmgr10.dll
+ 2010-10-14 00:29 . 2010-09-10 05:57 25600 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\jsproxy.dll
+ 2010-10-16 18:45 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2345886\update\spcustom.dll
+ 2010-10-16 18:45 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2345886\spmsg.dll
+ 2010-08-27 06:05 . 2010-08-27 06:05 99840 c:\windows\$hf_mig$\KB2345886\SP3QFE\srvsvc.dll
+ 2010-12-22 06:51 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2296199\update\spcustom.dll
+ 2010-12-22 06:51 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2296199\spmsg.dll
+ 2010-10-16 18:45 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2279986\update\spcustom.dll
+ 2010-10-16 18:45 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2279986\spmsg.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-12-31 17:00 . 2001-08-18 03:36 5632 c:\windows\system32\ptpusb.dll
+ 2010-12-28 23:53 . 2010-10-14 03:28 9344 c:\windows\system32\drivers\mfeclnk.sys
- 2010-04-04 23:34 . 2001-08-18 02:36 8192 c:\windows\system32\dllcache\kbdkor.dll
+ 2010-04-04 23:34 . 2001-08-18 03:36 8192 c:\windows\system32\dllcache\kbdkor.dll
- 2010-04-04 23:34 . 2001-08-18 02:36 8704 c:\windows\system32\dllcache\kbdjpn.dll
+ 2010-04-04 23:34 . 2001-08-18 03:36 8704 c:\windows\system32\dllcache\kbdjpn.dll
- 2010-04-04 23:34 . 2008-04-14 09:39 6144 c:\windows\system32\dllcache\kbd106.dll
+ 2010-04-04 23:34 . 2008-04-14 10:39 6144 c:\windows\system32\dllcache\kbd106.dll
- 2010-04-04 23:34 . 2001-08-17 18:55 5632 c:\windows\system32\dllcache\kbd103.dll
+ 2010-04-04 23:34 . 2001-08-17 19:55 5632 c:\windows\system32\dllcache\kbd103.dll
+ 2010-04-04 23:34 . 2001-08-17 19:55 6144 c:\windows\system32\dllcache\kbd101c.dll
- 2010-04-04 23:34 . 2001-08-17 18:55 6144 c:\windows\system32\dllcache\kbd101c.dll
- 2010-04-04 23:34 . 2001-08-17 18:55 6144 c:\windows\system32\dllcache\kbd101b.dll
+ 2010-04-04 23:34 . 2001-08-17 19:55 6144 c:\windows\system32\dllcache\kbd101b.dll
+ 2009-10-20 06:32 . 2011-04-17 18:48 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-10-20 06:32 . 2010-09-15 04:46 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-04-17 18:42 . 2011-04-17 18:42 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-04-17 18:43 . 2011-04-17 18:43 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-10-05 20:11 . 2010-10-05 20:11 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-10-05 20:10 . 2010-10-05 20:10 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-10-14 13:10 . 2010-07-22 05:57 5120 c:\windows\$NtUninstallKB2360937$\xpsp4res.dll
+ 2010-10-16 18:45 . 2010-08-13 12:53 5120 c:\windows\$NtUninstallKB2345886$\xpsp4res.dll
+ 2010-07-12 12:53 . 2010-07-12 12:53 5120 c:\windows\$hf_mig$\KB979687\SP3QFE\xpsp4res.dll
+ 2010-10-13 23:54 . 2010-08-13 12:53 5120 c:\windows\$hf_mig$\KB2360937\SP3QFE\xpsp4res.dll
+ 2010-08-26 12:52 . 2010-08-26 12:52 5120 c:\windows\$hf_mig$\KB2345886\SP3QFE\xpsp4res.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-11-29 04:51 . 2010-11-03 19:08 237568 c:\windows\system32\yv12vfw.dll
+ 2010-11-29 04:51 . 2010-06-08 17:10 134144 c:\windows\system32\xvidvfw.dll
+ 2010-11-29 04:51 . 2010-06-08 17:10 790528 c:\windows\system32\xvidcore.dll
+ 2010-11-29 04:51 . 2010-03-15 10:31 165376 c:\windows\system32\unrar.dll
- 2008-04-13 23:00 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
+ 2008-04-13 23:00 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
- 2008-04-13 23:00 . 2008-04-13 23:00 135168 c:\windows\system32\shsvcs.dll
+ 2008-04-13 23:00 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll
+ 2008-04-13 23:00 . 2011-01-21 14:44 439296 c:\windows\system32\shimgvw.dll
+ 2008-04-13 23:00 . 2011-02-09 13:53 270848 c:\windows\system32\sbe.dll
- 2008-04-13 23:00 . 2008-04-13 23:00 270848 c:\windows\system32\sbe.dll
- 2008-04-13 23:00 . 2010-07-22 15:49 590848 c:\windows\system32\rpcrt4.dll
+ 2008-04-13 23:00 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll
+ 2010-12-31 17:00 . 2008-04-14 10:42 159232 c:\windows\system32\ptpusd.dll
+ 2008-04-13 23:00 . 2011-05-10 17:43 624152 c:\windows\system32\perfh009.dat
+ 2008-04-13 23:00 . 2011-05-10 17:43 162788 c:\windows\system32\perfc009.dat
+ 2008-04-13 23:00 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll
- 2008-04-13 23:00 . 2008-04-13 23:00 249856 c:\windows\system32\odbc32.dll
+ 2008-04-13 23:00 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll
- 2008-04-13 23:00 . 2010-06-24 12:22 206848 c:\windows\system32\occache.dll
+ 2008-04-13 23:00 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll
- 2008-04-13 23:00 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll
+ 2008-04-13 23:00 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll
+ 2009-08-03 06:23 . 2011-01-27 11:57 677888 c:\windows\system32\mstsc.exe
- 2009-08-03 06:23 . 2008-04-13 23:00 677888 c:\windows\system32\mstsc.exe
+ 2008-04-13 23:00 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll
- 2008-04-13 23:00 . 2010-06-24 12:22 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 08:32 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll
+ 2010-12-28 23:52 . 2010-10-14 03:28 141792 c:\windows\system32\mfevtps.exe
+ 2008-04-13 23:00 . 2011-02-08 13:33 974848 c:\windows\system32\mfc42u.dll
+ 2008-04-13 23:00 . 2011-02-08 13:33 978944 c:\windows\system32\mfc42.dll
+ 2008-04-13 23:00 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll
+ 2008-04-13 23:00 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll
+ 2011-05-02 21:30 . 2011-05-02 21:30 235168 c:\windows\system32\Macromed\Flash\FlashUtil10p_Plugin.exe
+ 2010-09-24 17:47 . 2010-10-19 23:59 232912 c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
- 2010-09-24 17:47 . 2010-09-24 17:47 232912 c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
+ 2010-09-24 17:47 . 2010-10-19 23:59 311760 c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.dll
- 2010-09-24 17:47 . 2010-09-24 17:47 311760 c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.dll
- 2008-04-13 23:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2008-04-13 23:00 . 2010-12-20 17:26 730112 c:\windows\system32\lsasrv.dll
- 2008-04-13 23:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2008-04-13 23:00 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll
- 2008-04-13 23:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
+ 2008-04-13 23:00 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
- 2008-04-13 23:00 . 2010-06-24 12:21 184320 c:\windows\system32\iepeers.dll
+ 2008-04-13 23:00 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll
+ 2008-04-13 23:00 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll
- 2008-04-13 23:00 . 2010-06-24 12:21 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-13 23:00 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe
+ 2009-08-03 02:13 . 2011-04-17 19:47 138056 c:\windows\system32\FNTCACHE.DAT
+ 2010-11-29 04:51 . 2010-11-24 08:00 108032 c:\windows\system32\ff_vfw.dll
- 2008-04-13 23:00 . 2008-04-13 23:00 186880 c:\windows\system32\encdec.dll
+ 2008-04-13 23:00 . 2011-02-09 13:53 186880 c:\windows\system32\encdec.dll
+ 2010-12-28 23:52 . 2010-10-14 03:28 386840 c:\windows\system32\drivers\mfehidk.sys
+ 2010-12-28 23:52 . 2010-10-14 03:28 313288 c:\windows\system32\drivers\mfefirek.sys
+ 2010-12-28 23:52 . 2010-10-14 03:28 152960 c:\windows\system32\drivers\mfeavfk.sys
+ 2008-04-13 23:00 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
- 2008-04-13 23:00 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys
+ 2010-10-07 16:23 . 2010-10-07 16:23 197920 c:\windows\system32\dnssdX.dll
+ 2008-04-13 23:00 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll
+ 2010-10-07 16:23 . 2010-10-07 16:23 107808 c:\windows\system32\dns-sd.exe
+ 2009-08-03 06:23 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
- 2008-04-13 23:00 . 2010-06-24 12:22 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-13 23:00 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-13 23:00 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
- 2008-04-13 23:00 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-04-13 23:00 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-04-13 23:00 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys
+ 2008-04-13 23:00 . 2009-07-27 23:17 135168 c:\windows\system32\dllcache\shsvcs.dll
- 2008-04-13 23:00 . 2008-04-13 23:00 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2008-04-13 23:00 . 2011-01-21 14:44 439296 c:\windows\system32\dllcache\shimgvw.dll
- 2008-04-13 23:00 . 2008-04-13 23:00 270848 c:\windows\system32\dllcache\sbe.dll
+ 2008-04-13 23:00 . 2011-02-09 13:53 270848 c:\windows\system32\dllcache\sbe.dll
- 2008-04-13 23:00 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2008-04-13 23:00 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll
- 2008-04-13 23:00 . 2008-04-13 23:00 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2008-04-13 23:00 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2008-04-13 23:00 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
- 2008-04-13 23:00 . 2010-06-24 12:22 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-13 23:00 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
+ 2008-04-13 23:00 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll
- 2008-04-13 23:00 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll
- 2008-04-13 23:00 . 2010-06-24 12:22 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-04-13 23:00 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-08-03 06:26 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
- 2009-08-03 06:26 . 2008-04-13 23:00 102400 c:\windows\system32\dllcache\msjro.dll
+ 2009-08-03 13:36 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-08-03 06:26 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
- 2009-08-03 06:26 . 2008-04-13 23:00 200704 c:\windows\system32\dllcache\msadox.dll
+ 2009-08-03 06:26 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
- 2009-08-03 06:26 . 2008-04-13 23:00 180224 c:\windows\system32\dllcache\msadomd.dll
- 2009-08-03 06:26 . 2008-04-13 23:00 536576 c:\windows\system32\dllcache\msado15.dll
+ 2009-08-03 06:26 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2009-08-03 06:26 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
- 2009-08-03 06:26 . 2008-04-13 23:00 143360 c:\windows\system32\dllcache\msadco.dll
+ 2009-08-03 11:35 . 2011-02-17 13:18 455936 c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-04-13 23:00 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2008-04-13 23:00 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
+ 2008-04-13 23:00 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
+ 2008-04-13 23:00 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
- 2008-04-13 23:00 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2008-04-13 23:00 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2009-08-03 06:23 . 2008-04-13 23:00 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2009-08-03 06:23 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2008-04-13 23:00 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
- 2008-04-13 23:00 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
- 2008-04-13 23:00 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-04-13 23:00 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
- 2009-08-03 06:26 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-08-03 06:26 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-08-03 13:36 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-08-03 13:36 . 2010-06-24 12:21 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2008-04-13 23:00 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll
- 2008-04-13 23:00 . 2010-06-24 12:21 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-09 01:26 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-09 01:26 . 2010-06-24 12:21 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2008-04-13 23:00 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-13 23:00 . 2010-06-24 12:21 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-13 23:00 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-13 23:00 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
- 2008-04-13 23:00 . 2008-04-13 23:00 186880 c:\windows\system32\dllcache\encdec.dll
+ 2008-04-13 23:00 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll
- 2008-04-13 23:00 . 2008-04-13 23:00 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2008-04-13 23:00 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2008-04-13 23:00 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
- 2008-04-13 23:00 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
+ 2008-04-13 23:00 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
+ 2010-12-28 23:52 . 2010-12-28 23:52 262144 c:\windows\system32\config\systemprofile\NTUSER.DAT
+ 2010-08-11 16:58 . 2011-04-17 22:31 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2010-08-11 16:58 . 2010-08-11 16:58 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2008-04-13 23:00 . 2008-04-13 23:00 617472 c:\windows\system32\comctl32.dll
+ 2008-04-13 23:00 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2010-05-11 10:40 . 2010-05-11 10:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2010-05-11 10:40 . 2010-05-11 10:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-04-16 00:52 . 2011-04-16 00:52 811520 c:\windows\Installer\d11e2a.msi
+ 2011-02-24 04:35 . 2011-02-24 04:35 689152 c:\windows\Installer\a6ef20.msi
+ 2011-05-06 22:26 . 2011-05-06 22:26 748032 c:\windows\Installer\3f5a44.msi
+ 2010-11-12 16:08 . 2010-11-12 16:08 889344 c:\windows\Installer\2054c5aa.msp
+ 2011-02-24 04:34 . 2011-02-24 04:34 371272 c:\windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe
+ 2009-08-22 18:12 . 2011-04-10 00:08 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
- 2009-08-22 18:12 . 2009-08-22 18:12 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
+ 2009-10-20 06:32 . 2011-04-17 18:48 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-10-20 06:32 . 2010-09-15 04:46 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-10-20 06:32 . 2010-09-15 04:46 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-10-20 06:32 . 2011-04-17 18:48 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-10-20 06:32 . 2011-04-17 18:48 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-10-20 06:32 . 2010-09-15 04:46 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-10-20 06:32 . 2011-04-17 18:48 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-10-20 06:32 . 2010-09-15 04:46 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-10-20 06:32 . 2010-09-15 04:46 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-10-20 06:32 . 2011-04-17 18:48 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-04-16 01:00 . 2011-04-16 01:00 380928 c:\windows\Installer\{2A697B53-0DE3-42DA-B41D-C3F804B1C538}\iTunesIco.exe
+ 2011-04-17 18:35 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2011-04-17 18:35 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2011-04-17 18:35 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2011-04-17 18:35 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2011-04-17 18:44 . 2010-12-20 23:59 916480 c:\windows\ie8updates\KB2497640-IE8\wininet.dll
+ 2011-04-17 18:44 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2497640-IE8\spuninst\updspapi.dll
+ 2011-04-17 18:44 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2497640-IE8\spuninst\spuninst.exe
+ 2011-04-17 18:44 . 2010-12-20 23:59 206848 c:\windows\ie8updates\KB2497640-IE8\occache.dll
+ 2011-04-17 18:44 . 2010-12-20 23:59 611840 c:\windows\ie8updates\KB2497640-IE8\mstime.dll
+ 2011-04-17 18:44 . 2010-12-20 23:59 602112 c:\windows\ie8updates\KB2497640-IE8\msfeeds.dll
+ 2011-04-17 18:44 . 2010-12-20 23:59 247808 c:\windows\ie8updates\KB2497640-IE8\ieproxy.dll
+ 2011-04-17 18:44 . 2010-12-20 23:59 184320 c:\windows\ie8updates\KB2497640-IE8\iepeers.dll
+ 2011-04-17 18:44 . 2010-12-20 23:59 743424 c:\windows\ie8updates\KB2497640-IE8\iedvtool.dll
+ 2011-04-17 18:44 . 2010-12-20 23:59 387584 c:\windows\ie8updates\KB2497640-IE8\iedkcs32.dll
+ 2011-04-17 18:44 . 2010-12-20 12:55 173568 c:\windows\ie8updates\KB2497640-IE8\ie4uinit.exe
+ 2011-02-13 16:49 . 2010-11-06 00:26 916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-02-13 16:49 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-02-13 16:49 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-02-13 16:49 . 2010-11-06 00:26 206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-02-13 16:49 . 2010-11-06 00:26 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-02-13 16:49 . 2010-11-06 00:26 602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-02-13 16:49 . 2010-11-06 00:26 247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-02-13 16:49 . 2010-11-06 00:26 184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-02-13 16:49 . 2010-11-06 00:26 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-02-13 16:49 . 2010-11-06 00:26 387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-02-13 16:49 . 2010-11-03 12:26 173568 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2010-12-22 06:50 . 2010-09-10 05:58 916480 c:\windows\ie8updates\KB2416400-IE8\wininet.dll
+ 2010-12-22 06:50 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2416400-IE8\spuninst\updspapi.dll
+ 2010-12-22 06:50 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2416400-IE8\spuninst\spuninst.exe
+ 2010-12-22 06:50 . 2010-09-10 05:58 206848 c:\windows\ie8updates\KB2416400-IE8\occache.dll
+ 2010-12-22 06:50 . 2010-09-10 05:58 611840 c:\windows\ie8updates\KB2416400-IE8\mstime.dll
+ 2010-12-22 06:50 . 2010-09-10 05:58 602112 c:\windows\ie8updates\KB2416400-IE8\msfeeds.dll
+ 2010-12-22 06:50 . 2010-09-10 05:58 247808 c:\windows\ie8updates\KB2416400-IE8\ieproxy.dll
+ 2010-12-22 06:50 . 2010-09-10 05:58 184320 c:\windows\ie8updates\KB2416400-IE8\iepeers.dll
+ 2010-12-22 06:50 . 2010-09-10 05:58 743424 c:\windows\ie8updates\KB2416400-IE8\iedvtool.dll
+ 2010-12-22 06:50 . 2010-09-10 05:58 387584 c:\windows\ie8updates\KB2416400-IE8\iedkcs32.dll
+ 2010-12-22 06:50 . 2010-08-26 12:22 173056 c:\windows\ie8updates\KB2416400-IE8\ie4uinit.exe
+ 2010-10-14 13:15 . 2010-06-24 12:22 916480 c:\windows\ie8updates\KB2360131-IE8\wininet.dll
+ 2010-10-14 13:15 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2360131-IE8\spuninst\updspapi.dll
+ 2010-10-14 13:15 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2360131-IE8\spuninst\spuninst.exe
+ 2010-10-14 13:15 . 2010-06-24 12:22 206848 c:\windows\ie8updates\KB2360131-IE8\occache.dll
+ 2010-10-14 13:15 . 2010-06-24 12:22 611840 c:\windows\ie8updates\KB2360131-IE8\mstime.dll
+ 2010-10-14 13:15 . 2010-06-24 12:21 599040 c:\windows\ie8updates\KB2360131-IE8\msfeeds.dll
+ 2010-10-14 13:15 . 2010-06-24 12:21 247808 c:\windows\ie8updates\KB2360131-IE8\ieproxy.dll
+ 2010-10-14 13:15 . 2010-06-24 12:21 184320 c:\windows\ie8updates\KB2360131-IE8\iepeers.dll
+ 2010-10-14 13:15 . 2010-06-24 12:21 743424 c:\windows\ie8updates\KB2360131-IE8\iedvtool.dll
+ 2010-10-14 13:15 . 2010-06-24 12:21 387584 c:\windows\ie8updates\KB2360131-IE8\iedkcs32.dll
+ 2010-10-14 13:15 . 2010-06-23 12:08 173056 c:\windows\ie8updates\KB2360131-IE8\ie4uinit.exe
+ 2009-08-03 11:35 . 2011-02-17 13:18 455936 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-04-17 22:19 . 2011-04-17 22:19 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\95de80b860252231b46014f58226e473\WsatConfig.ni.exe
+ 2011-04-17 18:47 . 2011-04-17 18:47 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\715710f5a31a494ed5c0ec0874dafe3e\WindowsFormsIntegration.ni.dll
+ 2011-04-17 18:47 . 2011-04-17 18:47 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\017be0e6c5f1810f15a696157cd5e2c2\UIAutomationTypes.ni.dll
+ 2011-04-17 18:47 . 2011-04-17 18:47 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\bec5b0a93df12eb26c02c877a4eae678\UIAutomationClient.ni.dll
+ 2011-04-17 22:23 . 2011-04-17 22:23 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\3d8f787002439f4942c33f376cfd8555\System.Xml.Linq.ni.dll
+ 2011-04-17 22:22 . 2011-04-17 22:22 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\4b746fea8062a10ccc6e5331914e7dad\System.Web.Routing.ni.dll
+ 2011-04-17 22:22 . 2011-04-17 22:22 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\103956fdb019bce8a173fe9cb9da3e02\System.Web.RegularExpressions.ni.dll
+ 2011-04-17 22:22 . 2011-04-17 22:22 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c0a156fbf46ad272ac262e45eaa998f4\System.Web.Extensions.Design.ni.dll
+ 2011-04-17 22:22 . 2011-04-17 22:22 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\e3651e13567ce4e3fa7bb2fbab737d9a\System.Web.Entity.ni.dll
+ 2011-04-17 22:22 . 2011-04-17 22:22 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\834d7769f39e4d937eda1ad3707d4716\System.Web.Entity.Design.ni.dll
+ 2011-04-17 22:22 . 2011-04-17 22:22 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\032c96c6206b53bca122d1fbaf5f8ca2\System.Web.DynamicData.ni.dll
+ 2011-04-17 22:22 . 2011-04-17 22:22 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6ce0e4fb33afcfcce43c427e82b987db\System.Web.Abstractions.ni.dll
+ 2011-04-17 22:22 . 2011-04-17 22:22 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\990d96810a21e0fa95f916ffc66f3a94\System.Transactions.ni.dll
+ 2011-04-17 22:22 . 2011-04-17 22:22 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll
+ 2011-04-17 22:19 . 2011-04-17 22:19 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\9e91cca51a5ed6fb13b67558109d2726\System.Security.ni.dll
+ 2011-04-17 22:21 . 2011-04-17 22:21 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fa6a58394a1f162eecce4cd8af0875c3\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-04-17 22:21 . 2011-04-17 22:21 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\6194eb4bc1e0133d0183d086b747f512\System.Net.ni.dll
+ 2011-04-17 22:21 . 2011-04-17 22:21 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
+ 2011-04-17 22:21 . 2011-04-17 22:21 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\d6ae8171ae6fd4fe83add34e6d70e5b5\System.Management.Instrumentation.ni.dll
+ 2011-04-17 19:58 . 2011-04-17 19:58 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\abd5a61d39e474f12b30ccbbe6277667\System.IO.Log.ni.dll
+ 2011-04-17 19:58 . 2011-04-17 19:58 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\12c4dba6d4ff0278d208c283d9ed7670\System.IdentityModel.Selectors.ni.dll
+ 2011-04-17 22:21 . 2011-04-17 22:21 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.Wrapper.dll
+ 2011-04-17 22:21 . 2011-04-17 22:21 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.ni.dll
+ 2011-04-17 18:47 . 2011-04-17 18:47 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e6b7128278d8c0e8382a5685f5b196c6\System.Drawing.Design.ni.dll
+ 2011-04-17 22:21 . 2011-04-17 22:21 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ef56bf47fc2fc4204e0fcc1f32bab01\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-04-17 22:21 . 2011-04-17 22:21 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\447d7b4a7d0add13f8d2086088bcc41c\System.DirectoryServices.Protocols.ni.dll
+ 2011-04-17 22:21 . 2011-04-17 22:21 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ce2afe8854ee9cdc834b6f392348c882\System.Data.Services.Design.ni.dll
+ 2011-04-17 22:21 . 2011-04-17 22:21 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\03d4658290e300e437e745ef4a613b59\System.Data.Services.Client.ni.dll
+ 2011-04-17 22:21 . 2011-04-17 22:21 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\7ce21a2855bb7731de4dab797e69f3f6\System.Data.Entity.Design.ni.dll
+ 2011-04-17 22:20 . 2011-04-17 22:20 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\ea57694aea47c05853516c9bb2ad54b4\System.Data.DataSetExtensions.ni.dll
+ 2011-04-17 22:19 . 2011-04-17 22:19 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
+ 2011-04-17 22:21 . 2011-04-17 22:21 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f312bb844670ebc7458fec9e6b2568b3\System.Configuration.Install.ni.dll
+ 2011-04-17 22:19 . 2011-04-17 22:19 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\afd9595f07a8c68b26e81cf995957f56\System.AddIn.ni.dll
+ 2011-04-17 22:19 . 2011-04-17 22:19 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\3a42b2fbafe93d7b9395e328bea35afa\SMSvcHost.ni.exe
+ 2011-04-17 22:19 . 2011-04-17 22:19 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\97ff96d3fc8d0b10ea294f320acf821e\SMDiagnostics.ni.dll
+ 2011-04-17 22:19 . 2011-04-17 22:19 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\28ed0e9efd938b05b4f53e0d90046701\ServiceModelReg.ni.exe
+ 2011-04-17 18:46 . 2011-04-17 18:46 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ffe13679e6b3e36e5cb6c47f8c4faf9c\PresentationFramework.Aero.ni.dll
+ 2011-04-17 18:46 . 2011-04-17 18:46 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbb40299379f2009c140ddadb04231b4\PresentationFramework.Classic.ni.dll
+ 2011-04-17 18:46 . 2011-04-17 18:46 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a34cd33cec1bdfebe4a3910bceb8723b\PresentationFramework.Royale.ni.dll
+ 2011-04-17 18:46 . 2011-04-17 18:46 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\689bb394bcb437ed085c22a43aba30c6\PresentationFramework.Luna.ni.dll
+ 2011-04-17 22:19 . 2011-04-17 22:19 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5670e74887ef1025c6a8c056ffe86b38\MSBuild.ni.exe
+ 2011-04-17 22:19 . 2011-04-17 22:19 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\653732002ebf5c68f69150a60e145e6a\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-04-17 22:19 . 2011-04-17 22:19 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\cc62770393640302bd4d7e442b1e49a4\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-04-17 22:19 . 2011-04-17 22:19 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\352bff1ee71ce114e225f849038dc48d\Microsoft.Build.Utilities.ni.dll
+ 2011-04-17 22:19 . 2011-04-17 22:19 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\7345f4d2d7157bf49de4158e8f2b6847\Microsoft.Build.Engine.ni.dll
+ 2011-04-17 22:19 . 2011-04-17 22:19 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\d7dba901ddd410ca1a0156d0f2a27533\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-04-17 22:19 . 2011-04-17 22:19 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\010552e529d130ce914765b0801e2367\CustomMarshalers.ni.dll
+ 2011-04-17 22:19 . 2011-04-17 22:19 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\6861f639b13967e9b014b44bbb7c5d4c\ComSvcConfig.ni.exe
+ 2011-04-17 19:58 . 2011-04-17 19:58 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\800da7dec567fadf3392091e9f01ecb9\AspNetMMCExt.ni.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-10-05 20:11 . 2010-10-05 20:11 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-10-05 20:11 . 2010-10-05 20:11 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-04-17 18:43 . 2011-04-17 18:43 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-10-05 20:11 . 2010-10-05 20:11 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-10-05 20:11 . 2010-10-05 20:11 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-04-17 18:43 . 2011-04-17 18:43 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-04-17 18:43 . 2011-04-17 18:43 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-10-05 20:11 . 2010-10-05 20:11 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-10-05 20:11 . 2010-10-05 20:11 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-04-17 18:43 . 2011-04-17 18:43 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-10-05 20:11 . 2010-10-05 20:11 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-05 20:11 . 2010-10-05 20:11 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-04-17 18:43 . 2011-04-17 18:43 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-10-16 18:45 . 2009-10-15 16:28 119808 c:\windows\$NtUninstallKB982132$\t2embed.dll
+ 2010-10-16 18:45 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB982132$\spuninst\updspapi.dll
+ 2010-10-16 18:45 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB982132$\spuninst\spuninst.exe
+ 2010-10-14 13:12 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB981957$\spuninst\updspapi.dll
+ 2010-10-14 13:12 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB981957$\spuninst\spuninst.exe
+ 2010-10-14 13:16 . 2008-04-21 12:08 215552 c:\windows\$NtUninstallKB979687$\wordpad.exe
+ 2010-10-14 13:16 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979687$\spuninst\updspapi.dll
+ 2010-10-14 13:16 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB979687$\spuninst\spuninst.exe
+ 2011-02-25 17:22 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971029$\spuninst\updspapi.dll
+ 2011-02-25 17:22 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971029$\spuninst\spuninst.exe
+ 2011-02-25 17:22 . 2008-04-13 23:00 135168 c:\windows\$NtUninstallKB971029$\shsvcs.dll
+ 2011-03-28 03:57 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2524375$\spuninst\updspapi.dll
+ 2011-03-28 03:57 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2524375$\spuninst\spuninst.exe
+ 2011-02-13 16:52 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2485376$\spuninst\updspapi.dll
+ 2011-02-13 16:52 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2485376$\spuninst\spuninst.exe
+ 2011-02-13 16:52 . 2010-10-28 13:13 290048 c:\windows\$NtUninstallKB2485376$\atmfd.dll
+ 2011-02-13 16:52 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2483185$\spuninst\updspapi.dll
+ 2011-02-13 16:52 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2483185$\spuninst\spuninst.exe
+ 2011-02-13 16:52 . 2008-04-13 23:00 438272 c:\windows\$NtUninstallKB2483185$\shimgvw.dll
+ 2011-03-11 18:37 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2481109$\spuninst\updspapi.dll
+ 2011-03-11 18:37 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2481109$\spuninst\spuninst.exe
+ 2011-03-11 18:37 . 2008-04-13 23:00 677888 c:\windows\$NtUninstallKB2481109$\mstsc.exe
+ 2011-03-11 18:37 . 2008-04-13 23:00 677888 c:\windows\$NtUninstallKB2481109$\lhmstsc.exe
+ 2011-03-11 18:40 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2479943$\spuninst\updspapi.dll
+ 2011-03-11 18:40 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2479943$\spuninst\spuninst.exe
+ 2011-03-11 18:40 . 2008-04-13 23:00 270848 c:\windows\$NtUninstallKB2479943$\sbe.dll
+ 2011-03-11 18:40 . 2008-04-13 23:00 186880 c:\windows\$NtUninstallKB2479943$\encdec.dll
+ 2011-02-13 16:52 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2479628$\spuninst\updspapi.dll
+ 2011-02-13 16:52 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2479628$\spuninst\spuninst.exe
+ 2011-02-13 16:53 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2478971$\spuninst\updspapi.dll
+ 2011-02-13 16:53 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2478971$\spuninst\spuninst.exe
+ 2011-02-13 16:53 . 2009-06-25 08:25 301568 c:\windows\$NtUninstallKB2478971$\kerberos.dll
+ 2011-02-13 16:48 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2478960$\spuninst\updspapi.dll
+ 2011-02-13 16:48 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2478960$\spuninst\spuninst.exe
+ 2011-02-13 16:48 . 2009-06-25 08:25 730112 c:\windows\$NtUninstallKB2478960$\lsasrv.dll
+ 2011-02-13 16:48 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2476687$\spuninst\updspapi.dll
+ 2011-02-13 16:48 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2476687$\spuninst\spuninst.exe
+ 2010-12-22 06:48 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2467659$\spuninst\updspapi.dll
+ 2010-12-22 06:48 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2467659$\spuninst\spuninst.exe
+ 2010-12-22 06:48 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2443685$\spuninst\updspapi.dll
+ 2010-12-22 06:48 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2443685$\spuninst\spuninst.exe
+ 2010-12-22 06:50 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2443105$\spuninst\updspapi.dll
+ 2010-12-22 06:50 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2443105$\spuninst\spuninst.exe
+ 2010-12-22 06:50 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2440591$\spuninst\updspapi.dll
+ 2010-12-22 06:50 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2440591$\spuninst\spuninst.exe
+ 2010-12-22 06:48 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2436673$\spuninst\updspapi.dll
+ 2010-12-22 06:48 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2436673$\spuninst\spuninst.exe
+ 2010-12-22 06:45 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2423089$\spuninst\updspapi.dll
+ 2010-12-22 06:45 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2423089$\spuninst\spuninst.exe
+ 2011-01-12 06:31 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2419632$\spuninst\updspapi.dll
+ 2011-01-12 06:31 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2419632$\spuninst\spuninst.exe
+ 2011-01-12 06:31 . 2008-04-13 23:00 249856 c:\windows\$NtUninstallKB2419632$\odbc32.dll
+ 2011-01-12 06:31 . 2008-04-13 23:00 102400 c:\windows\$NtUninstallKB2419632$\msjro.dll
+ 2011-01-12 06:31 . 2008-04-13 23:00 200704 c:\windows\$NtUninstallKB2419632$\msadox.dll
+ 2011-01-12 06:31 . 2008-04-13 23:00 180224 c:\windows\$NtUninstallKB2419632$\msadomd.dll
+ 2011-01-12 06:31 . 2008-04-13 23:00 536576 c:\windows\$NtUninstallKB2419632$\msado15.dll
+ 2011-01-12 06:31 . 2008-04-13 23:00 143360 c:\windows\$NtUninstallKB2419632$\msadco.dll
+ 2011-02-13 16:48 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2393802$\spuninst\updspapi.dll
+ 2011-02-13 16:48 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2393802$\spuninst\spuninst.exe
+ 2011-02-13 16:48 . 2009-02-09 12:10 714752 c:\windows\$NtUninstallKB2393802$\ntdll.dll
+ 2010-10-16 18:46 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2387149$\spuninst\updspapi.dll
+ 2010-10-16 18:46 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2387149$\spuninst\spuninst.exe
+ 2010-10-16 18:46 . 2008-04-13 23:00 981760 c:\windows\$NtUninstallKB2387149$\mfc42u.dll
+ 2010-10-16 18:46 . 2008-04-13 23:00 927504 c:\windows\$NtUninstallKB2387149$\mfc40u.dll
+ 2010-10-16 18:46 . 2008-04-13 23:00 924432 c:\windows\$NtUninstallKB2387149$\mfc40.dll
+ 2010-10-16 18:45 . 2007-07-28 03:11 382840 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\updspapi.dll
+ 2010-10-16 18:45 . 2007-07-28 03:11 231288 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe
+ 2010-10-14 13:10 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2360937$\spuninst\updspapi.dll
+ 2010-10-14 13:10 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2360937$\spuninst\spuninst.exe
+ 2010-10-14 13:10 . 2010-07-22 15:49 590848 c:\windows\$NtUninstallKB2360937$\rpcrt4.dll
+ 2010-10-16 18:45 . 2010-06-21 15:27 354304 c:\windows\$NtUninstallKB2345886$\srv.sys
+ 2010-10-16 18:45 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2345886$\spuninst\updspapi.dll
+ 2010-10-16 18:45 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2345886$\spuninst\spuninst.exe
+ 2010-12-22 06:51 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2296199$\spuninst\updspapi.dll
+ 2010-12-22 06:51 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2296199$\spuninst\spuninst.exe
+ 2010-12-22 06:51 . 2010-09-01 11:51 285824 c:\windows\$NtUninstallKB2296199$\atmfd.dll
+ 2010-10-16 18:45 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB2296011$\spuninst\updspapi.dll
+ 2010-10-16 18:45 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB2296011$\spuninst\spuninst.exe
+ 2010-10-16 18:45 . 2008-04-13 23:00 617472 c:\windows\$NtUninstallKB2296011$\comctl32.dll
+ 2010-10-16 18:45 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2279986$\spuninst\updspapi.dll
+ 2010-10-16 18:45 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2279986$\spuninst\spuninst.exe
+ 2010-10-16 18:45 . 2010-04-20 05:30 285696 c:\windows\$NtUninstallKB2279986$\atmfd.dll
+ 2010-10-16 18:45 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB982132\update\updspapi.dll
+ 2010-10-16 18:45 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB982132\update\update.exe
+ 2010-10-16 18:45 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB982132\spuninst.exe
+ 2010-08-27 08:01 . 2010-08-27 08:01 119808 c:\windows\$hf_mig$\KB982132\SP3QFE\t2embed.dll
+ 2010-10-14 13:12 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB981957\update\updspapi.dll
+ 2010-10-14 13:12 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB981957\update\update.exe
+ 2010-10-14 13:12 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB981957\spuninst.exe
+ 2010-10-14 13:16 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979687\update\updspapi.dll
+ 2010-10-14 13:16 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979687\update\update.exe
+ 2010-10-14 13:16 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB979687\spuninst.exe
+ 2010-07-12 13:02 . 2010-07-12 13:02 218112 c:\windows\$hf_mig$\KB979687\SP3QFE\wordpad.exe
+ 2011-02-25 17:22 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971029\update\updspapi.dll
+ 2011-02-25 17:22 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971029\update\update.exe
+ 2011-02-25 17:22 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971029\spuninst.exe
+ 2009-07-27 22:13 . 2009-07-27 22:13 135168 c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
+ 2011-03-28 03:57 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2524375\update\updspapi.dll
+ 2011-03-28 03:57 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2524375\update\update.exe
+ 2011-03-28 03:57 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2524375\spuninst.exe
+ 2011-02-13 16:52 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2485376\update\updspapi.dll
+ 2011-02-13 16:52 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2485376\update\update.exe
+ 2011-02-13 16:52 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2485376\spuninst.exe
+ 2011-01-07 14:09 . 2011-01-07 14:09 290048 c:\windows\$hf_mig$\KB2485376\SP3QFE\atmfd.dll
+ 2011-02-13 16:52 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2483185\update\updspapi.dll
+ 2011-02-13 16:52 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2483185\update\update.exe
+ 2011-02-13 16:52 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2483185\spuninst.exe
+ 2011-01-21 14:42 . 2011-01-21 14:42 439808 c:\windows\$hf_mig$\KB2483185\SP3QFE\shimgvw.dll
+ 2011-02-13 16:49 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2482017-IE8\update\updspapi.dll
+ 2011-02-13 16:49 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2482017-IE8\update\update.exe
+ 2011-02-13 16:49 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2482017-IE8\spuninst.exe
+ 2011-02-09 04:15 . 2010-12-20 23:58 919552 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
+ 2011-02-09 04:15 . 2010-12-20 23:58 206848 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\occache.dll
+ 2011-02-09 04:15 . 2010-12-20 23:58 611840 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mstime.dll
+ 2011-02-09 04:15 . 2010-12-20 23:58 602112 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeeds.dll
+ 2011-02-09 04:15 . 2010-12-20 23:58 247808 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieproxy.dll
+ 2011-02-09 04:15 . 2010-12-20 23:58 184320 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iepeers.dll
+ 2011-02-09 04:15 . 2010-12-20 23:58 743424 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedvtool.dll
+ 2011-02-09 04:15 . 2010-12-20 23:58 387584 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedkcs32.dll
+ 2011-02-09 04:15 . 2010-12-20 12:48 173568 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ie4uinit.exe
+ 2011-03-11 18:37 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2481109\update\updspapi.dll
+ 2011-03-11 18:37 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2481109\update\update.exe
+ 2011-03-11 18:37 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2481109\spuninst.exe
+ 2011-01-27 11:41 . 2011-01-27 11:41 677888 c:\windows\$hf_mig$\KB2481109\SP3QFE\lhmstsc.exe
+ 2011-02-02 07:57 . 2011-02-02 07:57 136192 c:\windows\$hf_mig$\KB2481109\SP3QFE\aaclient.dll
+ 2011-03-11 18:40 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2479943\update\updspapi.dll
+ 2011-03-11 18:40 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2479943\update\update.exe
+ 2011-03-11 18:40 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2479943\spuninst.exe
+ 2011-02-09 13:52 . 2011-02-09 13:52 270848 c:\windows\$hf_mig$\KB2479943\SP3QFE\sbe.dll
+ 2011-02-09 13:52 . 2011-02-09 13:52 186880 c:\windows\$hf_mig$\KB2479943\SP3QFE\encdec.dll
+ 2011-02-13 16:52 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2479628\update\updspapi.dll
+ 2011-02-13 16:52 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2479628\update\update.exe
+ 2011-02-13 16:52 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2479628\spuninst.exe
+ 2011-02-13 16:53 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2478971\update\updspapi.dll
+ 2011-02-13 16:53 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2478971\update\update.exe
+ 2011-02-13 16:53 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2478971\spuninst.exe
+ 2010-12-22 12:32 . 2010-12-22 12:32 301568 c:\windows\$hf_mig$\KB2478971\SP3QFE\kerberos.dll
+ 2011-02-13 16:48 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2478960\update\updspapi.dll
+ 2011-02-13 16:48 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2478960\update\update.exe
+ 2011-02-13 16:48 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2478960\spuninst.exe
+ 2010-12-20 17:24 . 2010-12-20 17:24 730112 c:\windows\$hf_mig$\KB2478960\SP3QFE\lsasrv.dll
+ 2011-02-13 16:48 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2476687\update\updspapi.dll
+ 2011-02-13 16:48 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2476687\update\update.exe
+ 2011-02-13 16:48 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2476687\spuninst.exe
+ 2010-12-22 06:48 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2467659\update\updspapi.dll
+ 2010-12-22 06:48 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2467659\update\update.exe
+ 2010-12-22 06:48 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2467659\spuninst.exe
+ 2010-12-22 06:50 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2443105\update\updspapi.dll
+ 2010-12-22 06:50 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2443105\update\update.exe
+ 2010-12-22 06:50 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2443105\spuninst.exe
+ 2010-12-22 06:50 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2440591\update\updspapi.dll
+ 2010-12-22 06:50 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2440591\update\update.exe
+ 2010-12-22 06:50 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2440591\spuninst.exe
+ 2010-12-22 06:48 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2436673\update\updspapi.dll
+ 2010-12-22 06:48 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2436673\update\update.exe
+ 2010-12-22 06:48 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2436673\spuninst.exe
+ 2010-12-22 06:45 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2423089\update\updspapi.dll
+ 2010-12-22 06:45 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2423089\update\update.exe
+ 2010-12-22 06:45 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2423089\spuninst.exe
+ 2011-01-12 06:31 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2419632\update\updspapi.dll
+ 2011-01-12 06:31 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2419632\update\update.exe
+ 2011-01-12 06:31 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2419632\spuninst.exe
+ 2010-11-09 14:50 . 2010-11-09 14:50 253952 c:\windows\$hf_mig$\KB2419632\SP3QFE\odbc32.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 102400 c:\windows\$hf_mig$\KB2419632\SP3QFE\msjro.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 200704 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadox.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 180224 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadomd.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 565248 c:\windows\$hf_mig$\KB2419632\SP3QFE\msado15.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 143360 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadco.dll
+ 2010-12-22 06:50 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2416400-IE8\update\updspapi.dll
+ 2010-12-22 06:50 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2416400-IE8\update\update.exe
+ 2010-12-22 06:50 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2416400-IE8\spuninst.exe
+ 2010-12-15 02:18 . 2010-11-06 00:27 919552 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
+ 2010-12-15 02:18 . 2010-11-06 00:27 206848 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\occache.dll
+ 2010-12-15 02:18 . 2010-11-06 00:27 611840 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mstime.dll
+ 2010-12-15 02:18 . 2010-11-06 00:27 602112 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\msfeeds.dll
+ 2010-12-15 02:18 . 2010-11-06 00:27 247808 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ieproxy.dll
+ 2010-12-15 02:18 . 2010-11-06 00:27 184320 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iepeers.dll
+ 2010-12-15 02:18 . 2010-11-06 00:27 743424 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iedvtool.dll
+ 2010-12-15 02:18 . 2010-11-06 00:27 387584 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iedkcs32.dll
+ 2010-12-15 02:18 . 2010-11-03 12:01 173568 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ie4uinit.exe
+ 2011-02-13 16:48 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2393802\update\updspapi.dll
+ 2011-02-13 16:48 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2393802\update\update.exe
+ 2011-02-13 16:48 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2393802\spuninst.exe
+ 2011-02-09 04:13 . 2010-12-09 15:15 718336 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
+ 2010-10-16 18:46 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2387149\update\updspapi.dll
+ 2010-10-16 18:46 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2387149\update\update.exe
+ 2010-10-16 18:46 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2387149\spuninst.exe
+ 2010-10-14 00:24 . 2010-09-18 07:18 974848 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc42u.dll
+ 2010-10-14 00:24 . 2010-09-18 07:18 974848 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc42.dll
+ 2010-10-14 00:24 . 2010-09-18 07:18 953856 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
+ 2010-10-14 00:24 . 2010-09-18 07:18 954368 c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40.dll
+ 2010-10-14 13:10 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2360937\update\updspapi.dll
+ 2010-10-14 13:10 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2360937\update\update.exe
+ 2010-10-14 13:10 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2360937\spuninst.exe
+ 2010-10-13 23:54 . 2010-08-16 08:43 590848 c:\windows\$hf_mig$\KB2360937\SP3QFE\rpcrt4.dll
+ 2010-10-14 13:15 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2360131-IE8\update\updspapi.dll
+ 2010-10-14 13:15 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB2360131-IE8\update\update.exe
+ 2010-10-14 13:15 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB2360131-IE8\spuninst.exe
+ 2010-10-14 00:29 . 2010-09-10 05:57 919552 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
+ 2010-10-14 00:29 . 2010-09-10 05:57 206848 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\occache.dll
+ 2010-10-14 00:29 . 2010-09-10 05:57 611840 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mstime.dll
+ 2010-10-14 00:29 . 2010-09-10 05:57 602112 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\msfeeds.dll
+ 2010-10-14 00:29 . 2010-09-10 05:57 247808 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\ieproxy.dll
+ 2010-10-14 00:29 . 2010-09-10 05:57 184320 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\iepeers.dll
+ 2010-10-14 00:29 . 2010-09-10 05:57 743424 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\iedvtool.dll
+ 2010-10-14 00:29 . 2010-09-10 05:57 387584 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\iedkcs32.dll
+ 2010-10-14 00:29 . 2010-09-08 15:48 173056 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\ie4uinit.exe
+ 2010-10-16 18:45 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2345886\update\updspapi.dll
+ 2010-10-16 18:45 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2345886\update\update.exe
+ 2010-10-16 18:45 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2345886\spuninst.exe
+ 2010-08-26 13:37 . 2010-08-26 13:37 357248 c:\windows\$hf_mig$\KB2345886\SP3QFE\srv.sys
+ 2010-12-22 06:51 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2296199\update\updspapi.dll
+ 2010-12-22 06:51 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2296199\update\update.exe
+ 2010-12-22 06:51 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2296199\spuninst.exe
+ 2010-10-28 13:08 . 2010-10-28 13:08 290048 c:\windows\$hf_mig$\KB2296199\SP3QFE\atmfd.dll
+ 2010-10-16 18:45 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2279986\update\updspapi.dll
+ 2010-10-16 18:45 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2279986\update\update.exe
+ 2010-10-16 18:45 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2279986\spuninst.exe
+ 2010-09-01 11:48 . 2010-09-01 11:48 285824 c:\windows\$hf_mig$\KB2279986\SP3QFE\atmfd.dll
+ 2011-04-15 01:47 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
+ 2010-10-14 00:24 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2008-04-13 23:00 . 2010-08-26 21:16 4886528 c:\windows\system32\wmp.dll
+ 2009-11-02 19:34 . 2010-09-28 20:44 4184352 c:\windows\system32\usbaaplrc.dll
+ 2008-04-13 23:00 . 2011-02-22 23:06 1210880 c:\windows\system32\urlmon.dll
+ 2008-04-13 23:00 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
- 2008-04-13 23:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2008-04-13 23:00 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll
+ 2008-04-13 23:00 . 2010-12-09 13:42 2148864 c:\windows\system32\ntoskrnl.exe
+ 2008-04-14 00:01 . 2010-12-09 13:07 2027008 c:\windows\system32\ntkrnlpa.exe
+ 2009-08-03 06:23 . 2011-02-02 07:58 2067456 c:\windows\system32\mstscax.dll
+ 2008-04-13 23:00 . 2011-02-22 23:06 5962240 c:\windows\system32\mshtml.dll
+ 2011-05-02 21:30 . 2011-05-02 21:30 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-03-08 08:32 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll
+ 2011-04-16 00:54 . 2011-02-18 20:36 4184352 c:\windows\system32\DRVSTORE\usbaapl_05A32DBD3911A2EF4222EF5BE7BB535FAB37D6C4\usbaaplrc.dll
+ 2011-04-16 00:54 . 2010-04-20 00:29 1461992 c:\windows\system32\DRVSTORE\netaapl_8A27A03003759CB01567E831096473C330131D64\wdfcoinstaller01009.dll
+ 2008-04-13 23:00 . 2010-08-26 21:16 4886528 c:\windows\system32\dllcache\wmp.dll
+ 2008-04-13 23:00 . 2011-03-03 13:21 1857920 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-13 23:00 . 2011-02-22 23:06 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-13 23:00 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
- 2008-04-13 23:00 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2008-04-13 23:00 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll
+ 2009-08-03 11:36 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-08-03 11:36 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-07 23:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-08-03 11:36 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-04-13 23:00 . 2011-02-22 23:06 5962240 c:\windows\system32\dllcache\mshtml.dll
+ 2009-08-03 06:23 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2009-08-03 13:36 . 2011-02-22 23:06 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 5813072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2010-05-11 10:40 . 2010-05-11 10:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-04-16 01:00 . 2011-04-16 01:00 5448704 c:\windows\Installer\d1276c.msi
+ 2011-04-16 00:55 . 2011-04-16 00:55 1554944 c:\windows\Installer\d11ecb.msi
+ 2011-04-16 00:54 . 2011-04-16 00:54 3085312 c:\windows\Installer\d11e9a.msi
+ 2011-04-16 00:53 . 2011-04-16 00:53 1984000 c:\windows\Installer\d11e50.msi
+ 2009-08-24 04:10 . 2009-08-24 04:10 4733440 c:\windows\Installer\c8d4f.msp
+ 2011-02-24 04:34 . 2011-02-24 04:34 1583104 c:\windows\Installer\a6ef17.msi
+ 2011-01-17 21:06 . 2011-01-17 21:06 5518848 c:\windows\Installer\83f49ee.msp
+ 2010-09-17 11:04 . 2010-09-17 11:04 9401856 c:\windows\Installer\6b6a4d4.msp
+ 2010-10-01 22:42 . 2010-10-01 22:42 5054464 c:\windows\Installer\6b6a4ba.msp
+ 2010-10-22 18:25 . 2010-10-22 18:25 5521408 c:\windows\Installer\6b6a4a8.msp
+ 2010-08-13 21:59 . 2010-08-13 21:59 8182272 c:\windows\Installer\45cbf74.msp
+ 2010-08-13 22:02 . 2010-08-13 22:02 2545664 c:\windows\Installer\45cbf6c.msp
+ 2010-08-23 21:09 . 2010-08-23 21:09 7673344 c:\windows\Installer\45cbf64.msp
+ 2011-01-08 17:20 . 2011-01-08 17:20 9472000 c:\windows\Installer\39f3923.msi
+ 2011-02-22 15:32 . 2011-02-22 15:32 5520384 c:\windows\Installer\2dc8b6f.msp
+ 2010-08-23 21:09 . 2010-08-23 21:09 7673344 c:\windows\Installer\2dc2508.msp
+ 2010-10-04 20:32 . 2010-10-04 20:32 5517824 c:\windows\Installer\2dc2506.msp
+ 2010-08-24 13:49 . 2010-08-24 13:49 6825472 c:\windows\Installer\2dc24f4.msp
+ 2011-01-27 18:49 . 2011-01-27 18:49 6825472 c:\windows\Installer\2a34be6.msp
+ 2011-04-05 16:52 . 2011-04-05 16:52 5519872 c:\windows\Installer\2a34bc2.msp
+ 2010-11-21 03:34 . 2010-11-21 03:34 1198080 c:\windows\Installer\2a34ba5.msp
+ 2011-03-18 00:01 . 2011-03-18 00:01 9563648 c:\windows\Installer\2a34b9d.msp
+ 2011-03-03 15:25 . 2011-03-03 15:25 5051904 c:\windows\Installer\2a34b95.msp
+ 2011-01-11 21:50 . 2011-01-11 21:50 8177152 c:\windows\Installer\2a34b83.msp
+ 2010-10-22 20:45 . 2010-10-22 20:45 8444928 c:\windows\Installer\2054c5c7.msp
+ 2010-12-06 20:02 . 2010-12-06 20:02 5518848 c:\windows\Installer\2054c594.msp
+ 2009-08-17 20:32 . 2009-08-17 20:32 1787728 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\PPCNV.DLL
+ 2011-04-17 18:44 . 2010-12-20 23:59 1210880 c:\windows\ie8updates\KB2497640-IE8\urlmon.dll
+ 2011-04-17 18:44 . 2010-12-20 23:59 5961216 c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
+ 2011-04-17 18:44 . 2010-12-20 23:59 1991680 c:\windows\ie8updates\KB2497640-IE8\iertutil.dll
+ 2011-02-13 16:49 . 2010-11-06 00:26 1210880 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-02-13 16:49 . 2010-11-06 00:26 5959168 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-02-13 16:49 . 2010-11-06 00:26 1991680 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2010-12-22 06:50 . 2010-09-10 05:58 1210880 c:\windows\ie8updates\KB2416400-IE8\urlmon.dll
+ 2010-12-22 06:50 . 2010-09-10 05:58 5957120 c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
+ 2010-12-22 06:50 . 2010-09-10 05:58 1986560 c:\windows\ie8updates\KB2416400-IE8\iertutil.dll
+ 2010-10-14 13:15 . 2010-06-24 12:22 1210368 c:\windows\ie8updates\KB2360131-IE8\urlmon.dll
+ 2010-10-14 13:15 . 2010-06-24 12:22 5951488 c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
+ 2010-10-14 13:15 . 2010-06-24 12:21 1986560 c:\windows\ie8updates\KB2360131-IE8\iertutil.dll
+ 2009-08-03 11:36 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-08-03 11:36 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-07 23:02 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-08-03 11:36 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-04-17 18:44 . 2011-04-17 18:44 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e431fde1b252312b331f7108259fda\WindowsBase.ni.dll
+ 2011-04-17 18:47 . 2011-04-17 18:47 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\9e022c95e79f2b6f383a501ad99f08a9\UIAutomationClientsideProviders.ni.dll
+ 2011-04-17 18:44 . 2011-04-17 18:44 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
+ 2011-04-17 18:47 . 2011-04-17 18:47 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
+ 2011-04-17 22:23 . 2011-04-17 22:23 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\6346221cecf631e5c0b754d842aad102\System.WorkflowServices.ni.dll
+ 2011-04-17 22:23 . 2011-04-17 22:23 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\1fbcd203ff8d77d561df8bf806417ab6\System.Workflow.Runtime.ni.dll
+ 2011-04-17 22:23 . 2011-04-17 22:23 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\efbaf3696c44fd7d4b3cd925e0437b36\System.Workflow.ComponentModel.ni.dll
+ 2011-04-17 22:23 . 2011-04-17 22:23 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\52a9bc5dd1fa497af7c7f4600bd8e6d1\System.Workflow.Activities.ni.dll
+ 2011-04-17 22:22 . 2011-04-17 22:22 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f5ebeeb0a8aaba9db15ec3df591339ba\System.Web.Services.ni.dll
+ 2011-04-17 22:22 . 2011-04-17 22:22 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\92d6b75e3b63b528d4069bf4ee01983a\System.Web.Mobile.ni.dll
+ 2011-04-17 22:22 . 2011-04-17 22:22 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\02d53154634c8000382942e0f43ead41\System.Web.Extensions.ni.dll
+ 2011-04-17 18:47 . 2011-04-17 18:47 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\dd128c8e21e7fa14c12b71df9892d046\System.Speech.ni.dll
+ 2011-04-17 22:22 . 2011-04-17 22:22 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8b0bb430bb6af96c18b43e3c54cfafe8\System.ServiceModel.Web.ni.dll
+ 2011-04-17 19:59 . 2011-04-17 19:59 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\85090bd451617e204ffda625b8d9fc30\System.Runtime.Serialization.ni.dll
+ 2011-04-17 18:47 . 2011-04-17 18:47 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\85a7a7aace114e78fc6c9b219bcd5551\System.Printing.ni.dll
+ 2011-04-17 19:58 . 2011-04-17 19:58 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\86c59378e9a43bf101a10ad452a4bb8e\System.IdentityModel.ni.dll
+ 2011-04-17 18:46 . 2011-04-17 18:46 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
+ 2011-04-17 22:21 . 2011-04-17 22:21 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c05d9332116964104c721e97f7ce1058\System.DirectoryServices.ni.dll
+ 2011-04-17 22:21 . 2011-04-17 22:21 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\0118c0c73ea5c77bda7b10b188102ab6\System.Deployment.ni.dll
+ 2011-04-17 18:46 . 2011-04-17 18:46 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\1337829e3df6888464a17aab78bb9b8f\System.Data.ni.dll
+ 2011-04-17 22:19 . 2011-04-17 22:19 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ba3ca7a93e227c32ce7b50d0a7ba935f\System.Data.SqlXml.ni.dll
+ 2011-04-17 22:21 . 2011-04-17 22:21 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de52be5da96059651b5bec800cb4605\System.Data.Services.ni.dll
+ 2011-04-17 18:46 . 2011-04-17 18:46 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\11f1306e0e311a0d0cbd139fb2fa4c36\System.Data.Linq.ni.dll
+ 2011-04-17 22:21 . 2011-04-17 22:21 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\c91e83e85c030bc914ecc302fa9b2c60\System.Data.Entity.ni.dll
+ 2011-04-17 18:46 . 2011-04-17 18:46 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll
+ 2011-04-17 18:46 . 2011-04-17 18:46 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\12efddabe6fe35be21246c88ed9bf8ab\ReachFramework.ni.dll
+ 2011-04-17 18:46 . 2011-04-17 18:46 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\257c9327ba9cc5cd87f58de224aa2e0d\PresentationUI.ni.dll
+ 2011-04-17 18:44 . 2011-04-17 18:44 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b117bf63daa7e587f1bb2d975dccb4af\PresentationBuildTasks.ni.dll
+ 2011-04-17 22:19 . 2011-04-17 22:19 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\269103939243ec6929739c8b9a645c0d\Microsoft.VisualBasic.ni.dll
+ 2011-04-17 22:19 . 2011-04-17 22:19 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\bf7bd26d2828e35156814018939ce4f6\Microsoft.Transactions.Bridge.ni.dll
+ 2011-04-17 22:21 . 2011-04-17 22:21 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\6594c17d7e112b0507b701d5b8a67bba\Microsoft.JScript.ni.dll
+ 2011-04-17 22:19 . 2011-04-17 22:19 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f5eb1e42ccd0f67f7496b94a31949cd0\Microsoft.Build.Tasks.ni.dll
+ 2011-04-17 22:19 . 2011-04-17 22:19 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cc7f05675a5cd8014222be1483d6beaf\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-04-17 22:19 . 2011-04-17 22:19 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\41cf95aa4ff5765b515d3252abc6353b\Microsoft.Build.Engine.ni.dll
+ 2011-04-17 18:43 . 2011-04-17 18:43 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-10-05 20:11 . 2010-10-05 20:11 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-10-05 20:11 . 2010-10-05 20:11 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-04-17 18:43 . 2011-04-17 18:43 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-10-05 20:10 . 2010-10-05 20:10 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-10-05 20:11 . 2010-10-05 20:11 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-04-17 18:43 . 2011-04-17 18:43 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-05 20:11 . 2010-10-05 20:11 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-04-17 18:42 . 2011-04-17 18:42 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-10-14 13:12 . 2010-06-23 13:44 1851904 c:\windows\$NtUninstallKB981957$\win32k.sys
+ 2010-10-14 13:16 . 2008-04-13 23:00 1287168 c:\windows\$NtUninstallKB979687$\ole32.dll
+ 2011-02-13 16:52 . 2010-07-27 06:30 8462336 c:\windows\$NtUninstallKB2483185$\shell32.dll
+ 2011-03-11 18:37 . 2009-06-10 13:19 2066432 c:\windows\$NtUninstallKB2481109$\mstscax.dll
+ 2011-03-11 18:37 . 2008-04-13 23:00 2061824 c:\windows\$NtUninstallKB2481109$\lhmstscx.dll
+ 2011-02-13 16:52 . 2010-10-26 13:25 1853312 c:\windows\$NtUninstallKB2479628$\win32k.sys
+ 2010-12-22 06:48 . 2010-08-31 13:42 1852800 c:\windows\$NtUninstallKB2436673$\win32k.sys
+ 2011-02-13 16:48 . 2010-04-27 13:59 2146304 c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
+ 2011-02-13 16:48 . 2010-04-27 13:05 2024448 c:\windows\$NtUninstallKB2393802$\ntkrpamp.exe
+ 2011-02-13 16:48 . 2010-04-27 13:05 2024448 c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
+ 2011-02-13 16:48 . 2010-04-27 13:59 2146304 c:\windows\$NtUninstallKB2393802$\ntkrnlmp.exe
+ 2010-10-16 18:46 . 2008-04-13 23:00 1028096 c:\windows\$NtUninstallKB2387149$\mfc42.dll
+ 2010-10-16 18:45 . 2010-03-19 22:05 4874240 c:\windows\$NtUninstallKB2378111_WM9$\wmp.dll
+ 2010-08-31 13:38 . 2010-08-31 13:38 1861888 c:\windows\$hf_mig$\KB981957\SP3QFE\win32k.sys
+ 2010-07-16 12:04 . 2010-07-16 12:04 1289216 c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
+ 2009-07-27 22:13 . 2009-07-27 22:13 8462848 c:\windows\$hf_mig$\KB971029\SP3QFE\shell32.dll
+ 2011-01-21 14:42 . 2011-01-21 14:42 8463360 c:\windows\$hf_mig$\KB2483185\SP3QFE\shell32.dll
+ 2011-02-09 04:15 . 2010-12-20 23:58 1211904 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\urlmon.dll
+ 2011-02-09 04:15 . 2010-12-20 23:58 5962240 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
+ 2011-02-09 04:15 . 2010-12-20 23:58 1992192 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iertutil.dll
+ 2011-02-02 07:57 . 2011-02-02 07:57 2069504 c:\windows\$hf_mig$\KB2481109\SP3QFE\lhmstscx.dll
+ 2010-12-31 13:14 . 2010-12-31 13:14 1864064 c:\windows\$hf_mig$\KB2479628\SP3QFE\win32k.sys
+ 2010-10-26 13:27 . 2010-10-26 13:27 1862272 c:\windows\$hf_mig$\KB2436673\SP3QFE\win32k.sys
+ 2010-12-15 02:18 . 2010-11-06 00:27 1211904 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\urlmon.dll
+ 2010-12-15 02:18 . 2010-11-06 00:27 5960704 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
+ 2010-12-15 02:18 . 2010-11-06 00:27 1992192 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iertutil.dll
+ 2011-02-09 04:13 . 2010-12-09 13:43 2192768 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
+ 2011-02-09 04:13 . 2010-12-09 13:09 2027008 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrpamp.exe
+ 2010-12-09 23:39 . 2010-12-09 23:39 2069376 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
+ 2011-02-09 04:13 . 2010-12-09 13:47 2148864 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlmp.exe
+ 2010-10-14 00:29 . 2010-09-10 05:57 1211904 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\urlmon.dll
+ 2010-10-14 00:29 . 2010-09-10 05:57 5958656 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
+ 2010-10-14 00:29 . 2010-09-10 05:57 1987072 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\iertutil.dll
+ 2009-08-03 13:34 . 2011-04-18 19:46 42181064 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2011-02-22 23:06 11080704 c:\windows\system32\ieframe.dll
+ 2009-08-03 13:36 . 2011-02-22 23:06 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2010-10-14 21:57 . 2010-10-14 21:57 11189248 c:\windows\Installer\6b6a4cc.msp
+ 2011-02-17 15:24 . 2011-02-17 15:24 20308992 c:\windows\Installer\6ab172c.msp
+ 2011-02-24 13:38 . 2011-02-24 13:38 10984448 c:\windows\Installer\2a34bd4.msp
+ 2011-02-12 00:47 . 2011-02-12 00:47 12028928 c:\windows\Installer\2a34bb0.msp
+ 2011-04-21 16:44 . 2011-04-21 16:44 20314624 c:\windows\Installer\267d0c7.msp
+ 2010-12-22 06:48 . 2010-12-22 06:48 20304384 c:\windows\Installer\2054c5b5.msp
+ 2008-10-15 04:42 . 2008-10-15 04:42 13219184 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A3100000030\8.1.3\AcroRd32.dll
+ 2011-04-17 18:44 . 2010-12-21 10:29 11080704 c:\windows\ie8updates\KB2497640-IE8\ieframe.dll
+ 2011-02-13 16:49 . 2010-11-06 00:26 11080704 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
+ 2010-12-22 06:50 . 2010-09-10 05:58 11080192 c:\windows\ie8updates\KB2416400-IE8\ieframe.dll
+ 2010-10-14 13:15 . 2010-06-24 21:51 11077120 c:\windows\ie8updates\KB2360131-IE8\ieframe.dll
+ 2011-04-17 18:47 . 2011-04-17 18:47 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
+ 2011-04-17 22:22 . 2011-04-17 22:22 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d7b7ee04166212533ae21eaeb584fb0d\System.Web.ni.dll
+ 2011-04-17 22:18 . 2011-04-17 22:18 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b5f24d96334ea08b99350421450d3ba4\System.ServiceModel.ni.dll
+ 2011-04-17 18:46 . 2011-04-17 18:46 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\5aeadb9ff9a86f49130de5976a9f1744\System.Design.ni.dll
+ 2011-04-17 18:45 . 2011-04-17 18:45 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a5d89d569e2e12842daf4d87c57361a\PresentationFramework.ni.dll
+ 2011-04-17 18:45 . 2011-04-17 18:45 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\46c57d845e55232a89e98101075cd455\PresentationCore.ni.dll
+ 2011-04-17 18:44 . 2011-04-17 18:44 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
+ 2011-02-09 04:15 . 2010-12-20 23:58 11082752 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieframe.dll
+ 2010-11-06 10:57 . 2010-11-06 10:57 11082752 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ieframe.dll
+ 2010-09-10 15:27 . 2010-09-10 15:27 11082240 c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7561216]
"nwiz"="nwiz.exe" [2006-05-01 1519616]
"NVHotkey"="nvHotkey.dll" [2006-05-01 73728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-01-02 1126400]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1193848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\documents and settings\Administrator\Application Data\wruninstall.exe [2010-9-27 7097736]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\James\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/28/2010 7:52 PM 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/4/2009 11:15 PM 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/28/2010 7:52 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [12/28/2010 7:52 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [12/28/2010 7:53 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12/28/2010 7:52 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/28/2010 7:52 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/28/2010 7:52 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/28/2010 7:52 PM 88544]
S0 cerc6;cerc6; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/31/2011 12:48 AM 38224]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/28/2010 7:52 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/28/2010 7:52 PM 84264]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [6/28/2010 12:15 AM 30576]
S3 Normandy;Normandy SR2; [x]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-152049171-1177238915-1003Core.job
- c:\documents and settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-15 00:11]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-152049171-1177238915-1003UA.job
- c:\documents and settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-15 00:11]
.
2011-05-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://beachcam.kdhnc.com/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\James\Application Data\Mozilla\Firefox\Profiles\gj1e05yb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-10 15:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,c0,1b,dc,30,3d,d1,44,91,b5,45,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,c0,1b,dc,30,3d,d1,44,91,b5,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1432)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(908)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-10 15:47:25
ComboFix-quarantined-files.txt 2011-05-10 19:47
ComboFix2.txt 2010-10-12 19:06
.
Pre-Run: 19,244,965,888 bytes free
Post-Run: 23,577,427,968 bytes free
.
- - End Of File - - D01A62520BFC3C50E8A75661457DEA62

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:20 PM

Posted 10 May 2011 - 05:31 PM

Okay, that was a surprise. The log found nothing - but then the log shows the second run. Do you have the first log? If not please go to Start >Run > and copy/paste the following, then press Enter

C:\QooBox\ComboFix-quarantined-files.txt

A log file should open. Please post that in your next reply.
Posted Image
m0le is a proud member of UNITE

#9 passthedip

passthedip
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 10 May 2011 - 06:15 PM

2010-10-12 19:05:12 . 2010-10-12 19:05:12 164 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-msnmsgr.reg.dat
2010-10-12 19:00:56 . 2011-05-10 19:32:45 9,372 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-10-12 18:52:19 . 2011-05-10 19:20:37 102 ----a-w- C:\Qoobox\Quarantine\catchme.log

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:20 PM

Posted 10 May 2011 - 07:29 PM

Which browser(s) are you using?
Posted Image
m0le is a proud member of UNITE

#11 passthedip

passthedip
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 10 May 2011 - 07:34 PM

I was using IE 8 up until the infection last weekend. At that point I changed to Firefox and have been using it primarily, as it seems to be unaffected. Along with the redirects the performance of IE8 since the infection has dropped off markedly.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:20 PM

Posted 10 May 2011 - 07:35 PM

Let's take a look at the registry and see what's been attached to IE.

Open Notepad (go to Start > Run and type in Notepad and click OK).
Copy/paste the following text inside the code box into a new notepad document.

@ECHO OFF
regedit /e look1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"
regedit /e look2.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes"
Type look*.txt >log.txt
start log.txt
del look1.txt look2.txt
del %0
  • Go to the File menu at the top of the Notepad and select Save as.
  • Select save in: desktop
  • Fill in File name: look.bat
  • Save as type: All file types (*.*)
  • Click save
  • Close the Notepad.
  • Locate look.bat on the desktop.
  • Double click the icon or Right-click to run it as administrator if you have Vista or Windows 7.
  • A notepad opens, copy and paste the content (log.txt) to your reply.

Posted Image
m0le is a proud member of UNITE

#13 passthedip

passthedip
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 10 May 2011 - 07:38 PM

indows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@="Live Search"
"DisplayName"="@ieframe.dll,-12512"
"URL"="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{033EC3D5-BF9E-4BC2-A39F-CA1FEC398CF1}"
"DownloadUpdates"=dword:00000000
"Version"=dword:00000002
"UpgradeTime"=hex:98,d6,b1,c3,95,14,ca,01

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{033EC3D5-BF9E-4BC2-A39F-CA1FEC398CF1}]
"DisplayName"="Google"
"URL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"
"ShowSearchSuggestions"=dword:00000001
"SuggestionsURL"="http://clients5.google.com/complete/search?q={searchTerms}&client=ie8&mw={ie:maxWidth}&sh={ie:sectionHeight}&rh={ie:rowHeight}&inputencoding={inputEncoding}&outputencoding={outputEncoding}"
"OSDFileURL"="http://www.ieaddons.com/en/DownloadHandler.ashx?ResourceId=813"
"FaviconURL"="http://www.google.com/favicon.ico"
"FaviconPath"="C:\\Documents and Settings\\James\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Services\\search_{033EC3D5-BF9E-4BC2-A39F-CA1FEC398CF1}.ico"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}]
"DisplayName"="Web Search..."
"URL"="http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp"
"SuggestionsURL"="http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}"
"SuggestionsURLFallback"="http://api.search.live.com/qsml.aspx?query={searchTerms}&src=IE-SearchBox&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={Language}"
"FaviconURLFallback"="http://vshare.toolbarhome.com/partners/vshare/logo.png"
"Version"="1.0"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"SuggestionsURLFallback"="http://api.search.live.com/qsml.aspx?query={searchTerms}&src=IE-SearchBox&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={Language}"
"FaviconURLFallback"="http://www.live.com/favicon.ico"
"URL"="http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC"
"FaviconPath"="C:\\Documents and Settings\\James\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{766DC914-E072-4CA5-B72C-7758761A1F26}]
"DisplayName"="Secure Search"
"URL"="http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}"
"ShowSearchSuggestions"=dword:00000001
"SuggestionsURL"="http://ie.search.yahoo.com/os?command={SearchTerms}"
"OSDFileURL"="file:///C:/DOCUME~1/James/LOCALS~1/Temp/McSiteAdvisor.xml"
"FaviconURL"="http://secureshopping.mcafee.com/images/favicon.ico"

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:20 PM

Posted 10 May 2011 - 08:18 PM

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it to your desktop (click file, save as) as fixit.reg In the same open notepad, in the line below select Any for File Type.

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{033EC3D5-BF9E-4BC2-A39F-CA1FEC398CF1}"

NOTICE: This file was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Locate fixit.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Please reply back letting me know if it merged correctly.


To manage search engines:

  • Open Internet Explorer.
  • Open the scroll down window beside the search box at the top right of the page.
  • Click "Find More Providers..."
  • Select the appropriate language if needed.
  • Find Google and click "Add to Internet Explorer".
  • You will get a pop up window, check these options, if available:
    Make This my default search provider
    Use search suggestions from this provider
  • Press Add.

Let me know if the redirections now stop.
Posted Image
m0le is a proud member of UNITE

#15 passthedip

passthedip
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 13 May 2011 - 11:48 AM

m0le,

This does appear to have stopped the redirections, although I have thought that before only to have them return later on. Thank you very much!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users