Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Malwarebytes Finds 2 hijack.windowsupdates files and cannot


  • This topic is locked This topic is locked
35 replies to this topic

#16 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 11 November 2009 - 04:55 PM

Hi,

Your computer may be unbootable because of a false positive deletion by MalwareBytes

If your computer is unbootable, There are instructions at Malwarebytes here:

http://www.iishacks....alse-positives/


If you can actually access your computer (I doubt that you can) - you could try this:
Please open the Malwarebytes Antimalware program:
Select the quarantine tab:
select the items previously deleted by Malwarebytes:
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi (Rootkit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi (Rootkit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\atapi (Rootkit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi (Rootkit) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\drivers\atapi.sys (Rootkit) -> Quarantined and deleted successfully.
now choose RESTORE ALL


Note: Please make sure you also update the malwarebytes data base so that this does not occur again.


IF you need more assistance with this Malwarebytes will assist: Please do the following:

Please contact the malwarebytes help desk and they will work through it with you.

To open a new ticket, simply send an e-mail to support@malwarebytes.org

Please link to this topic here

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

    Advertisements

Register to Remove


#17 azstokes

azstokes

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 11 November 2009 - 07:22 PM

Ok I'm a little confused...sorry


***************************************

I didn't notice that I was supposed to delete the prior version of combofix and download another one - so I ran the script that you provided with the old version.


******************************************

Then I tried to run the Kaspersky Online scan and I'm getting the following message:

"The program could not be started. The program could not be started (Yes it says that twice!!!) Please close the window of Kaspersky Online scanner 7.0 and start the program again from the website of Kasperky Lab."

Error: java.lang.RuntimeException: Kaspersky Online Scanner 7.0 cannot be started because the computer has Kaspersky Internet Security 8.0 (9.0) installed.

********************************************

I then saw that you sent another post saying that my computer may not be bootable ----- At the moment I can access my computer ---- should I follow your instructions regarding restoring the keys????????


*******************************************

I will wait to hear from you as to what I should now be doing ------ Thanks again for all of your help

********************************************


Here is the log from Combo fix ----- I did get the same two errors as last time as well


ComboFix 09-11-09.01 - Compaq_Owner 11/11/2009 17:54.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.895.500 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\Combo.com
Command switches used :: c:\docume~1\COMPAQ~1\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
ADS - OLD18.tmp: deleted 32256 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Owner\Application Data\iolo
c:\documents and settings\Compaq_Owner\Application Data\iolo\Disabled Entries\All Users\Adobe Reader Speed Launch.lnk
c:\documents and settings\Compaq_Owner\Application Data\iolo\Netbooster_Log.txt
c:\documents and settings\Compaq_Owner\Application Data\iolo\Registry\command.dat
c:\documents and settings\Compaq_Owner\Application Data\iolo\Registry\Last\default
c:\documents and settings\Compaq_Owner\Application Data\iolo\Registry\Last\restore.bat
c:\documents and settings\Compaq_Owner\Application Data\iolo\Registry\Last\SAM
c:\documents and settings\Compaq_Owner\Application Data\iolo\Registry\Last\SECURITY
c:\documents and settings\Compaq_Owner\Application Data\iolo\Registry\Last\software
c:\documents and settings\Compaq_Owner\Application Data\iolo\Registry\Last\system
c:\documents and settings\Compaq_Owner\Application Data\iolo\restore.bat
c:\program files\iolo
c:\program files\iolo\Common\AntiVirus\avsdk2.msi
c:\program files\iolo\Common\AntiVirus\iavlsp.dll
c:\program files\iolo\Common\AntiVirus\IODLL.dll
c:\program files\iolo\Common\AntiVirus\RegisterLSP.exe
c:\program files\iolo\Common\Firewall\iFW_SPIWrp.dll
c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll
c:\program files\iolo\Common\Lib\Antila.dll
c:\program files\iolo\Common\Lib\Aquarius.dll
c:\program files\iolo\Common\Lib\ContextDefrag.dll
c:\program files\iolo\Common\Lib\fbembed.dll
c:\program files\iolo\Common\Lib\INETMIB1.DLL
c:\program files\iolo\Common\Lib\iolocowithdb.dll
c:\program files\iolo\Common\Lib\ioloDMVSvc.exe
c:\program files\iolo\Common\Lib\ioloFileInfoList.dll
c:\program files\iolo\Common\Lib\ioloFILParser.exe
c:\program files\iolo\Common\Lib\ioloFWUninst.exe
c:\program files\iolo\Common\Lib\ioloHL.dll
c:\program files\iolo\Common\Lib\ioloSearchFunctions.dll
c:\program files\iolo\Common\Lib\ioloServiceManager.exe
c:\program files\iolo\Common\Lib\ioloSMHomePageToolCom.dll
c:\program files\iolo\Common\Lib\ioloSoftSearch.dll
c:\program files\iolo\Common\Lib\LMResource.dll
c:\program files\iolo\Common\Lib\sguard.dll
c:\program files\iolo\Common\Lib\SNMPAPI.DLL
c:\program files\iolo\Common\Lib\SpyData.dll
c:\program files\iolo\Common\Lib\uninst.dll
c:\program files\iolo\Common\Lib\wscapi.dll
c:\program files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe
c:\program files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
c:\program files\iolo\THE FIX-ENGiNE\ENGiNE.nfo
c:\program files\iolo\THE FIX-ENGiNE\ENGiNE\DriveScrubber.exe
c:\program files\iolo\THE FIX-ENGiNE\ENGiNE\ioloAV.exe
c:\program files\iolo\THE FIX-ENGiNE\ENGiNE\ioloFW.exe
c:\program files\iolo\THE FIX-ENGiNE\ENGiNE\SearchAndRecover.exe
c:\program files\iolo\THE FIX-ENGiNE\ENGiNE\SysMech7.exe

.
--------------- FCopy ---------------

c:\windows\$NtServicePackUninstall$\ndis.sys --> c:\windows\system32\dllcache\ndis.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_fci
-------\Legacy_IOLOFILEINFOLIST
-------\Legacy_IOLOSYSTEMSERVICE
-------\Legacy_NPF
-------\Legacy_RKHIT
-------\Legacy_XPACKET
-------\Service_ioloFileInfoList
-------\Service_ioloSystemService
-------\Service_XPacket


((((((((((((((((((((((((( Files Created from 2009-10-11 to 2009-11-11 )))))))))))))))))))))))))))))))
.

2009-11-10 11:49 . 2009-11-10 11:49 -------- d-----w- c:\program files\ERUNT
2009-11-10 03:27 . 2009-11-10 03:27 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-11-10 03:27 . 2009-11-10 03:27 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-11-10 03:25 . 2009-11-11 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-11-10 03:25 . 2009-11-10 03:25 -------- d-----w- c:\program files\Kaspersky Lab
2009-11-10 03:21 . 2009-10-20 16:54 75609088 ----a-w- C:\kis.en.msi
2009-11-03 21:12 . 2009-11-03 21:12 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2009-11-03 21:12 . 2009-09-10 19:54 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-03 21:11 . 2009-11-03 21:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-03 21:11 . 2009-09-10 19:53 19160 ------w- c:\windows\system32\drivers\mbam.sys
2009-11-03 17:15 . 2009-11-03 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-03 17:14 . 2009-11-03 17:15 -------- d-----w- c:\program files\MalwarebytesPortable
2009-10-21 01:34 . 2009-10-21 01:34 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-10-15 02:18 . 2009-10-15 02:18 36880 ----a-w- c:\windows\system32\drivers\klbg.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-10 15:08 . 2004-08-04 12:00 577536 ------w- c:\windows\system32\user32.dll
2009-11-10 03:20 . 2009-01-29 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-11-10 03:02 . 2007-04-17 00:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-03 23:52 . 2009-04-23 20:19 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2009-11-03 23:52 . 2009-04-23 21:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-03 23:52 . 2007-04-13 19:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-03 23:50 . 2007-12-18 04:44 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Tunebite
2009-11-03 23:46 . 2005-05-26 03:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-03 23:41 . 2009-04-06 01:57 305640 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-03 23:36 . 2008-01-05 21:45 -------- d-----w- c:\program files\Spider-Man Photo Lab
2009-11-03 23:36 . 2005-11-06 02:50 -------- d-----w- c:\program files\SlySoft
2009-11-03 23:33 . 2005-11-06 18:03 -------- d-----w- c:\program files\DVD Shrink
2009-11-03 23:30 . 2005-05-26 04:17 -------- d-----w- c:\program files\QuickTime
2009-11-03 23:27 . 2005-05-26 03:54 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-03 23:27 . 2009-03-04 02:11 -------- d-----w- c:\program files\SoundTaxi
2009-11-03 23:24 . 2005-07-24 17:53 101336 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 23:21 . 2005-05-26 04:31 -------- d-----w- c:\program files\Google
2009-11-03 23:21 . 2009-03-06 21:56 -------- d-----w- c:\program files\Error Repair Professional
2009-11-03 23:19 . 2009-03-02 00:15 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-03 23:15 . 2009-03-02 00:15 -------- d-----w- c:\program files\Roxio Creator 2009
2009-11-03 23:15 . 2005-05-26 04:05 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-11-03 23:14 . 2009-03-02 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-11-03 23:09 . 2008-07-16 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{FBB5C4A9-4848-46A0-8863-C359F08D7728}
2009-11-03 23:07 . 2008-06-11 00:46 -------- d-----w- c:\program files\Supreme Auction 2
2009-11-03 22:59 . 2006-12-25 15:11 -------- d-----w- c:\program files\Apple Software Update
2009-11-03 19:02 . 2009-03-02 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-10-03 00:39 . 2009-10-03 00:39 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-09-14 19:42 . 2009-09-14 19:42 32272 ----a-w- c:\windows\system32\drivers\klim5.sys
2009-09-10 00:01 . 2009-09-10 00:01 27675 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-09-01 20:29 . 2009-09-01 20:29 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-11-10_15.25.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-26 03:52 . 2007-07-27 14:41 16760 c:\windows\system32\spmsg.dll
+ 2005-01-27 04:58 . 2009-11-11 23:22 72300 c:\windows\system32\perfc009.dat
- 2005-01-27 04:58 . 2009-11-10 15:28 72300 c:\windows\system32\perfc009.dat
+ 2004-08-04 11:00 . 2008-06-10 10:52 96768 c:\windows\system32\logagent.exe
- 2004-08-04 11:00 . 2005-01-28 18:44 96768 c:\windows\system32\logagent.exe
- 2004-08-04 11:00 . 2005-01-28 18:44 96768 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-04 11:00 . 2008-06-10 10:52 96768 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-04 11:00 . 2007-10-27 22:40 227328 c:\windows\system32\wmasf.dll
+ 2005-01-27 04:58 . 2009-11-11 23:22 443604 c:\windows\system32\perfh009.dat
- 2005-01-27 04:58 . 2009-11-10 15:28 443604 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2004-08-04 12:00 182912 c:\windows\system32\drivers\ndis.sys
+ 2004-08-04 11:00 . 2007-10-27 22:40 227328 c:\windows\system32\dllcache\wmasf.dll
+ 2004-08-04 11:00 . 2008-06-10 12:07 2376760 c:\windows\system32\WMVCore.dll
+ 2004-08-04 11:00 . 2008-06-10 11:28 1028096 c:\windows\system32\WMNetmgr.dll
+ 2004-08-04 11:00 . 2008-06-10 12:07 2376760 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-04 11:00 . 2008-06-10 11:28 1028096 c:\windows\system32\dllcache\WMNetmgr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"EPSON Stylus Photo R320 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-21 340456]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-04-12 49152]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and settings\Compaq_Owner\Application Data\iolo\

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Wirelwss LAN Utility\\tiwlnsvc.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"39658:TCP"= 39658:TCP:*:Disabled:Service
"39674:TCP"= 39674:TCP:*:Disabled:Service

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [3/3/2009 8:44 PM 2688]
R3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\TNET1130.sys [9/30/2007 1:34 PM 438912]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" --> c:\program files\ESET\ESET Smart Security\ekrn.exe [?]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" --> c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [?]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [3/3/2009 9:11 PM 184320]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://home.netscape.com/home/winsearch200.html
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
uSearchURL,(Default) = hxxp://keyword.netscape.com/keyword/%s
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\iavlsp.dll
Trusted Zone: aol.com\free
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-11 18:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4794b132-12ea-4371-ae4c-575eaa5fd580}]
@Denied: (Full) (Everyone)
"Model"=dword:00000070
"Therad"=dword:00000002
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(2028)
c:\windows\system32\iavlsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hawking\Common\RaUI.exe
c:\program files\iPod\bin\iPodService.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2009-11-11 18:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-11 23:30
ComboFix2.txt 2009-11-11 03:00
ComboFix3.txt 2009-11-10 15:37

Pre-Run: 85,013,045,248 bytes free
Post-Run: 84,904,108,032 bytes free

- - End Of File - - 177C87F4FECF00174591D71717E21346

#18 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 11 November 2009 - 07:23 PM

Yes, please restore the malwarebytes quarantined files: let me know that was successful first...then we'll continue

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#19 azstokes

azstokes

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 11 November 2009 - 07:29 PM

Ok I restored the five items in MWB - I also just updated MWB - I'm not sure how to tell if it was successful or not - I know that they no longer show in the list of quarantined items? Thanks

#20 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 11 November 2009 - 07:32 PM

Please post a fresh DDS log

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#21 azstokes

azstokes

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 11 November 2009 - 07:37 PM

Here is a current DDS log DDS (Ver_09-10-26.01) - NTFSx86 Run by Compaq_Owner at 20:33:44.75 on Wed 11/11/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.895.312 [GMT -5:00] AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Program Files\Hawking\Common\RaUI.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\AGRSMMSG.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://home.netscape.com/home/winsearch200.html mWindow Title = Windows Internet Explorer provided by Comcast uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop uSearchURL,(Default) = hxxp://keyword.netscape.com/keyword/%s BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagItIEAddin.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2 mRun: [EPSON Stylus Photo R320 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE /P39 "EPSON Stylus Photo R320 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo R320" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe" StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hawkin~1.lnk - c:\program files\hawking\common\RaUI.exe dPolicies-explorer: NoSetActiveDesktop = 1 (0x1) dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist! IE: {4248fe82-7fcb-46ac-b270-339f08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll IE: {ccf151d8-d089-449f-a5a4-d9909053f20f} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll LSP: c:\windows\system32\iavlsp.dll Trusted Zone: aol.com\free DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab Notify: klogon - c:\windows\system32\klogon.dll ============= SERVICES / DRIVERS =============== R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472] R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2009-3-3 2688] R3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\TNET1130.sys [2007-9-30 438912] S2 ekrn;Eset Service;"c:\program files\eset\eset smart security\ekrn.exe" --> c:\program files\eset\eset smart security\ekrn.exe [?] S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"c:\program files\roxio creator 2009\digital home 11\roxioupnprenderer11.exe" --> c:\program files\roxio creator 2009\digital home 11\RoxioUPnPRenderer11.exe [?] S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2009-3-3 184320] ============== File Associations =============== JSEFile=NOTEPAD.EXE %1 =============== Created Last 30 ================ 2009-11-10 14:49:12 98816 ----a-w- c:\windows\sed.exe 2009-11-10 14:49:12 77312 ----a-w- c:\windows\MBR.exe 2009-11-10 14:49:12 267264 ----a-w- c:\windows\PEV.exe 2009-11-10 14:49:12 161792 ----a-w- c:\windows\SWREG.exe 2009-11-10 03:27:15 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2009-11-10 03:27:15 108059 ----a-w- c:\windows\system32\drivers\klin.dat 2009-11-10 03:25:40 0 d-----w- c:\program files\Kaspersky Lab 2009-11-10 03:25:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab 2009-11-10 03:21:58 75609088 ----a-w- C:\kis.en.msi 2009-11-03 23:15:38 496 ----a-w- c:\windows\WININIT.INI 2009-11-03 21:12:04 0 d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes 2009-11-03 21:12:01 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-03 21:11:59 19160 ------w- c:\windows\system32\drivers\mbam.sys 2009-11-03 21:11:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-03 17:15:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-11-03 17:14:55 0 d-----w- c:\program files\MalwarebytesPortable 2009-10-21 01:34:56 219664 ----a-w- c:\windows\system32\klogon.dll 2009-10-15 02:18:34 36880 ----a-w- c:\windows\system32\drivers\klbg.sys ==================== Find3M ==================== 2009-11-12 01:26:19 95360 ----a-w- c:\windows\system32\drivers\atapi.sys 2009-11-12 01:26:19 95360 ----a-w- c:\windows\system32\dllcache\atapi.sys 2009-11-10 15:08:15 577536 ----a-w- c:\windows\system32\dllcache\user32.dll 2009-11-10 15:08:15 577536 ------w- c:\windows\system32\user32.dll 2009-10-03 00:39:44 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys 2009-09-14 19:42:46 32272 ----a-w- c:\windows\system32\drivers\klim5.sys ============= FINISH: 20:34:44.34 ===============

#22 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 11 November 2009 - 07:40 PM

Hi,

looks like those files did restore OK

2009-11-12 01:26:19 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-12 01:26:19 95360 ----a-w- c:\windows\system32\dllcache\atapi.sys

so you should be OK to reboot.

Please do the following scan:

Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#23 azstokes

azstokes

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 12 November 2009 - 05:21 AM

I ran the on-line check - it was running for a long time when I had to go to bed - so I left it running without watching - I'm not sure what happened. i woke up to another "blue screen" A problem has been detected ....... PAGE_FAULT_IN_NONPAGED_AREA *** STOP: 0X00000050 (0XE4A05000, 0X00000000, 0X8566A798, 0X00000001) i'm going to try and start using the F8

#24 azstokes

azstokes

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 12 November 2009 - 05:38 AM

I restarted using "last know good configuration" Have a window that says "The system has recovered from a serious error. A log of this error has been created. For more information about this error click here: results of "click here" Error Signature BCCode: 10000050 BCP1: E4A05000 BCP2: 00000000 BCP3: 8566A798 BCP4: 0000001 OSVers: 5_1_2600 SP: 2_0 Product: 768_1 To view technincal infromation about the error report click here: results of "click here" The following files will be included in this error report: C:\DOCUME~1\COMPAQ~1\LOCAL~1\Temp\WER2da1.dir00\Mini111209-01.dmp C:\DOCUME~1\COMPAQ~1\LOCAL~1\Temp\WER2da1.dir00\sysdata.xml

#25 azstokes

azstokes

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 12 November 2009 - 05:41 AM

Here is the ESET log ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.16762 (vista_gdr.081013-1507) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=7b91181cfa63a74f9cdb269edd4a4d3c # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-11-12 04:59:13 # local_time=2009-11-11 11:59:13 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=1280 16777191 100 0 0 0 0 0 # compatibility_mode=3586 16764926 0 89 61724663 261207283 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=198380 # found=50 # cleaned=0 # scan_time=11204 C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\Compressed\sdsetup.exe Win32/AutoRun.KS worm 00000000000000000000000000000000 I C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\Compressed\Spyware.Cease.v3.4.Win2kXPVista.Incl.Keygen-CRD.rar multiple threats 00000000000000000000000000000000 I C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\Compressed\Spyware_20Doctor_206.0.1.440.rar Win32/AutoRun.KS worm 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\bemoriva.dll.vir a variant of Win32/Kryptik.OG trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\ebigozes.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\jarugimo.dll.vir a variant of Win32/Kryptik.OG trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\ogumuhat.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\oluhiret.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthaexhxnbhruxwwnytvsaofclaomwdiywp.dll.vir Win32/Olmarik.HJ trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthsfljepygmboncdfrpccfnqpjwkrrlylv.dll.vir Win32/Olmarik.HJ trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthxradkkruttigbgdkxrxpbbumaltldclo.dll.vir Win32/Olmarik.HJ trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\owimunos.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\uburimif.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\user32.dll.vir.vir Win32/Pinit virus 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\yahipeja.dll.vir a variant of Win32/Kryptik.OG trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\yonevena.dll.vir a variant of Win32/Kryptik.OG trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\4c9d18cd.sys.vir a variant of Win32/Rustock.NIH trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ndis.sys.vir Win32/Protector.C virus 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ovfsthgkmlckmxxnhtitrxvnijesyxmguravbr.sys.vir Win32/Olmarik.HJ trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_4c9d18cd_.sys.zip a variant of Win32/Rustock.NIH trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0088744.dll Win32/Olmarik.HJ trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0088745.dll Win32/Olmarik.HJ trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0088746.sys Win32/Olmarik.HJ trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0088747.dll Win32/Olmarik.HJ trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0088781.dll Win32/Pinit virus 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0088782.DLL Win32/Pinit virus 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0088798.dll a variant of Win32/Kryptik.OG trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0088800.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0088801.dll a variant of Win32/Kryptik.OG trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0088802.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0088803.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0088804.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0088808.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0088811.dll a variant of Win32/Kryptik.OG trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0088812.dll a variant of Win32/Kryptik.OG trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0088819.sys a variant of Win32/Rustock.NIH trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0088829.dll a variant of Win32/Kryptik.OG trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0088830.dll a variant of Win32/Kryptik.OG trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0088831.dll a variant of Win32/Kryptik.OG trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0088832.dll a variant of Win32/Kryptik.OG trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0088833.dll a variant of Win32/Kryptik.OG trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0089028.sys Win32/Protector.C virus 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP280\A0089029.sys Win32/Protector.C virus 00000000000000000000000000000000 I C:\WINDOWS\system32\bizugaye.exe a variant of Win32/Kryptik.OG trojan 00000000000000000000000000000000 I C:\WINDOWS\system32\bupayeta.exe a variant of Win32/Kryptik.OG trojan 00000000000000000000000000000000 I C:\WINDOWS\system32\lopibeki.exe a variant of Win32/Kryptik.OG trojan 00000000000000000000000000000000 I C:\WINDOWS\system32\namogizu.exe a variant of Win32/Kryptik.OG trojan 00000000000000000000000000000000 I C:\WINDOWS\system32\rggc Win32/Pinit virus 00000000000000000000000000000000 I C:\WINDOWS\system32\sazujimo.exe Win32/Qhost.NJG trojan 00000000000000000000000000000000 I D:\I386\Apps\APP21442\src\HPSummer2005.exe a variant of Win32/AdInstaller application 00000000000000000000000000000000 I

    Advertisements

Register to Remove


#26 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 12 November 2009 - 10:53 AM

Hi

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://forums.whatthetech.com/Malwarebytes_Finds_2_hijack_windowsupdates_files_cannot_fix_t108205.html

KillAll::

File::
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\Compressed\sdsetup.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\Compressed\Spyware.Cease.v3.4.Win2kXPVista.Incl.Keygen-CRD.rar 
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\Compressed\Spyware_20Doctor_206.0.1.440.rar 

Collect::
C:\WINDOWS\system32\bizugaye.exe
C:\WINDOWS\system32\bupayeta.exe 
C:\WINDOWS\system32\lopibeki.exe 
C:\WINDOWS\system32\namogizu.exe
C:\WINDOWS\system32\sazujimo.exe 

Folder::
C:\WINDOWS\system32\rggc

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#27 azstokes

azstokes

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 12 November 2009 - 10:57 AM

Thanks for the update - I'm at work at the moment - I will try it as soon as I get home Thanks again for all of your assistance!

#28 azstokes

azstokes

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 12 November 2009 - 03:11 PM

The message box that was supposed to appear did not

Here is the log from ComboFix:


ComboFix 09-11-09.01 - Compaq_Owner 11/12/2009 15:19.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.895.500 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\Combo.com
Command switches used :: c:\docume~1\COMPAQ~1\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\documents and settings\Compaq_Owner\My Documents\Downloads\Compressed\sdsetup.exe"
"c:\documents and settings\Compaq_Owner\My Documents\Downloads\Compressed\Spyware.Cease.v3.4.Win2kXPVista.Incl.Keygen-CRD.rar"
"c:\documents and settings\Compaq_Owner\My Documents\Downloads\Compressed\Spyware_20Doctor_206.0.1.440.rar"

file zipped: c:\windows\system32\bizugaye.exe
file zipped: c:\windows\system32\bupayeta.exe
file zipped: c:\windows\system32\lopibeki.exe
file zipped: c:\windows\system32\namogizu.exe
file zipped: c:\windows\system32\sazujimo.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Owner\My Documents\Downloads\Compressed\sdsetup.exe
c:\documents and settings\Compaq_Owner\My Documents\Downloads\Compressed\Spyware.Cease.v3.4.Win2kXPVista.Incl.Keygen-CRD.rar
c:\documents and settings\Compaq_Owner\My Documents\Downloads\Compressed\Spyware_20Doctor_206.0.1.440.rar
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\_000015_.tmp.dll
c:\windows\system32\_000016_.tmp.dll
c:\windows\system32\bizugaye.exe
c:\windows\system32\bupayeta.exe
c:\windows\system32\lopibeki.exe
c:\windows\system32\namogizu.exe
c:\windows\system32\sazujimo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_fci
-------\Legacy_NPF
-------\Legacy_RKHIT


((((((((((((((((((((((((( Files Created from 2009-10-12 to 2009-11-12 )))))))))))))))))))))))))))))))
.

2009-11-12 11:28 . 2009-11-12 11:28 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\PCHealth
2009-11-12 08:25 . 2009-05-09 06:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-11-12 08:25 . 2009-05-09 06:14 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-11-12 08:25 . 2004-08-04 05:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2009-11-12 01:44 . 2009-11-12 01:44 -------- d-----w- c:\program files\ESET
2009-11-10 11:49 . 2009-11-10 11:49 -------- d-----w- c:\program files\ERUNT
2009-11-10 03:27 . 2009-11-10 03:27 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-11-10 03:27 . 2009-11-10 03:27 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-11-10 03:25 . 2009-11-12 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-11-10 03:25 . 2009-11-10 03:25 -------- d-----w- c:\program files\Kaspersky Lab
2009-11-10 03:21 . 2009-10-20 16:54 75609088 ----a-w- C:\kis.en.msi
2009-11-03 21:12 . 2009-11-03 21:12 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2009-11-03 21:12 . 2009-09-10 19:54 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-03 21:11 . 2009-11-03 21:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-03 21:11 . 2009-09-10 19:53 19160 ------w- c:\windows\system32\drivers\mbam.sys
2009-11-03 17:15 . 2009-11-03 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-03 17:14 . 2009-11-03 17:15 -------- d-----w- c:\program files\MalwarebytesPortable
2009-10-21 01:34 . 2009-10-21 01:34 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-10-15 02:18 . 2009-10-15 02:18 36880 ----a-w- c:\windows\system32\drivers\klbg.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-12 08:35 . 2008-07-31 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-12 08:08 . 2009-11-12 08:08 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-11-12 08:07 . 2009-11-12 08:07 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-11-12 01:26 . 2004-08-04 12:00 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-10 15:08 . 2004-08-04 12:00 577536 ------w- c:\windows\system32\user32.dll
2009-11-10 03:20 . 2009-01-29 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-11-10 03:02 . 2007-04-17 00:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-03 23:52 . 2009-04-23 20:19 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2009-11-03 23:52 . 2009-04-23 21:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-03 23:52 . 2007-04-13 19:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-03 23:50 . 2007-12-18 04:44 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Tunebite
2009-11-03 23:46 . 2005-05-26 03:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-03 23:41 . 2009-04-06 01:57 305640 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-03 23:36 . 2008-01-05 21:45 -------- d-----w- c:\program files\Spider-Man Photo Lab
2009-11-03 23:36 . 2005-11-06 02:50 -------- d-----w- c:\program files\SlySoft
2009-11-03 23:33 . 2005-11-06 18:03 -------- d-----w- c:\program files\DVD Shrink
2009-11-03 23:30 . 2005-05-26 04:17 -------- d-----w- c:\program files\QuickTime
2009-11-03 23:27 . 2005-05-26 03:54 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-03 23:27 . 2009-03-04 02:11 -------- d-----w- c:\program files\SoundTaxi
2009-11-03 23:24 . 2005-07-24 17:53 101336 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 23:21 . 2005-05-26 04:31 -------- d-----w- c:\program files\Google
2009-11-03 23:21 . 2009-03-06 21:56 -------- d-----w- c:\program files\Error Repair Professional
2009-11-03 23:19 . 2009-03-02 00:15 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-03 23:15 . 2009-03-02 00:15 -------- d-----w- c:\program files\Roxio Creator 2009
2009-11-03 23:15 . 2005-05-26 04:05 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-11-03 23:14 . 2009-03-02 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-11-03 23:09 . 2008-07-16 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{FBB5C4A9-4848-46A0-8863-C359F08D7728}
2009-11-03 23:07 . 2008-06-11 00:46 -------- d-----w- c:\program files\Supreme Auction 2
2009-11-03 22:59 . 2006-12-25 15:11 -------- d-----w- c:\program files\Apple Software Update
2009-11-03 19:02 . 2009-03-02 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-10-03 00:39 . 2009-10-03 00:39 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-09-14 19:42 . 2009-09-14 19:42 32272 ----a-w- c:\windows\system32\drivers\klim5.sys
2009-09-11 14:03 . 2009-09-11 14:03 136192 ------w- c:\windows\system32\SETA6A4.tmp
2009-09-10 00:01 . 2009-09-10 00:01 27675 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-09-04 20:45 . 2009-09-04 20:45 58880 ------w- c:\windows\system32\SETA4E4.tmp
2009-09-01 20:29 . 2009-09-01 20:29 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-08-26 08:16 . 2004-08-04 12:00 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
.

((((((((((((((((((((((((((((( SnapShot@2009-11-10_15.25.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-01 07:04 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2004-08-04 18:00 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe
+ 2008-06-01 02:53 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2005-05-26 03:52 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2005-05-26 03:52 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2004-08-04 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
+ 2009-11-12 08:25 . 2004-08-04 05:56 21504 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\hidserv.dll
+ 2009-11-12 08:04 . 2004-08-04 05:56 21504 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\hidserv.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 44544 c:\windows\system32\pngfilt.dll
- 2004-08-04 12:00 . 2008-10-16 20:38 44544 c:\windows\system32\pngfilt.dll
+ 2005-01-27 04:58 . 2009-11-12 20:53 71964 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-04 12:00 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-04 11:00 . 2008-06-10 10:52 96768 c:\windows\system32\logagent.exe
- 2004-08-04 11:00 . 2005-01-28 18:44 96768 c:\windows\system32\logagent.exe
- 2004-08-04 12:00 . 2008-10-16 20:38 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 27648 c:\windows\system32\jsproxy.dll
- 2007-08-13 22:39 . 2008-10-16 13:11 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-13 22:39 . 2009-08-28 10:28 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-04 12:00 . 2009-08-29 07:36 44544 c:\windows\system32\iernonce.dll
- 2004-08-04 12:00 . 2008-10-16 20:38 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 78336 c:\windows\system32\ieencode.dll
- 2004-08-04 12:00 . 2007-08-13 22:45 78336 c:\windows\system32\ieencode.dll
+ 2004-08-04 12:00 . 2009-08-28 10:28 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-04 12:00 . 2008-10-16 13:11 70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-07-29 04:53 82432 c:\windows\system32\fontsub.dll
+ 2006-11-02 12:22 . 2006-11-02 12:22 32224 c:\windows\system32\drivers\wdfldr.sys
+ 2004-08-04 18:00 . 2009-06-22 11:35 92544 c:\windows\system32\drivers\ksecdd.sys
+ 2004-08-04 12:00 . 2009-06-25 08:17 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2004-08-04 18:00 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
+ 2004-08-04 12:00 . 2009-06-25 08:17 56320 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-04 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
- 2004-08-04 12:00 . 2008-10-16 20:38 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 12:00 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2004-08-04 12:00 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2004-08-04 12:00 . 2006-03-01 19:42 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2008-06-01 12:37 . 2008-10-16 20:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-01 12:37 . 2009-08-29 07:36 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-04 12:00 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-04 12:00 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll
- 2004-08-04 11:00 . 2005-01-28 18:44 96768 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-04 11:00 . 2008-06-10 10:52 96768 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-04 18:00 . 2009-06-22 11:35 92544 c:\windows\system32\dllcache\ksecdd.sys
- 2004-08-04 12:00 . 2008-10-16 20:38 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2008-06-01 12:37 . 2008-10-16 13:11 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-06-01 12:37 . 2009-08-28 10:28 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-04 12:00 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-04 12:00 . 2008-10-16 20:38 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 12:00 . 2007-08-13 22:45 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 12:00 . 2008-10-16 13:11 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-08-28 10:28 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-06-01 12:37 . 2009-08-29 07:36 63488 c:\windows\system32\dllcache\icardie.dll
- 2008-06-01 12:37 . 2008-10-16 20:38 63488 c:\windows\system32\dllcache\icardie.dll
+ 2004-08-04 12:00 . 2009-07-29 04:53 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 17408 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-04 12:00 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 84992 c:\windows\system32\dllcache\avifil32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 58880 c:\windows\system32\dllcache\atl.dll
+ 2004-08-04 12:00 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 95360 c:\windows\system32\dllcache\atapi.sys
+ 2004-08-04 12:00 . 2009-11-12 01:26 95360 c:\windows\system32\dllcache\atapi.sys
- 2004-08-04 12:00 . 2004-08-04 12:00 84992 c:\windows\system32\avifil32.dll
+ 2004-08-04 12:00 . 2009-06-10 14:21 84992 c:\windows\system32\avifil32.dll
- 2008-07-31 01:17 . 2009-03-03 21:05 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-07-31 01:17 . 2009-11-12 08:35 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-07-31 01:17 . 2009-11-12 08:35 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-07-31 01:17 . 2009-03-03 21:05 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-07-31 01:17 . 2009-03-03 21:05 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-07-31 01:17 . 2009-11-12 08:35 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-12 08:23 . 2009-11-12 08:23 10134 c:\windows\Installer\{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}\_D448662C318D8F9F1E0E42.exe
+ 2009-11-12 08:23 . 2009-11-12 08:23 10134 c:\windows\Installer\{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}\_A128EA92B9517AB99A0BCC.exe
+ 2006-10-27 01:13 . 2006-10-27 01:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2006-10-27 02:58 . 2006-10-27 02:58 33080 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VPREVIEW.EXE
+ 2009-11-12 08:28 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB974455-IE7\pngfilt.dll
+ 2009-11-12 08:28 . 2008-10-16 20:38 52224 c:\windows\ie7updates\KB974455-IE7\msfeedsbs.dll
+ 2009-11-12 08:28 . 2008-10-16 20:38 27648 c:\windows\ie7updates\KB974455-IE7\jsproxy.dll
+ 2009-11-12 08:28 . 2008-10-16 13:11 13824 c:\windows\ie7updates\KB974455-IE7\ieudinit.exe
+ 2009-11-12 08:28 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB974455-IE7\iernonce.dll
+ 2009-11-12 08:28 . 2007-08-13 22:45 78336 c:\windows\ie7updates\KB974455-IE7\ieencode.dll
+ 2009-11-12 08:28 . 2008-10-16 13:11 70656 c:\windows\ie7updates\KB974455-IE7\ie4uinit.exe
+ 2009-11-12 08:28 . 2008-10-16 20:38 63488 c:\windows\ie7updates\KB974455-IE7\icardie.dll
+ 2009-11-12 08:28 . 2004-08-04 12:00 35328 c:\windows\ie7updates\KB974455-IE7\corpol.dll
+ 2009-11-12 08:41 . 2009-11-12 08:41 50688 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b9a622531616dcfbb005e0215d658848\UIAutomationProvider.ni.dll
+ 2009-11-12 08:40 . 2009-11-12 08:40 77824 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6cdfcd83e12350178deba2d26d68d96e\System.Windows.Presentation.ni.dll
+ 2009-11-12 08:19 . 2009-11-12 08:19 48640 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\ff3401f9aac1f01e1d15457d602811d3\PresentationFontCache.ni.exe
+ 2009-11-12 08:36 . 2009-11-12 08:36 40960 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\7f9d06eb470a85d80b676c9c8f0fd20d\PresentationCFFRasterizer.ni.dll
+ 2009-11-12 08:39 . 2009-11-12 08:39 77824 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d94fc25d39800cb137d0639137e0e9c5\Microsoft.Vsa.ni.dll
+ 2009-11-12 08:35 . 2009-11-12 08:35 81920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e299fd71b4c71854673c47f85b4cf180\Microsoft.Build.Framework.ni.dll
+ 2009-11-12 08:35 . 2009-11-12 08:35 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\24e88fe2e103eac93e52fb6e2959085c\Microsoft.Build.Framework.ni.dll
+ 2009-11-12 08:33 . 2009-11-12 08:33 15360 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\662febc2f309e92a880682f527f4e426\dfsvc.ni.exe
+ 2009-11-12 08:31 . 2009-11-12 08:31 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1a67452bf4558b2574698b6008e7af74\Accessibility.ni.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 90112 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 90112 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2008-09-09 01:36 . 2008-09-09 01:36 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2008-09-09 01:36 . 2008-09-09 01:36 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-09-09 01:34 . 2008-09-09 01:34 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-09-09 01:36 . 2008-09-09 01:36 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2008-09-09 01:36 . 2008-09-09 01:36 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2004-08-04 11:00 . 2009-04-10 06:01 413032 c:\windows\system32\wmspdmod.dll
+ 2004-08-04 11:00 . 2009-07-13 15:08 286720 c:\windows\system32\wmpdxm.dll
+ 2004-08-04 11:00 . 2007-10-27 22:40 227328 c:\windows\system32\wmasf.dll
+ 2004-08-04 12:00 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll
- 2004-08-04 12:00 . 2006-08-17 12:28 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-04 12:00 . 2009-07-29 04:53 119808 c:\windows\system32\t2embed.dll
+ 2004-08-04 12:00 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe
+ 2005-01-27 04:58 . 2009-11-12 20:53 443164 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2009-08-29 07:36 102912 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2008-10-16 20:38 102912 c:\windows\system32\occache.dll
+ 2004-08-04 18:00 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll
+ 2004-08-04 12:00 . 2009-08-05 09:11 204800 c:\windows\system32\mswebdvd.dll
+ 2004-08-04 12:00 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
- 2004-08-04 12:00 . 2008-10-16 20:38 671232 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 671232 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2008-10-16 20:38 193024 c:\windows\system32\msrating.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 193024 c:\windows\system32\msrating.dll
+ 2004-08-04 12:00 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-04 12:00 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-04 12:00 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-04 11:00 . 2009-06-25 08:17 729600 c:\windows\system32\lsasrv.dll
+ 2004-08-04 12:00 . 2009-05-07 15:44 344064 c:\windows\system32\localspl.dll
+ 2004-08-04 12:00 . 2009-03-21 13:54 989184 c:\windows\system32\kernel32.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 385024 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2009-08-27 05:18 161792 c:\windows\system32\ieakui.dll
- 2004-08-04 12:00 . 2008-10-15 07:04 161792 c:\windows\system32\ieakui.dll
- 2004-08-04 12:00 . 2008-10-16 20:38 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 12:00 . 2008-10-16 20:38 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 153088 c:\windows\system32\ieakeng.dll
- 2005-01-27 04:56 . 2009-11-03 23:42 319544 c:\windows\system32\FNTCACHE.DAT
+ 2005-01-27 04:56 . 2009-11-12 11:21 319544 c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 12:00 . 2008-10-16 20:38 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 133120 c:\windows\system32\extmgr.dll
+ 2006-11-02 12:22 . 2006-11-02 12:22 492000 c:\windows\system32\drivers\wdf01000.sys
+ 2004-08-04 12:00 . 2004-08-04 12:00 182912 c:\windows\system32\drivers\ndis.sys
+ 2004-08-04 12:00 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-04 11:00 . 2009-04-10 06:01 413032 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-08-04 11:00 . 2009-07-13 15:08 286720 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-04 12:00 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2004-08-04 12:00 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2004-08-04 11:00 . 2007-10-27 22:40 227328 c:\windows\system32\dllcache\wmasf.dll
+ 2004-08-04 12:00 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2004-08-04 12:00 . 2006-08-17 12:28 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2004-08-04 11:00 . 2009-08-29 07:36 832512 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-04 12:00 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-04 12:00 . 2008-10-16 20:38 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-04 12:00 . 2008-10-16 20:38 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 153088 c:\windows\system32\dllcache\triedit.dll
+ 2004-08-04 12:00 . 2009-06-21 22:04 153088 c:\windows\system32\dllcache\triedit.dll
+ 2004-08-04 12:00 . 2009-07-29 04:53 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-04 12:00 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll
- 2004-08-04 12:00 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-04 12:00 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe
+ 2004-08-04 12:00 . 2009-06-25 08:17 168448 c:\windows\system32\dllcache\schannel.dll
+ 2004-08-04 12:00 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
+ 2004-08-04 12:00 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
- 2004-08-04 12:00 . 2007-07-09 13:09 584192 c:\windows\system32\dllcache\rpcrt4.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-04 12:00 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll
- 2004-08-04 12:00 . 2008-10-16 20:38 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 18:00 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-04 12:00 . 2009-02-06 18:46 408064 c:\windows\system32\dllcache\netlogon.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 182912 c:\windows\system32\dllcache\ndis.sys
+ 2004-08-04 12:00 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2004-08-04 12:00 . 2009-09-11 14:03 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2004-08-04 12:00 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 12:00 . 2008-10-16 20:38 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 12:00 . 2008-10-16 20:38 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 12:00 . 2008-10-16 20:38 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2008-06-01 12:37 . 2008-10-16 20:38 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-01 12:37 . 2009-08-29 07:36 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2004-08-04 12:00 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2004-08-04 12:00 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2004-08-04 12:00 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2004-08-04 11:00 . 2009-06-25 08:17 729600 c:\windows\system32\dllcache\lsasrv.dll
+ 2004-08-04 12:00 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2009-03-21 13:54 . 2009-03-21 13:54 989184 c:\windows\system32\dllcache\kernel32.dll
+ 2004-08-04 12:00 . 2009-06-25 08:17 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2004-08-04 12:00 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-04 12:00 . 2009-08-27 05:18 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2008-06-01 12:37 . 2009-08-29 07:36 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-06-01 12:37 . 2009-08-29 07:36 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2004-08-04 12:00 . 2008-10-15 07:04 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 12:00 . 2009-08-27 05:18 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-04 12:00 . 2008-10-16 20:38 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-04 12:00 . 2008-10-16 20:38 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 12:00 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
- 2004-08-04 12:00 . 2008-10-16 20:38 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00 . 2008-10-16 20:38 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 12:00 . 2008-10-16 20:38 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 12:00 . 2008-10-16 20:38 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 12:00 . 2009-08-29 07:36 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-04 12:00 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-04 12:00 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 616960 c:\windows\system32\advapi32.dll
+ 2009-08-08 07:35 . 2009-08-08 07:35 819016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2009-05-26 23:53 . 2009-05-26 23:53 579072 c:\windows\Installer\17fc89d.msp
+ 2009-11-12 08:11 . 2009-11-12 08:11 195584 c:\windows\Installer\17fc885.msi
+ 2008-07-31 01:17 . 2009-11-12 08:35 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-07-31 01:17 . 2009-03-03 21:05 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-07-31 01:17 . 2009-11-12 08:35 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-07-31 01:17 . 2009-03-03 21:05 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-07-31 01:17 . 2009-11-12 08:35 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-07-31 01:17 . 2009-03-03 21:05 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-07-31 01:17 . 2009-11-12 08:35 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2008-07-31 01:17 . 2009-03-03 21:05 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-11-12 08:23 . 2009-11-12 08:23 610038 c:\windows\Installer\{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}\_FBD2AFD3575B3145E16E86.exe
- 2009-01-04 12:41 . 2009-01-04 12:41 610038 c:\windows\Installer\{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}\_6FEFF9B68218417F98F549.exe
+ 2009-01-04 12:41 . 2009-11-12 08:23 610038 c:\windows\Installer\{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}\_6FEFF9B68218417F98F549.exe
+ 2009-11-12 08:23 . 2009-11-12 08:23 610038 c:\windows\Installer\{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}\_43CD920EF937B693914EA7.exe
+ 2009-11-12 08:28 . 2008-10-16 20:38 826368 c:\windows\ie7updates\KB974455-IE7\wininet.dll
+ 2009-11-12 08:28 . 2008-10-16 20:38 233472 c:\windows\ie7updates\KB974455-IE7\webcheck.dll
+ 2009-11-12 08:28 . 2008-10-16 20:38 105984 c:\windows\ie7updates\KB974455-IE7\url.dll
+ 2009-11-12 08:28 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB974455-IE7\spuninst\updspapi.dll
+ 2009-11-12 08:28 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe
+ 2009-11-12 08:28 . 2008-10-16 20:38 102912 c:\windows\ie7updates\KB974455-IE7\occache.dll
+ 2009-11-12 08:28 . 2008-10-16 20:38 671232 c:\windows\ie7updates\KB974455-IE7\mstime.dll
+ 2009-11-12 08:28 . 2008-10-16 20:38 193024 c:\windows\ie7updates\KB974455-IE7\msrating.dll
+ 2009-11-12 08:28 . 2008-10-16 20:38 477696 c:\windows\ie7updates\KB974455-IE7\mshtmled.dll
+ 2009-11-12 08:28 . 2008-10-16 20:38 459264 c:\windows\ie7updates\KB974455-IE7\msfeeds.dll
+ 2009-11-12 08:28 . 2008-10-15 07:06 633632 c:\windows\ie7updates\KB974455-IE7\iexplore.exe
+ 2009-11-12 08:28 . 2008-10-16 20:38 267776 c:\windows\ie7updates\KB974455-IE7\iertutil.dll
+ 2009-11-12 08:28 . 2008-10-16 20:38 384512 c:\windows\ie7updates\KB974455-IE7\iedkcs32.dll
+ 2009-11-12 08:28 . 2008-10-16 20:38 383488 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dll
+ 2009-11-12 08:28 . 2008-10-15 07:04 161792 c:\windows\ie7updates\KB974455-IE7\ieakui.dll
+ 2009-11-12 08:28 . 2008-10-16 20:38 230400 c:\windows\ie7updates\KB974455-IE7\ieaksie.dll
+ 2009-11-12 08:28 . 2008-10-16 20:38 153088 c:\windows\ie7updates\KB974455-IE7\ieakeng.dll
+ 2009-11-12 08:28 . 2008-10-16 20:38 133120 c:\windows\ie7updates\KB974455-IE7\extmgr.dll
+ 2009-11-12 08:28 . 2008-10-16 20:38 214528 c:\windows\ie7updates\KB974455-IE7\dxtrans.dll
+ 2009-11-12 08:28 . 2008-10-16 20:38 347136 c:\windows\ie7updates\KB974455-IE7\dxtmsft.dll
+ 2009-11-12 08:28 . 2008-10-16 20:38 124928 c:\windows\ie7updates\KB974455-IE7\advpack.dll
+ 2009-11-12 08:34 . 2009-11-12 08:34 380928 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\ee523c18d34c6e11f6096e0bb878e67d\WsatConfig.ni.exe
+ 2009-11-12 08:41 . 2009-11-12 08:41 270336 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a26a28600433ad4907b55e42ceb32a40\WindowsFormsIntegration.ni.dll
+ 2009-11-12 08:41 . 2009-11-12 08:41 196608 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\9fca74ebdde012b503cec6ee0d73b596\UIAutomationTypes.ni.dll
+ 2009-11-12 08:41 . 2009-11-12 08:41 483328 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\6399149bd528ad5c007371ec893d82d7\UIAutomationClient.ni.dll
+ 2009-11-12 08:41 . 2009-11-12 08:41 458752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\90ecf577500413f4cc612434d59bf565\System.Xml.Linq.ni.dll
+ 2009-11-12 08:40 . 2009-11-12 08:40 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6b8f2e778eba3931057217c2512b201c\System.Web.RegularExpressions.ni.dll
+ 2009-11-12 08:40 . 2009-11-12 08:40 880640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\243e31744402adbebb6aebe610fb55a5\System.Web.Extensions.Design.ni.dll
+ 2009-11-12 08:39 . 2009-11-12 08:39 684032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4bdd3ce8337c4619dfb09de5ab3f9b62\System.Transactions.ni.dll
+ 2009-11-12 08:39 . 2009-11-12 08:39 233472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\47d862e0dc37c830cc3397decf6c0590\System.ServiceProcess.ni.dll
+ 2009-11-12 08:39 . 2009-11-12 08:39 733184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\428a3be3d5be01f129e0effdc455d831\System.Security.ni.dll
+ 2009-11-12 08:39 . 2009-11-12 08:39 339968 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ef827bc54e7620e870821803e8507c8b\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-11-12 08:39 . 2009-11-12 08:39 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\c38e3e2766068205791f9ba92286398f\System.Net.ni.dll
+ 2009-11-12 08:39 . 2009-11-12 08:39 356352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\b8ea9fdd4d0df7b7f10b2f514954fa18\System.Management.Instrumentation.ni.dll
+ 2009-11-12 08:32 . 2009-11-12 08:32 417792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e81f4580e0c23765c6dde900f392f446\System.IO.Log.ni.dll
+ 2009-11-12 08:32 . 2009-11-12 08:32 241664 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\ed8e39453591d30135a5674ca7dbbe95\System.IdentityModel.Selectors.ni.dll
+ 2009-11-12 08:38 . 2009-11-12 08:38 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff85d9d54701c8cde7b513ff808fd5e3\System.EnterpriseServices.Wrapper.dll
+ 2009-11-12 08:38 . 2009-11-12 08:38 659456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff85d9d54701c8cde7b513ff808fd5e3\System.EnterpriseServices.ni.dll
+ 2009-11-12 08:28 . 2009-11-12 08:28 229376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\4593151ab44d4f61e4cafaf9e77a8d25\System.Drawing.Design.ni.dll
+ 2009-11-12 08:38 . 2009-11-12 08:38 937984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8f4a6e521fe3c8257e706338152acc8f\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-11-12 08:38 . 2009-11-12 08:38 512000 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\135aa2f31c01565700d44313b925a205\System.DirectoryServices.Protocols.ni.dll
+ 2009-11-12 08:38 . 2009-11-12 08:38 184320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\63402da5b777bf5021bc3e50c4b42e5d\System.Data.DataSetExtensions.ni.dll
+ 2009-11-12 08:39 . 2009-11-12 08:39 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\1105b46975896c9bc6e66d5f9079e716\System.Configuration.Install.ni.dll
+ 2009-11-12 08:38 . 2009-11-12 08:38 696320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\4aa38945f8e3c247d1d162ccd705e7a6\System.AddIn.ni.dll
+ 2009-11-12 08:38 . 2009-11-12 08:38 102400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\cb239156223d1455d025454c762c59e6\System.AddIn.Contract.ni.dll
+ 2009-11-12 08:34 . 2009-11-12 08:34 323584 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d7b7eeaae96dea8991ba2723c93a2392\SMSvcHost.ni.exe
+ 2009-11-12 08:34 . 2009-11-12 08:34 299008 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\47e0aab602bcd6e6e333ac24d7b8f6aa\SMDiagnostics.ni.dll
+ 2009-11-12 08:34 . 2009-11-12 08:34 139264 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\8af5d1dac7b4e52f2cf21c6f5c0647c2\ServiceModelReg.ni.exe
+ 2009-11-12 08:25 . 2009-11-12 08:25 393216 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e132e2525f13601d13efbd22549afbca\PresentationFramework.Aero.ni.dll
+ 2009-11-12 08:25 . 2009-11-12 08:25 274432 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c49dd0ac011661f5cd81df49fa2390b9\PresentationFramework.Royale.ni.dll
+ 2009-11-12 08:25 . 2009-11-12 08:25 245760 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c340248174b3999d838745253310e932\PresentationFramework.Classic.ni.dll
+ 2009-11-12 08:25 . 2009-11-12 08:25 552960 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b1f6daefb01fd048efef31dfd3233dff\PresentationFramework.Luna.ni.dll
+ 2009-11-12 08:34 . 2009-11-12 08:34 155648 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\66b87acc1afeb6d4bf426773f4ea5473\MSBuild.ni.exe
+ 2009-11-12 08:34 . 2009-11-12 08:34 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a27ef93b10fe08816dc25709fb33af7\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-11-12 08:35 . 2009-11-12 08:35 167936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ab1dd1079764acac4cbe55d6555f4ff7\Microsoft.Build.Utilities.ni.dll
+ 2009-11-12 08:36 . 2009-11-12 08:36 196608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\6ff9ba4057f061812db56ccc82db2516\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-11-12 08:35 . 2009-11-12 08:35 876544 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9e2334dbe9e76dd6fc2bde86c9b515b9\Microsoft.Build.Engine.ni.dll
+ 2009-11-12 08:35 . 2009-11-12 08:35 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\76e2409d2e0f856aaa3b463447149f0f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-11-12 08:35 . 2009-11-12 08:35 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\58ec7ce15fd463d65d3e45db4e0613cf\CustomMarshalers.ni.dll
+ 2009-11-12 08:34 . 2009-11-12 08:34 503808 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\c7a907c8b8d42cf645282c32bea13b6d\ComSvcConfig.ni.exe
+ 2009-11-12 08:31 . 2009-11-12 08:31 884736 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\2a66ea6b955eabdb437c6cfcac78c45e\AspNetMMCExt.ni.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 884736 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 884736 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-09-09 01:34 . 2008-09-09 01:34 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-09-09 01:34 . 2008-09-09 01:34 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-09-09 01:36 . 2008-09-09 01:36 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-09-09 01:34 . 2008-09-09 01:34 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2008-09-09 01:36 . 2008-09-09 01:36 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 933888 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 933888 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 741376 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 741376 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 671744 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 671744 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2008-09-09 01:36 . 2008-09-09 01:36 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2008-09-09 01:36 . 2008-09-09 01:36 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 261120 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 261120 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2008-09-09 01:36 . 2008-09-09 01:36 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-09-09 01:36 . 2008-09-09 01:36 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 483840 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 483840 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-11-12 08:23 . 2009-11-12 08:23 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-11-12 01:17 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2004-08-04 11:00 . 2009-05-20 17:24 2373504 c:\windows\system32\WMVCore.dll
+ 2004-08-04 11:00 . 2009-07-13 15:08 5537792 c:\windows\system32\wmp.dll
- 2004-08-04 11:00 . 2007-04-30 12:20 5537792 c:\windows\system32\wmp.dll
+ 2004-08-04 11:00 . 2008-06-10 11:28 1028096 c:\windows\system32\WMNetmgr.dll
+ 2004-08-04 12:00 . 2009-08-14 12:19 1850112 c:\windows\system32\win32k.sys
+ 2004-08-04 12:00 . 2009-07-17 16:27 1435648 c:\windows\system32\query.dll
- 2004-08-04 12:00 . 2006-06-22 05:06 1435648 c:\windows\system32\query.dll
+ 2004-08-04 12:00 . 2009-06-03 19:27 1290752 c:\windows\system32\quartz.dll
- 2004-08-04 12:00 . 2008-08-14 10:00 2180352 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 12:00 . 2009-08-04 14:00 2180352 c:\windows\system32\ntoskrnl.exe
- 2004-08-04 18:00 . 2008-08-14 09:22 2057728 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 18:00 . 2009-08-04 13:13 2057728 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 11:00 . 2009-05-20 17:24 2373504 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-04 11:00 . 2009-07-13 15:08 5537792 c:\windows\system32\dllcache\wmp.dll
- 2004-08-04 11:00 . 2007-04-30 12:20 5537792 c:\windows\system32\dllcache\wmp.dll
+ 2004-08-04 11:00 . 2008-06-10 11:28 1028096 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2004-08-04 12:00 . 2009-08-14 12:19 1850112 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 11:00 . 2009-08-29 07:36 1168384 c:\windows\system32\dllcache\urlmon.dll
- 2004-08-04 12:00 . 2007-10-26 03:36 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2004-08-04 12:00 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2004-08-04 12:00 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll
- 2004-08-04 12:00 . 2006-06-22 05:06 1435648 c:\windows\system32\dllcache\query.dll
+ 2004-08-04 12:00 . 2009-06-03 19:27 1290752 c:\windows\system32\dllcache\quartz.dll
+ 2008-06-01 07:08 . 2009-08-04 14:00 2180352 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-06-01 07:08 . 2008-08-14 10:00 2180352 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-06-01 07:08 . 2009-08-04 13:13 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-06-01 07:08 . 2008-08-14 09:22 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-06-01 07:08 . 2009-08-04 13:13 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-06-01 07:08 . 2008-08-14 09:22 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-06-01 07:08 . 2009-08-04 13:58 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-06-01 07:08 . 2008-08-14 09:58 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-04 12:00 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2004-08-04 11:00 . 2009-08-29 07:36 3598336 c:\windows\system32\dllcache\mshtml.dll
+ 2008-06-01 12:37 . 2009-08-29 07:36 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2008-06-01 12:37 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-08-08 07:35 . 2009-08-08 07:35 5849920 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2009-08-08 07:35 . 2009-08-08 07:35 4345856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-08-18 17:58 . 2009-08-18 17:58 8301056 c:\windows\Installer\17fc954.msp
+ 2009-04-24 17:30 . 2009-04-24 17:30 2583552 c:\windows\Installer\17fc941.msp
+ 2009-02-26 00:08 . 2009-02-26 00:08 8311808 c:\windows\Installer\17fc92d.msp
+ 2009-08-05 12:49 . 2009-08-05 12:49 3457024 c:\windows\Installer\17fc91c.msp
+ 2009-04-24 17:28 . 2009-04-24 17:28 4450816 c:\windows\Installer\17fc908.msp
+ 2009-01-30 21:24 . 2009-01-30 21:24 2254336 c:\windows\Installer\17fc8f4.msp
+ 2009-07-27 09:31 . 2009-07-27 09:31 3738624 c:\windows\Installer\17fc8cc.msp
+ 2009-08-18 17:57 . 2009-08-18 17:57 9122304 c:\windows\Installer\17fc8ba.msp
+ 2009-08-10 04:32 . 2009-08-10 04:32 5288960 c:\windows\Installer\17fc8a7.msp
+ 2009-08-18 18:08 . 2009-08-18 18:08 1373696 c:\windows\Installer\17fc87e.msp
+ 2009-04-24 17:29 . 2009-04-24 17:29 9013760 c:\windows\Installer\17fc86c.msp
+ 2008-07-31 01:17 . 2009-11-12 08:35 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-07-31 01:17 . 2009-03-03 21:05 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-08-24 11:10 . 2007-08-24 11:10 3735424 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\VVIEWER.DLL
+ 2007-08-24 11:10 . 2007-08-24 11:10 1846160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\VVIEWDWG.DLL
+ 2007-08-23 05:03 . 2007-08-23 05:03 1195888 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\FM20.DLL
+ 2009-11-12 08:28 . 2008-10-16 20:38 1160192 c:\windows\ie7updates\KB974455-IE7\urlmon.dll
+ 2009-11-12 08:28 . 2008-12-13 06:40 3593216 c:\windows\ie7updates\KB974455-IE7\mshtml.dll
+ 2009-11-12 08:28 . 2008-10-16 20:38 6066176 c:\windows\ie7updates\KB974455-IE7\ieframe.dll
+ 2009-11-12 08:28 . 2007-04-17 09:32 2455488 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dat
- 2005-03-02 00:59 . 2008-08-14 10:00 2180352 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-02 00:59 . 2009-08-04 14:00 2180352 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-03-02 00:34 . 2008-08-14 09:22 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2009-08-04 13:13 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2009-08-04 13:13 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:34 . 2008-08-14 09:22 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:57 . 2008-08-14 09:58 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-03-02 00:57 . 2009-08-04 13:58 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-11-12 08:19 . 2009-11-12 08:19 3403776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\dfd60c318a7316f9a7b7b3d997ee4ebd\WindowsBase.ni.dll
+ 2009-11-12 08:41 . 2009-11-12 08:41 1118208 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\8c2536730a74819833e8d1eb69a9a646\UIAutomationClientsideProviders.ni.dll
+ 2009-11-12 08:19 . 2009-11-12 08:19 8310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System\ccfeb59f4a9b75909eb2d1121232a769\System.ni.dll
+ 2009-11-12 08:30 . 2009-11-12 08:30 5771264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\717cce3690d643df19d6a4117283048e\System.Xml.ni.dll
+ 2009-11-12 08:41 . 2009-11-12 08:41 1585152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\32af08b16f34e5661bfde3f96c3b3c59\System.WorkflowServices.ni.dll
+ 2009-11-12 08:41 . 2009-11-12 08:41 2105344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\423638994e98efd90ec1dfde0649cc91\System.Workflow.Runtime.ni.dll
+ 2009-11-12 08:41 . 2009-11-12 08:41 4583424 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\227149a442681e36715bb88e3589e039\System.Workflow.ComponentModel.ni.dll
+ 2009-11-12 08:41 . 2009-11-12 08:41 3088384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\379eb1ae2d1ad4f4e6da6c5865322c55\System.Workflow.Activities.ni.dll
+ 2009-11-12 08:40 . 2009-11-12 08:40 1986560 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\aa319d767042e97c692041f76f123f2f\System.Web.Services.ni.dll
+ 2009-11-12 08:40 . 2009-11-12 08:40 2342912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\b7092e8403b56e3913488855e45a35ff\System.Web.Mobile.ni.dll
+ 2009-11-12 08:40 . 2009-11-12 08:40 2420736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\475081a0245b53d4fca01abfd2d33b9d\System.Web.Extensions.ni.dll
+ 2009-11-12 08:39 . 2009-11-12 08:39 2039808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\736d8a2291d7173935e6e0945e5c17cd\System.Speech.ni.dll
+ 2009-11-12 08:39 . 2009-11-12 08:39 1601536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\edc9b39f342c1f7b81c92c105bed4d63\System.ServiceModel.Web.ni.dll
+ 2009-11-12 08:32 . 2009-11-12 08:32 2445312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\44fce5ee5d99270d4b6edc34256d6b21\System.Runtime.Serialization.ni.dll
+ 2009-11-12 08:39 . 2009-11-12 08:39 1134592 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\b2f88468f0bef357e846afa982a2499a\System.Printing.ni.dll
+ 2009-11-12 08:39 . 2009-11-12 08:39 1064960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\0b655ffd2d01e5740f46e1c78f0833a1\System.Management.ni.dll
+ 2009-11-12 08:32 . 2009-11-12 08:32 1122304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\7781d1b2914db9b9792ba20230f52bf5\System.IdentityModel.ni.dll
+ 2009-11-12 08:28 . 2009-11-12 08:28 1667072 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e58e83951091f2616344c5d2a6787660\System.Drawing.ni.dll
+ 2009-11-12 08:38 . 2009-11-12 08:38 1224704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\e96695c65a4104ee4687f3e5f0581d34\System.DirectoryServices.ni.dll
+ 2009-11-12 08:38 . 2009-11-12 08:38 1798144 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f0a1895c7d475f156ed4cdd9f0bd2797\System.Deployment.ni.dll
+ 2009-11-12 08:26 . 2009-11-12 08:26 7102464 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\b39a611d2b2fc659d5472dd76b24d3b2\System.Data.ni.dll
+ 2009-11-12 08:39 . 2009-11-12 08:39 2756608 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\a40074cafd6ba635e32950af0e099c7d\System.Data.SqlXml.ni.dll
+ 2009-11-12 08:27 . 2009-11-12 08:27 2592768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\bcc1921fa645d1983efb4006c1b1f4bd\System.Data.Linq.ni.dll
+ 2009-11-12 08:26 . 2009-11-12 08:26 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\aab7dbce5c61725f815d4a446ecc0ef2\System.Core.ni.dll
+ 2009-11-12 08:38 . 2009-11-12 08:38 1011712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e2de26078a8c3d29dbfcf408e23aa2b1\System.Configuration.ni.dll
+ 2009-11-12 08:37 . 2009-11-12 08:37 2416640 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\50372bb0a6034564ae23694c9f7f072c\ReachFramework.ni.dll
+ 2009-11-12 08:37 . 2009-11-12 08:37 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\c052ed4c2cafacbde96dd4984611269f\PresentationUI.ni.dll
+ 2009-11-12 08:36 . 2009-11-12 08:36 1581056 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\5b363159779eca8315a5d4bcf07823f2\PresentationBuildTasks.ni.dll
+ 2009-11-12 08:36 . 2009-11-12 08:36 1740800 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ed0cdc51d89bb41a9ab760ca3cf52bf9\Microsoft.VisualBasic.ni.dll
+ 2009-11-12 08:34 . 2009-11-12 08:34 1232896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\a1bbeca12b0ba2e80de08ebe6b13a862\Microsoft.Transactions.Bridge.ni.dll
+ 2009-11-12 08:39 . 2009-11-12 08:39 2441216 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\1822d4d26d06cc01b65408493ac1a2b4\Microsoft.JScript.ni.dll
+ 2009-11-12 08:35 . 2009-11-12 08:35 1695744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\b846f5c1b90e4222e79a420d92062f79\Microsoft.Build.Tasks.ni.dll
+ 2009-11-12 08:35 . 2009-11-12 08:35 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\97e0f012f5892553aa1be1f456f51a94\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-11-12 08:35 . 2009-11-12 08:35 1892352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\f995aa0150ee7b6ae2e85a1acee09f16\Microsoft.Build.Engine.ni.dll
+ 2009-11-12 08:15 . 2009-11-12 08:15 3076096 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 3076096 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2008-09-09 01:34 . 2008-09-09 01:34 2068480 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 2068480 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 5013504 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 5013504 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2008-09-09 01:36 . 2008-09-09 01:36 5070848 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 5070848 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 5431296 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 5431296 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-09-09 01:35 . 2008-09-09 01:35 3036160 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-11-12 08:16 . 2009-11-12 08:16 3036160 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-11-12 08:15 . 2009-11-12 08:15 4345856 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-11-12 08:32 . 2009-11-05 14:36 26768832 c:\windows\system32\MRT.exe
+ 2009-08-10 19:09 . 2009-08-10 19:09 17254912 c:\windows\Installer\17fc886.msp
+ 2009-11-12 08:29 . 2009-11-12 08:29 13193216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9d25b8eabd8203e4d0490363140c4526\System.Windows.Forms.ni.dll
+ 2009-11-12 08:40 . 2009-11-12 08:40 12517376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\16a34a274ee877b4cf03d1a1bb57eb82\System.Web.ni.dll
+ 2009-11-12 08:33 . 2009-11-12 08:33 18153472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\299c38b70a596904e4274c9450221e6a\System.ServiceModel.ni.dll
+ 2009-11-12 08:28 . 2009-11-12 08:28 10936320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\2aab58cae4d998cf867f483302e94c27\System.Design.ni.dll
+ 2009-11-12 08:24 . 2009-11-12 08:25 15044608 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\620c65049de60114ae182c70ebbb3305\PresentationFramework.ni.dll
+ 2009-11-12 08:21 . 2009-11-12 08:21 12595200 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\dbfa432eec6dd6c069fc11ce09a967e6\PresentationCore.ni.dll
+ 2009-11-12 08:18 . 2009-11-12 08:18 11436032 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\fee8c8ba9b84a7832274adcbfc9d5ca4\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"EPSON Stylus Photo R320 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-21 340456]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-04-12 49152]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and settings\Compaq_Owner\Application Data\iolo\

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Wirelwss LAN Utility\\tiwlnsvc.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"39658:TCP"= 39658:TCP:*:Disabled:Service
"39674:TCP"= 39674:TCP:*:Disabled:Service

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [3/3/2009 8:44 PM 2688]
R3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\TNET1130.sys [9/30/2007 1:34 PM 438912]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" --> c:\program files\ESET\ESET Smart Security\ekrn.exe [?]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" --> c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [?]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [3/3/2009 9:11 PM 184320]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://home.netscape.com/home/winsearch200.html
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
uSearchURL,(Default) = hxxp://keyword.netscape.com/keyword/%s
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\iavlsp.dll
Trusted Zone: aol.com\free
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 15:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4794b132-12ea-4371-ae4c-575eaa5fd580}]
@Denied: (Full) (Everyone)
"Model"=dword:00000070
"Therad"=dword:00000002
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(2028)
c:\windows\system32\iavlsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2009-11-12 16:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-12 21:04
ComboFix2.txt 2009-11-11 23:30
ComboFix3.txt 2009-11-11 03:00
ComboFix4.txt 2009-11-10 15:37

Pre-Run: 83,447,132,160 bytes free
Post-Run: 83,409,948,672 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=,1,2,3,4
- - End Of File - - 93085F6E83CF02F0964AABA7F0E27732

#29 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 12 November 2009 - 04:44 PM

Hi,
Please do the following:

The files I wanted uploaded didn't submit automatically, so we need to do it manually.

Please open this link HERE in a new window.

In the box marked Link to topic where this file was requested: please paste in the following text
http://forums.whatthetech.com/Malwarebytes_Finds_2_hijack_windowsupdates_files_cannot_fix_t108205.html

Click the Browse button and navigate to C:\Qoobox\Quarantine

There should be a zip file there called [4]-Submit_****-**-**_**.**.**.zip ( the * denotes Date and Time stamp - yours will be close to this: 11/12/2009 15:19)
Select this file and click Open
In the Largest box please put
File Requested By CatByte
Failed Submit::

Finally click SendFile

Please return here and let me know when that file has been uploaded.

NEXT:

Couple of files to delete:

Please do the following:

Press Start > Run and copy/paste the following single-line command into the Run box and click OK:

cmd /c del /f/a/q "c:\windows\system32\SETA6A4.tmp" "c:\windows\system32\SETA4E4.tmp"



NEXT

Please run a fresh DDS log so I can see if it is clean this time

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#30 azstokes

azstokes

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 12 November 2009 - 05:12 PM

The requested file has been uploaded

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users