PDA

View Full Version : Cheweys Browser Redirect Issue



Cheweybacca
2012-05-09, 21:39
Hi,

Since Feb 2012 i have noticed certain google search links redirecting me to miscellaneous advertising sites. It appears to happen randomly so i suspect some gremlins are onboard. I use Chrome.

I attach logs etc

Many thanks in advance for any help,
Chewey

DDS log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by Gerry at 19:30:46 on 2012-05-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1284 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Endpoint Security Client Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Checkpoint\Endpoint Security\EapConnMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe
C:\Program Files\Checkpoint\Endpoint Security\Endpoint Connect\TrGUI.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Checkpoint\Endpoint Security\Endpoint Connect\TracSrvWrapper.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Checkpoint\Endpoint Security\IClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ie/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7232f4e2-2037-4077-bc83-70aa43f09565} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\gerry\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [TrueCrypt] "c:\program files\truecrypt\TrueCrypt.exe" /q preferences /a logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Check Point Endpoint Tray Application] c:\program files\common files\check point\uiframework\cptray.exe
mRun: [Check Point Endpoint Connect] "c:\program files\checkpoint\endpoint security\endpoint connect\TrGUI.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\gerry\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\gerry\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\gerry\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Video Poker - hxxp://download2.games.yahoo.com/games/clients/y/vpt0_x.cab
DPF: Yahoo! Poker - hxxp://download.games.yahoo.com/games/clients/y/pt3_x.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {1230CB21-C88D-11CF-B347-000000000000}
DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} - hxxp://community.webshots.com/html/atx/wsaxcontrol.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://213.94.214.30/vdesk/terminal/f5tunsrv.cab#version=6031,2009,1204,1610
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://213.94.214.30/vdesk/terminal/InstallerControl.cab#version=6031,2009,1204,1613
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://213.94.214.30/vdesk/terminal/f5InspectionHost.cab#version=6031,2009,1204,1603
DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - hxxps://213.94.214.30/vdesk/terminal/urTermProxy.cab#version=6020,2008,0514,2337
DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} - hxxps://213.94.214.30/vdesk/terminal/msrdp.cab#version=5,2,3790,0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - hxxp://static.photobox.co.uk/sg/common/uploader_uni.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://213.94.214.30/vdesk/terminal/urxhost.cab#version=6031,2009,1204,1604
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - hxxps://213.94.214.30/policy/download_binary.php/win32/f5syschk.cab#Version=6031,2010,0125,2111
DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - hxxp://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
TCP: Interfaces\{92E1B20F-0BA1-4722-B920-4CE8C48534CD} : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
R0 DiMaint;Eicon Maintenance Driver;c:\windows\system32\drivers\disdn\dimaint.sys [2002-12-4 91408]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 295248]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-1-18 470920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 DiCapi;Eicon CAPI 2.0 Driver;c:\windows\system32\drivers\disdn\capi202k.sys [2001-6-12 181168]
R2 DiPort;Eicon Port Driver;c:\windows\system32\drivers\disdn\diport40.sys [2002-10-16 206976]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
R3 DiWan;Eicon Driver for all Diva Client cards;c:\windows\system32\drivers\disdn\Diwan.sys [2002-10-3 911920]
R3 TracSrvWrapper;Check Point Endpoint Connect;c:\program files\checkpoint\endpoint security\endpoint connect\TracSrvWrapper.exe [2010-5-9 3511824]
R3 vna_ap;Check Point Virtual Network Adapter - Apollo;c:\windows\system32\drivers\vnaap.sys [2010-5-9 129304]
S2 gupdate1c9f4b5549515e;Google Update Service (gupdate1c9f4b5549515e);c:\program files\google\update\GoogleUpdate.exe [2009-6-24 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-19 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-24 133104]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2002-8-29 14336]
S3 NuVision;Hauppauge WinTV USB Pro (PAL I,D/K);c:\windows\system32\drivers\NUVision.sys [2008-2-13 260144]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\BCSwap.sys [2007-1-25 91496]
.
=============== Created Last 30 ================
.
2012-04-19 17:51:09 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-18 15:36:13 -------- d-----w- c:\documents and settings\gerry\application data\Dropbox
.
==================== Find3M ====================
.
2012-05-09 07:51:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-06 18:43:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-06 18:43:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 01:25:04 832512 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 01:25:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-03-01 01:25:03 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 01:25:03 17408 ----a-w- c:\windows\system32\corpol.dll
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-16 00:55:32 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-02-15 11:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 11:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2003-09-01 12:56:26 235988 ----a-w- c:\program files\Logo - accounting1.exe
2003-08-29 21:06:45 16251072 ----a-w- c:\program files\AdbeRdr60_enu_full.exe
.
============= FINISH: 19:32:17.82 ===============

shelf life
2012-05-14, 03:56
hi Cheweybacca,

Your post is a few days old. If you still need help simply reply back.

Cheweybacca
2012-05-15, 00:18
Hi Shelf Life,

Yes i still need help getting rid of this random redirect issue.

cheers
Chewey

shelf life
2012-05-15, 02:50
ok. Lets start with tdsskiller for now then go on from there. Actually you can get two downloads, first tdsskiller then the free version of malwarebytes which you can keep and use as a antimalware app.
Use tdsskiller first followed by malwarebytes.

1) Please download TDSS Killer.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your desktop
Double click to launch the utility. After it initializes click the start scan button.

Once the scan completes you can click the continue button.

"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."

"After clicking Next, the utility applies selected actions and outputs the result."

"A reboot might require after disinfection."

A report will be found in your Root drive Local Disk (C) as: TDSSKiller.2.7.9.0_05.02.2012_17.32.21_log (name, version#, date, time)
Please post the log report

2) Please download the free version of Malwarebytes (http://www.malwarebytes.org/products/malwarebytes_free) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

After you run both, cruise around and see what the redirection looks like.

Cheweybacca
2012-05-16, 00:35
Ok Shelf-life,
I'll download those and follow your instructions :thanks:

I'm away for a few days so wont be back to my home machine until next Monday so i'll update this thread then.

Cheers !
Chewey

shelf life
2012-05-16, 04:44
ok. Got it.

Cheweybacca
2012-05-22, 11:59
Hi, i'm back again.

First here is the TDSSkiller log. It only ran for a few seconds and appears to have found no threats.


09:55:48.0500 3112 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
09:55:48.0937 3112 ============================================================
09:55:48.0937 3112 Current date / time: 2012/05/22 09:55:48.0937
09:55:48.0937 3112 SystemInfo:
09:55:48.0937 3112
09:55:48.0937 3112 OS Version: 5.1.2600 ServicePack: 3.0
09:55:48.0937 3112 Product type: Workstation
09:55:48.0937 3112 ComputerName: BRIDS_DELL
09:55:48.0937 3112 UserName: Gerry
09:55:48.0937 3112 Windows directory: C:\WINDOWS
09:55:48.0937 3112 System windows directory: C:\WINDOWS
09:55:48.0937 3112 Processor architecture: Intel x86
09:55:48.0937 3112 Number of processors: 1
09:55:48.0937 3112 Page size: 0x1000
09:55:48.0937 3112 Boot type: Normal boot
09:55:48.0937 3112 ============================================================
09:55:51.0890 3112 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:55:51.0890 3112 ============================================================
09:55:51.0890 3112 \Device\Harddisk0\DR0:
09:55:51.0890 3112 MBR partitions:
09:55:51.0890 3112 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x94EEEB9
09:55:51.0890 3112 ============================================================
09:55:51.0906 3112 Initialize success
09:55:51.0906 3112 ============================================================
09:56:04.0703 3396 ============================================================
09:56:04.0703 3396 Scan started
09:56:04.0703 3396 Mode: Manual;
09:56:04.0703 3396 ============================================================
09:56:04.0750 3396 6to4 - ok
09:56:04.0765 3396 Abiosdsk - ok
09:56:04.0781 3396 abp480n5 - ok
09:56:04.0796 3396 ACPI - ok
09:56:04.0796 3396 ACPIEC - ok
09:56:04.0812 3396 AdobeFlashPlayerUpdateSvc - ok
09:56:04.0828 3396 adpu160m - ok
09:56:04.0843 3396 aeaudio - ok
09:56:04.0859 3396 aec - ok
09:56:04.0859 3396 AFD - ok
09:56:04.0875 3396 AFS2K - ok
09:56:04.0890 3396 agp440 - ok
09:56:04.0906 3396 agpCPQ - ok
09:56:04.0921 3396 Aha154x - ok
09:56:04.0921 3396 aic78u2 - ok
09:56:04.0937 3396 aic78xx - ok
09:56:04.0953 3396 Alerter - ok
09:56:04.0968 3396 ALG - ok
09:56:04.0984 3396 AliIde - ok
09:56:05.0000 3396 alim1541 - ok
09:56:05.0000 3396 amdagp - ok
09:56:05.0015 3396 amsint - ok
09:56:05.0046 3396 Apple Mobile Device - ok
09:56:05.0062 3396 AppMgmt - ok
09:56:05.0062 3396 asc - ok
09:56:05.0078 3396 asc3350p - ok
09:56:05.0093 3396 asc3550 - ok
09:56:05.0125 3396 aspnet_state - ok
09:56:05.0140 3396 AsyncMac - ok
09:56:05.0156 3396 atapi - ok
09:56:05.0171 3396 Atdisk - ok
09:56:05.0187 3396 Atmarpc - ok
09:56:05.0187 3396 AudioSrv - ok
09:56:05.0203 3396 audstub - ok
09:56:05.0218 3396 AVGIDSAgent - ok
09:56:05.0234 3396 AVGIDSDriver - ok
09:56:05.0250 3396 AVGIDSFilter - ok
09:56:05.0250 3396 AVGIDSHX - ok
09:56:05.0265 3396 AVGIDSShim - ok
09:56:05.0281 3396 Avgldx86 - ok
09:56:05.0281 3396 Avgmfx86 - ok
09:56:05.0296 3396 Avgrkx86 - ok
09:56:05.0312 3396 Avgtdix - ok
09:56:05.0328 3396 avgwd - ok
09:56:05.0343 3396 bcm4sbxp - ok
09:56:05.0359 3396 BCSWAP - ok
09:56:05.0359 3396 Beep - ok
09:56:05.0375 3396 BITS - ok
09:56:05.0390 3396 Bonjour Service - ok
09:56:05.0406 3396 Browser - ok
09:56:05.0406 3396 catchme - ok
09:56:05.0421 3396 cbidf - ok
09:56:05.0437 3396 cbidf2k - ok
09:56:05.0453 3396 CCALib8 - ok
09:56:05.0453 3396 CCDECODE - ok
09:56:05.0468 3396 cd20xrnt - ok
09:56:05.0484 3396 Cdaudio - ok
09:56:05.0500 3396 Cdfs - ok
09:56:05.0515 3396 Cdr4_xp - ok
09:56:05.0531 3396 Cdralw2k - ok
09:56:05.0531 3396 Cdrom - ok
09:56:05.0546 3396 cdudf_xp - ok
09:56:05.0562 3396 Changer - ok
09:56:05.0578 3396 CiSvc - ok
09:56:05.0593 3396 ClipSrv - ok
09:56:05.0609 3396 clr_optimization_v2.0.50727_32 - ok
09:56:05.0625 3396 clr_optimization_v4.0.30319_32 - ok
09:56:05.0625 3396 CmdIde - ok
09:56:05.0640 3396 COMSysApp - ok
09:56:05.0656 3396 Cpqarray - ok
09:56:05.0671 3396 CryptSvc - ok
09:56:05.0687 3396 CVirtA - ok
09:56:05.0703 3396 CVPND - ok
09:56:05.0703 3396 CVPNDRVA - ok
09:56:05.0718 3396 dac2w2k - ok
09:56:05.0734 3396 dac960nt - ok
09:56:05.0750 3396 DcomLaunch - ok
09:56:05.0750 3396 Dhcp - ok
09:56:05.0765 3396 DiCapi - ok
09:56:05.0781 3396 DiMaint - ok
09:56:05.0781 3396 DiPort - ok
09:56:05.0796 3396 Disk - ok
09:56:05.0812 3396 DiWan - ok
09:56:05.0828 3396 dmadmin - ok
09:56:05.0843 3396 dmboot - ok
09:56:05.0843 3396 dmio - ok
09:56:05.0859 3396 dmload - ok
09:56:05.0875 3396 dmserver - ok
09:56:05.0890 3396 DMusic - ok
09:56:05.0890 3396 DNE - ok
09:56:05.0906 3396 Dnscache - ok
09:56:05.0937 3396 Dot3svc - ok
09:56:05.0937 3396 dpti2o - ok
09:56:05.0953 3396 drmkaud - ok
09:56:05.0968 3396 dvd_2K - ok
09:56:05.0968 3396 EapHost - ok
09:56:05.0984 3396 EL90XBC - ok
09:56:06.0000 3396 ERSvc - ok
09:56:06.0015 3396 Eventlog - ok
09:56:06.0031 3396 EventSystem - ok
09:56:06.0031 3396 Fastfat - ok
09:56:06.0046 3396 FastUserSwitchingCompatibility - ok
09:56:06.0062 3396 Fdc - ok
09:56:06.0078 3396 Fips - ok
09:56:06.0078 3396 Flpydisk - ok
09:56:06.0109 3396 FltMgr - ok
09:56:06.0109 3396 FontCache3.0.0.0 - ok
09:56:06.0125 3396 Fs_Rec - ok
09:56:06.0140 3396 Ftdisk - ok
09:56:06.0156 3396 GEARAspiWDM - ok
09:56:06.0171 3396 Gpc - ok
09:56:06.0187 3396 gupdate1c9f4b5549515e - ok
09:56:06.0187 3396 gupdatem - ok
09:56:06.0203 3396 helpsvc - ok
09:56:06.0218 3396 HidServ - ok
09:56:06.0234 3396 hkmsvc - ok
09:56:06.0234 3396 hpn - ok
09:56:06.0250 3396 HPZid412 - ok
09:56:06.0265 3396 HPZipr12 - ok
09:56:06.0281 3396 HPZius12 - ok
09:56:06.0296 3396 HTTP - ok
09:56:06.0296 3396 HTTPFilter - ok
09:56:06.0312 3396 i2omgmt - ok
09:56:06.0328 3396 i2omp - ok
09:56:06.0343 3396 i8042prt - ok
09:56:06.0343 3396 i81x - ok
09:56:06.0359 3396 iAimFP0 - ok
09:56:06.0375 3396 iAimFP1 - ok
09:56:06.0390 3396 iAimFP2 - ok
09:56:06.0390 3396 iAimFP3 - ok
09:56:06.0406 3396 iAimFP4 - ok
09:56:06.0421 3396 iAimTV0 - ok
09:56:06.0437 3396 iAimTV1 - ok
09:56:06.0453 3396 iAimTV2 - ok
09:56:06.0453 3396 iAimTV3 - ok
09:56:06.0468 3396 iAimTV4 - ok
09:56:06.0484 3396 ialm - ok
09:56:06.0484 3396 IDriverT - ok
09:56:06.0500 3396 idsvc - ok
09:56:06.0515 3396 Imapi - ok
09:56:06.0531 3396 Imapi Helper - ok
09:56:06.0546 3396 ImapiService - ok
09:56:06.0562 3396 ini910u - ok
09:56:06.0593 3396 IntelIde - ok
09:56:06.0593 3396 intelppm - ok
09:56:06.0609 3396 ip6fw - ok
09:56:06.0625 3396 IpFilterDriver - ok
09:56:06.0640 3396 IpInIp - ok
09:56:06.0656 3396 IpNat - ok
09:56:06.0656 3396 iPod Service - ok
09:56:06.0671 3396 IPSec - ok
09:56:06.0687 3396 IRENUM - ok
09:56:06.0703 3396 isapnp - ok
09:56:06.0718 3396 JavaQuickStarterService - ok
09:56:06.0718 3396 Kbdclass - ok
09:56:06.0734 3396 kmixer - ok
09:56:06.0765 3396 KSecDD - ok
09:56:06.0781 3396 lanmanserver - ok
09:56:06.0796 3396 lanmanworkstation - ok
09:56:06.0812 3396 lbrtfdc - ok
09:56:06.0828 3396 LmHosts - ok
09:56:06.0843 3396 MDM - ok
09:56:06.0859 3396 Messenger - ok
09:56:06.0875 3396 mmc_2K - ok
09:56:06.0890 3396 mnmdd - ok
09:56:06.0890 3396 mnmsrvc - ok
09:56:06.0906 3396 Modem - ok
09:56:06.0921 3396 Mouclass - ok
09:56:06.0937 3396 MountMgr - ok
09:56:06.0937 3396 mraid35x - ok
09:56:06.0953 3396 MRxDAV - ok
09:56:06.0968 3396 MRxSmb - ok
09:56:06.0984 3396 MSDTC - ok
09:56:07.0000 3396 Msfs - ok
09:56:07.0015 3396 MSIServer - ok
09:56:07.0031 3396 MSKSSRV - ok
09:56:07.0031 3396 MSPCLOCK - ok
09:56:07.0046 3396 MSPQM - ok
09:56:07.0062 3396 mssmbios - ok
09:56:07.0078 3396 MSTEE - ok
09:56:07.0109 3396 Mup - ok
09:56:07.0109 3396 NABTSFEC - ok
09:56:07.0109 3396 napagent - ok
09:56:07.0125 3396 NDIS - ok
09:56:07.0140 3396 NdisIP - ok
09:56:07.0156 3396 NdisTapi - ok
09:56:07.0156 3396 Ndisuio - ok
09:56:07.0171 3396 NdisWan - ok
09:56:07.0187 3396 NDProxy - ok
09:56:07.0203 3396 NetBIOS - ok
09:56:07.0203 3396 NetBT - ok
09:56:07.0218 3396 NetDDE - ok
09:56:07.0234 3396 NetDDEdsdm - ok
09:56:07.0250 3396 Netlogon - ok
09:56:07.0250 3396 Netman - ok
09:56:07.0265 3396 NetTcpPortSharing - ok
09:56:07.0281 3396 Nla - ok
09:56:07.0296 3396 nosGetPlusHelper - ok
09:56:07.0312 3396 Npfs - ok
09:56:07.0328 3396 Ntfs - ok
09:56:07.0343 3396 NtLmSsp - ok
09:56:07.0343 3396 NtmsSvc - ok
09:56:07.0359 3396 Null - ok
09:56:07.0375 3396 NuVision - ok
09:56:07.0390 3396 nv - ok
09:56:07.0406 3396 NwlnkFlt - ok
09:56:07.0406 3396 NwlnkFwd - ok
09:56:07.0421 3396 omci - ok
09:56:07.0437 3396 P3 - ok
09:56:07.0453 3396 Parport - ok
09:56:07.0453 3396 PartMgr - ok
09:56:07.0468 3396 ParVdm - ok
09:56:07.0484 3396 PCI - ok
09:56:07.0500 3396 PCIDump - ok
09:56:07.0500 3396 PCIIde - ok
09:56:07.0515 3396 Pcmcia - ok
09:56:07.0531 3396 pcouffin - ok
09:56:07.0546 3396 PDCOMP - ok
09:56:07.0562 3396 PDFRAME - ok
09:56:07.0578 3396 PDRELI - ok
09:56:07.0593 3396 PDRFRAME - ok
09:56:07.0593 3396 perc2 - ok
09:56:07.0609 3396 perc2hib - ok
09:56:07.0656 3396 PlugPlay - ok
09:56:07.0656 3396 PMBDeviceInfoProvider - ok
09:56:07.0671 3396 Pml Driver HPZ12 - ok
09:56:07.0687 3396 PolicyAgent - ok
09:56:07.0703 3396 PptpMiniport - ok
09:56:07.0718 3396 Processor - ok
09:56:07.0718 3396 ProtectedStorage - ok
09:56:07.0734 3396 PSched - ok
09:56:07.0750 3396 Ptilink - ok
09:56:07.0765 3396 pwd_2k - ok
09:56:07.0781 3396 PxHelp20 - ok
09:56:07.0796 3396 ql1080 - ok
09:56:07.0812 3396 Ql10wnt - ok
09:56:07.0812 3396 ql12160 - ok
09:56:07.0828 3396 ql1240 - ok
09:56:07.0843 3396 ql1280 - ok
09:56:07.0859 3396 RasAcd - ok
09:56:07.0875 3396 RasAuto - ok
09:56:07.0875 3396 Rasl2tp - ok
09:56:07.0890 3396 RasMan - ok
09:56:07.0906 3396 RasPppoe - ok
09:56:07.0921 3396 Raspti - ok
09:56:07.0937 3396 Rdbss - ok
09:56:07.0953 3396 RDPCDD - ok
09:56:07.0968 3396 rdpdr - ok
09:56:08.0000 3396 RDPWD - ok
09:56:08.0000 3396 RDSessMgr - ok
09:56:08.0015 3396 redbook - ok
09:56:08.0031 3396 RemoteAccess - ok
09:56:08.0046 3396 RemoteRegistry - ok
09:56:08.0062 3396 RpcLocator - ok
09:56:08.0078 3396 RpcSs - ok
09:56:08.0078 3396 RSVP - ok
09:56:08.0093 3396 SamSs - ok
09:56:08.0109 3396 SCardSvr - ok
09:56:08.0125 3396 Schedule - ok
09:56:08.0140 3396 Secdrv - ok
09:56:08.0156 3396 seclogon - ok
09:56:08.0171 3396 SENS - ok
09:56:08.0187 3396 serenum - ok
09:56:08.0187 3396 Serial - ok
09:56:08.0234 3396 Sfloppy - ok
09:56:08.0250 3396 SharedAccess - ok
09:56:08.0265 3396 ShellHWDetection - ok
09:56:08.0281 3396 Simbad - ok
09:56:08.0296 3396 sisagp - ok
09:56:08.0296 3396 SLIP - ok
09:56:08.0328 3396 smwdm - ok
09:56:08.0343 3396 Sparrow - ok
09:56:08.0359 3396 splitter - ok
09:56:08.0375 3396 Spooler - ok
09:56:08.0375 3396 sr - ok
09:56:08.0390 3396 srservice - ok
09:56:08.0406 3396 Srv - ok
09:56:08.0421 3396 SSDPSRV - ok
09:56:08.0437 3396 stisvc - ok
09:56:08.0437 3396 streamip - ok
09:56:08.0453 3396 swenum - ok
09:56:08.0468 3396 swmidi - ok
09:56:08.0468 3396 SwPrv - ok
09:56:08.0500 3396 symc810 - ok
09:56:08.0515 3396 symc8xx - ok
09:56:08.0515 3396 sym_hi - ok
09:56:08.0531 3396 sym_u3 - ok
09:56:08.0546 3396 sysaudio - ok
09:56:08.0562 3396 SysmonLog - ok
09:56:08.0578 3396 TapiSrv - ok
09:56:08.0593 3396 Tcpip - ok
09:56:08.0609 3396 Tcpip6 - ok
09:56:08.0625 3396 TDPIPE - ok
09:56:08.0625 3396 TDTCP - ok
09:56:08.0640 3396 TermDD - ok
09:56:08.0656 3396 TermService - ok
09:56:08.0671 3396 Themes - ok
09:56:08.0687 3396 TlntSvr - ok
09:56:08.0687 3396 TosIde - ok
09:56:08.0703 3396 TracSrvWrapper - ok
09:56:08.0718 3396 TrkWks - ok
09:56:08.0718 3396 truecrypt - ok
09:56:08.0750 3396 tunmp - ok
09:56:08.0765 3396 UdfReadr_xp - ok
09:56:08.0765 3396 Udfs - ok
09:56:08.0781 3396 ultra - ok
09:56:08.0796 3396 Update - ok
09:56:08.0812 3396 upnphost - ok
09:56:08.0828 3396 UPS - ok
09:56:08.0843 3396 USBAAPL - ok
09:56:08.0859 3396 usbccgp - ok
09:56:08.0875 3396 usbehci - ok
09:56:08.0875 3396 usbhub - ok
09:56:08.0890 3396 usbprint - ok
09:56:08.0906 3396 usbscan - ok
09:56:08.0921 3396 USBSTOR - ok
09:56:08.0937 3396 usbuhci - ok
09:56:08.0953 3396 VgaSave - ok
09:56:08.0953 3396 viaagp - ok
09:56:08.0968 3396 ViaIde - ok
09:56:08.0984 3396 vna_ap - ok
09:56:09.0000 3396 VolSnap - ok
09:56:09.0000 3396 vsdatant - ok
09:56:09.0015 3396 vsmon - ok
09:56:09.0031 3396 VSS - ok
09:56:09.0046 3396 w32time - ok
09:56:09.0078 3396 Wanarp - ok
09:56:09.0093 3396 WDICA - ok
09:56:09.0093 3396 wdmaud - ok
09:56:09.0109 3396 WebClient - ok
09:56:09.0140 3396 winmgmt - ok
09:56:09.0203 3396 WmdmPmSN - ok
09:56:09.0218 3396 Wmi - ok
09:56:09.0250 3396 WmiApSrv - ok
09:56:09.0265 3396 WMPNetworkSvc - ok
09:56:09.0265 3396 WPFFontCache_v0400 - ok
09:56:09.0343 3396 wscsvc - ok
09:56:09.0359 3396 WSTCODEC - ok
09:56:09.0375 3396 wuauserv - ok
09:56:09.0390 3396 WudfPf - ok
09:56:09.0406 3396 WudfRd - ok
09:56:09.0421 3396 WudfSvc - ok
09:56:09.0421 3396 WZCSVC - ok
09:56:09.0437 3396 xmlprov - ok
09:56:09.0484 3396 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
09:56:09.0515 3396 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
09:56:09.0546 3396 MBR (0x1B8) (ef2eec94b0e09a39d077d3e01a352d8f) \Device\Harddisk0\DR0
09:56:10.0078 3396 \Device\Harddisk0\DR0 - ok
09:56:10.0093 3396 Boot (0x1200) (cf03cf63873571b28db5bed637f3053c) \Device\Harddisk0\DR0\Partition0
09:56:10.0093 3396 \Device\Harddisk0\DR0\Partition0 - ok
09:56:10.0109 3396 ============================================================
09:56:10.0109 3396 Scan finished
09:56:10.0109 3396 ============================================================
09:56:10.0156 3784 Detected object count: 0
09:56:10.0156 3784 Actual detected object count: 0

Cheweybacca
2012-05-22, 13:38
Still waiting for malawarebytes scan to finish so i will post other observations.

When i went googled malawarebytes and clicked the site i got redirected a few times. I got in the 3rd time.

Also sometimes google searchs comes back with "unusual activity Captcha" to fill in :confused:

Malawarebytes scan still motoring along :rockon:

Cheweybacca
2012-05-22, 14:49
Malawarebytes scan has finished and doesnt appear to have picked up anything.


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.22.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
Gerry :: BRIDS_DELL [administrator]

22/05/2012 10:17:42
mbam-log-2012-05-22 (10-17-42).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 361800
Time elapsed: 2 hour(s), 29 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

shelf life
2012-05-23, 01:19
ok. Thats good news. Follow this (http://www.java.com/en/download/help/plugin_cache.xml) to clean out your java cache. Ive never used chrome so follow this (http://support.webstarts.com/2011/08/clearing-browser-cachetemporary-internet-files-in-chrome/) link to clear temp files unless you already know how to do it. Cruise around and see if any redirection happens.
You can also check out the free version of CCleaner (http://www.piriform.com/ccleaner) which will do this and more for you.

Cheweybacca
2012-05-23, 04:25
More feedback. I have has some broweser redirection since i posted the malawarebytes log.

I then followed your java and chrome cleardown steps. Also downloaded ccleaner latest version and ran that. Will monitor to see if these latest steps help. Do i need to do anything else ?

Cheers

shelf life
2012-05-23, 04:55
You can get another download to use, its called combofix. There is a guide to read first. Read through the guide then apply the directions on your own machine. Post the log. I wont be back online for 18 hrs or so.

Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Cheweybacca
2012-05-24, 20:56
I ran the combofix job. Log below. I disabled AVG for 15 min per instructions but combofix ran longer, thus avg windows appeared to allow or quarantine combofix files. I allowed both. Just thought i mention it. Here is mumbo jumbo log :D:
Thanks again Shelf



ComboFix 12-05-24.02 - Gerry 24/05/2012 18:13:12.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1474 [GMT 1:00]
Running from: c:\documents and settings\Gerry\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Endpoint Security Client Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DirectCDUserNameD.txt
c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
c:\documents and settings\Brid\WINDOWS
c:\documents and settings\Gerry\WINDOWS
c:\progra~1\TAXMAG~1\TAXMag~1.exe
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\SETC4.tmp
c:\windows\system32\SETC7.tmp
c:\windows\system32\SETD3.tmp
c:\windows\system32\SETE0.tmp
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))
.
.
2012-05-12 00:13 . 2012-05-12 00:13 -------- d-----w- c:\documents and settings\Gerry\Application Data\Auslogics
2012-05-12 00:13 . 2012-05-12 00:13 -------- d-----w- c:\program files\Auslogics
2012-05-09 18:28 . 2012-05-09 18:28 -------- d-----w- c:\program files\ERUNT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 07:51 . 2012-04-19 17:51 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-09 07:51 . 2011-05-29 22:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 03:50 . 2012-04-19 03:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-11 13:12 . 2002-08-29 04:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 1979-12-31 23:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 1979-12-31 23:00 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 14:56 . 2008-12-11 12:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 04:17 . 2011-02-10 06:54 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-06 18:43 . 2012-03-06 18:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-06 18:43 . 2010-04-25 22:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 01:25 . 2006-02-24 13:26 832512 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 01:25 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-03-01 01:25 . 2002-08-29 04:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 01:25 . 2002-08-29 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2012-02-29 14:10 . 2002-08-29 04:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-08-29 04:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2003-09-01 12:56 . 2003-09-01 12:56 235988 ----a-w- c:\program files\Logo - accounting1.exe
2003-08-29 21:06 . 2003-08-29 20:31 16251072 ----a-w- c:\program files\AdbeRdr60_enu_full.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Gerry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Gerry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Gerry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Gerry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2010-11-27 1496528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"Check Point Endpoint Tray Application"="c:\program files\Common Files\Check Point\UIFramework\cptray.exe" [2010-05-19 70144]
"Check Point Endpoint Connect"="c:\program files\Checkpoint\Endpoint Security\Endpoint Connect\TrGUI.exe" [2010-05-09 624136]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-04 296056]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Gerry\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Gerry\Application Data\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-5-18 1454143]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\TunnelServer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Gerry\\My Documents\\Downloads\\T-RSMXP\\RapidShare Manager for XP\\RapidShareManager.exe"=
"c:\\Documents and Settings\\Gerry\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Checkpoint\\Endpoint Security\\Endpoint Connect\\TracSrvWrapper.exe"=
"c:\\Program Files\\Checkpoint\\Endpoint Security\\Endpoint Connect\\TrGUI.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\SYSTEM32\DRIVERS\avgidshx.sys [19/04/2012 04:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [19/01/2011 04:32 31952]
R0 DiMaint;Eicon Maintenance Driver;c:\windows\SYSTEM32\DRIVERS\DISDN\dimaint.sys [04/12/2002 14:49 91408]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [07/01/2011 06:41 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [10/02/2011 07:54 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [30/04/2012 09:44 5106744]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 04:53 193288]
R2 DiCapi;Eicon CAPI 2.0 Driver;c:\windows\SYSTEM32\DRIVERS\DISDN\capi202k.sys [12/06/2001 14:27 181168]
R2 DiPort;Eicon Port Driver;c:\windows\SYSTEM32\DRIVERS\DISDN\diport40.sys [16/10/2002 15:32 206976]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [27/11/2010 01:55 398176]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\avgidsdriverx.sys [23/12/2011 13:32 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\avgidsfilterx.sys [23/12/2011 13:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\avgidsshimx.sys [23/12/2011 13:32 17232]
R3 DiWan;Eicon Driver for all Diva Client cards;c:\windows\SYSTEM32\DRIVERS\DISDN\Diwan.sys [03/10/2002 16:35 911920]
R3 vna_ap;Check Point Virtual Network Adapter - Apollo;c:\windows\SYSTEM32\DRIVERS\vnaap.sys [09/05/2010 20:11 129304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate1c9f4b5549515e;Google Update Service (gupdate1c9f4b5549515e);c:\program files\Google\Update\GoogleUpdate.exe [24/06/2009 11:17 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [19/04/2012 18:51 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [24/06/2009 11:17 133104]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [29/08/2002 05:00 14336]
S3 NuVision;Hauppauge WinTV USB Pro (PAL I,D/K);c:\windows\SYSTEM32\DRIVERS\NUVision.sys [13/02/2008 16:13 260144]
S3 pcouffin;VSO Software pcouffin;c:\windows\SYSTEM32\DRIVERS\pcouffin.sys [07/07/2007 12:17 47360]
S3 TracSrvWrapper;Check Point Endpoint Connect;c:\program files\Checkpoint\Endpoint Security\Endpoint Connect\TracSrvWrapper.exe [09/05/2010 20:11 3511824]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 BCSWAP;BCSWAP;c:\windows\SYSTEM32\DRIVERS\BCSwap.sys [25/01/2007 15:54 91496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 07:51]
.
2012-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2003-12-01 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2200 series5E771253C1676EBED677BF361FDFC537825E15B8062102495.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 10:17]
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 10:17]
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3836196526-914930832-50539439-1006Core.job
- c:\documents and settings\Brid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-19 23:26]
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3836196526-914930832-50539439-1006UA.job
- c:\documents and settings\Brid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-19 23:26]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3836196526-914930832-50539439-1007Core.job
- c:\documents and settings\Gerry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-24 10:08]
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3836196526-914930832-50539439-1007UA.job
- c:\documents and settings\Gerry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-24 10:08]
.
2012-05-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3836196526-914930832-50539439-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 16:14]
.
2012-05-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3836196526-914930832-50539439-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 16:14]
.
2012-04-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3836196526-914930832-50539439-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 16:14]
.
2012-05-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3836196526-914930832-50539439-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 16:14]
.
2003-08-06 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-07-29 08:04]
.
2012-05-24 c:\windows\Tasks\User_Feed_Synchronization-{F5622167-D928-44CB-8ABA-F40AB5B55F88}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
BHO-{7232f4e2-2037-4077-bc83-70aa43f09565} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-24 18:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
Completion time: 2012-05-24 18:35:24
ComboFix-quarantined-files.txt 2012-05-24 17:35
ComboFix2.txt 2008-12-17 02:49
.
Pre-Run: 9,015,369,728 bytes free
Post-Run: 9,426,395,136 bytes free
.
- - End Of File - - 4401D6D684F9FD7EB7CA8848F4026AA1

shelf life
2012-05-25, 23:50
Ok. And the browser redirection issue now?

Cheweybacca
2012-05-26, 18:45
Hi Shelf,

Unfortunately the redirection still remains and may have got worse.
I googled bbc sport and clicked the link to it.
I got redirected to Sites like worldpcgames, wall2go, wall2gosetup.exe got downloaded as well.

What next ?

Chewey

shelf life
2012-05-27, 22:29
Getting worse. Another download to get:

Please download aswmbr.exe (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.

Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply

Cheweybacca
2012-05-28, 23:02
Ok Shelf - It asked me did i want to download AVASTS latest virus definitions and to run avasts virus scanner. I said No as i already run AVG. I then did a scan which produced the following. Should i have said yes before running below ?

Here it is anyways and thanks again for your assistance


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-28 20:57:52
-----------------------------
20:57:52.218 OS Version: Windows 5.1.2600 Service Pack 3
20:57:52.218 Number of processors: 1 586 0x207
20:57:52.218 ComputerName: BRIDS_DELL UserName: Gerry
20:57:53.515 Initialize success
20:58:33.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:58:33.171 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 76293MB BusType: 3
20:58:33.203 Disk 0 MBR read successfully
20:58:33.203 Disk 0 MBR scan
20:58:33.203 Disk 0 unknown MBR code
20:58:33.203 Disk 0 Partition 1 00 DE Dell Utility 31 MB offset 63
20:58:33.218 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS 76253 MB offset 64260
20:58:33.218 Disk 0 scanning sectors +156232125
20:58:33.281 Disk 0 scanning C:\WINDOWS\system32\drivers
20:58:33.281 Service scanning
20:58:34.000 Service ACPI C:\WINDOWS\System32\DRIVERS\ACPI.sys **LOCKED** 32
20:59:20.531 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
20:59:23.453 Modules scanning
20:59:24.093 Disk 0 trace - called modules:
20:59:24.625 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x8a80f151]<<
20:59:24.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a9ddab8]
20:59:24.625 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aa59d98]
20:59:24.625 Scan finished successfully
20:59:41.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gerry\My Documents\Downloads\MBR.dat"
20:59:42.000 The log file has been saved successfully to "C:\Documents and Settings\Gerry\My Documents\Downloads\aswMBR.txt"

shelf life
2012-05-29, 02:37
You did the right thing. The downloads are for if you are running AVAST.

Try this with chrome; Export or backup your bookmarks. Then uninstall chrome via the add/remove programs panel. If asked if you want to remove settings and/or user data select yes. After the uninstall reboot machine then reinstall chrome and cruise around and see how it goes.

Cheweybacca
2012-05-29, 14:53
Ok i have done that and things seem to be stable while google searching within chrome. My mrs prefers Internet explorer so do i need to uninstall -reinstall IE as well ? I have done some google searchs within IE as well and all seems good.

I seem to remember the chrome desktop icon was renamed a while back. I thought nothing of it and renamed it back to chrome. In hindsight this was probably caused by the infection. Is it possible that i was running a rogue version of chrome all along and the reinstall restored the correct version ? The uninstall today didnt remove the desktop item as well.

Anyways so far so good but i'll keep monitoring.

Thanks again shelf.

shelf life
2012-05-29, 22:01
ok good. Keep cruising around and make sure all is good. No need to uninstall IE.
A rouge version of Chrome? Hard to say. You can delete that chrome.exe from your desktop.
This type of redirect can happen with IE and Firefox also, not sure of how the redirection actually works though without having any supportive malware on the machine itself. Totally removing then reinstalling the browser clears it up. Usually I expect to see more malware show up in logs with redirection going on.

Cheweybacca
2012-06-01, 15:33
Hi Shelf,
No joy I'm afraid. The redirect is still occurring :sad:
Chewey

shelf life
2012-06-02, 04:21
hi,

ok. We will get another download to use (Gmer) and also you can get a new copy of combofix since no doubt its been updated.

There is a short guide and links to the Gmer application here. (http://www.bleepingcomputer.com/forums/topic34773.html) Just move down until you see the Section about creating a gmer log. Read and follow the directions for running gmer and post the log.

Run gmer first. Next get combofix and temporarily disable any AV or real time protection that may be running and run combofix like you did before. The combofix link and guide is here. (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Cheweybacca
2012-06-06, 12:46
Hi Shelf,
GMER log is below and i have a combofix question. Do i have to uninstall combofix and reinstall it again or does combofix update itself when you install a new version ?
Cheers
Chewey

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-06 10:43:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC35L090AVV207-0 rev.V23OA66A
Running: wkke872i.exe; Driver: C:\DOCUME~1\Gerry\LOCALS~1\Temp\kgrcyuob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xADE5D940]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xADE57500]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xADE7B4C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xADE5E0D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xADE752D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xADE756E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xADE7E9C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xADE5E230]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xADE580C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xADE7C670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xADE7C200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xADE74420]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xADE7CDE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xADE7D000]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xAD9D4004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xAD9D40D4]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xADE57CB0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAD9D3D76]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xADE775A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xADE7E140]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xADE7D770]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xADE5D490]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xADE7DDF0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xADE5DBC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xADE584E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xADE7BC20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xADE76280]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAD9D3E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAD9D3EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAD9D3F56]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2770 12 Bytes [D0, E0, E5, AD, D0, 52, E7, ...] {SHL AL, 0x1; IN EAX, 0xad; RCL BYTE [EDX-0x19], 0x1; LODSD ; LOOPNZ 0x60; OUT 0xad, EAX}
.text ntoskrnl.exe!_abnormal_termination + 114 804E2780 4 Bytes [C0, E9, E7, AD] {SHR CL, 0xe7; LODSD }
.text atapi.sys F74A0852 1 Byte [CC] {INT 3 }
? dimaint.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 1C, 00] {SUB [EAX], AL; SBB AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 1C, 00] {SUB [EBX], AL; SBB AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 1C, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 1C, 00] {TEST AL, 0x1; SBB AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F21A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 1C, 00] {TEST AL, 0x2; SBB AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 1C, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 1C, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F28B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 1C, 00] {TEST AL, 0x0; SBB AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F3B9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 1C, 00] {SUB [ECX], AL; SBB AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 1C, 00] {SUB [EDX], AL; SBB AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 1C, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 31, 00] {SUB [EAX], AL; XOR [EAX], EAX}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 31, 00] {SUB [EBX], AL; XOR [EAX], EAX}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 31, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 31, 00] {TEST AL, 0x1; XOR [EAX], EAX}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91071A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 31, 00] {TEST AL, 0x2; XOR [EAX], EAX}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 31, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 31, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91078B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 31, 00] {TEST AL, 0x0; XOR [EAX], EAX}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9108B9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 31, 00] {SUB [ECX], AL; XOR [EAX], EAX}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 31, 00] {SUB [EDX], AL; XOR [EAX], EAX}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 31, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 34, 00] {SUB [EAX], AL; XOR AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 34, 00] {SUB [EBX], AL; XOR AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 34, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 34, 00] {TEST AL, 0x1; XOR AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B910A1A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 34, 00] {TEST AL, 0x2; XOR AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 34, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 34, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B910A8B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 34, 00] {TEST AL, 0x0; XOR AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910BB9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 34, 00] {SUB [ECX], AL; XOR AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 34, 00] {SUB [EDX], AL; XOR AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 34, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91141A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91148B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9115B9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\program files\real\realplayer\update\realsched.exe[3784] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Threads - GMER 1.0.15 ----

Thread System [4:132] 8A84939F
Thread System [4:516] 8A5BB0F4

---- EOF - GMER 1.0.15 ----

shelf life
2012-06-07, 02:20
Because its been awhile please post a new DDS log like you did at the start of the thread.

If you havent uninstalled combofix then it should prompt you to update once it starts up after clicking the icon. If you already uninstalled it then just download a new copy which will be the latest version.

Try running Gmer once more except this time temporarily disable AVG.
Also temporarily disable what I assume is a firewall from "Check Point Endpoint Security"? If that suite includes antivirus also then you should disable the AV portion as you already have AVG and only one is needed per machine.

So: new DDS log, disable AVG/CheckPoint and run Gmer. Once gmer is done and you have the log you can reboot to start up the AV and firewall. Last rerun Combofix. Three logs to post

Cheweybacca
2012-06-13, 21:01
Hi Shelf,
I'm back. Heres the DDS log again with the new attach.txt file (attach2.txt)
Rgds
Chewey


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by Gerry at 18:56:59 on 2012-06-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1298 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Endpoint Security Client Firewall *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Checkpoint\Endpoint Security\EapConnMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\program files\real\realplayer\Update\realsched.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ie/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [TrueCrypt] "c:\program files\truecrypt\TrueCrypt.exe" /q preferences /a logon
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\gerry\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Check Point Endpoint Tray Application] c:\program files\common files\check point\uiframework\cptray.exe
mRun: [Check Point Endpoint Connect] "c:\program files\checkpoint\endpoint security\endpoint connect\TrGUI.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\gerry\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\gerry\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\gerry\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Video Poker - hxxp://download2.games.yahoo.com/games/clients/y/vpt0_x.cab
DPF: Yahoo! Poker - hxxp://download.games.yahoo.com/games/clients/y/pt3_x.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} - hxxp://community.webshots.com/html/atx/wsaxcontrol.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://213.94.214.30/vdesk/terminal/f5tunsrv.cab#version=6031,2009,1204,1610
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://213.94.214.30/vdesk/terminal/InstallerControl.cab#version=6031,2009,1204,1613
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://213.94.214.30/vdesk/terminal/f5InspectionHost.cab#version=6031,2009,1204,1603
DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - hxxps://213.94.214.30/vdesk/terminal/urTermProxy.cab#version=6020,2008,0514,2337
DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} - hxxps://213.94.214.30/vdesk/terminal/msrdp.cab#version=5,2,3790,0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - hxxp://static.photobox.co.uk/sg/common/uploader_uni.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://213.94.214.30/vdesk/terminal/urxhost.cab#version=6031,2009,1204,1604
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - hxxps://213.94.214.30/policy/download_binary.php/win32/f5syschk.cab#Version=6031,2010,0125,2111
DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - hxxp://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
TCP: Interfaces\{92E1B20F-0BA1-4722-B920-4CE8C48534CD} : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 31952]
R0 DiMaint;Eicon Maintenance Driver;c:\windows\system32\drivers\disdn\dimaint.sys [2002-12-4 91408]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 301248]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-1-18 470920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 DiCapi;Eicon CAPI 2.0 Driver;c:\windows\system32\drivers\disdn\capi202k.sys [2001-6-12 181168]
R2 DiPort;Eicon Port Driver;c:\windows\system32\drivers\disdn\diport40.sys [2002-10-16 206976]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 DiWan;Eicon Driver for all Diva Client cards;c:\windows\system32\drivers\disdn\Diwan.sys [2002-10-3 911920]
R3 vna_ap;Check Point Virtual Network Adapter - Apollo;c:\windows\system32\drivers\vnaap.sys [2010-5-9 129304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9f4b5549515e;Google Update Service (gupdate1c9f4b5549515e);c:\program files\google\update\GoogleUpdate.exe [2009-6-24 133104]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-19 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-24 133104]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2002-8-29 14336]
S3 NuVision;Hauppauge WinTV USB Pro (PAL I,D/K);c:\windows\system32\drivers\NUVision.sys [2008-2-13 260144]
S3 TracSrvWrapper;Check Point Endpoint Connect;c:\program files\checkpoint\endpoint security\endpoint connect\TracSrvWrapper.exe [2010-5-9 3511824]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\BCSwap.sys [2007-1-25 91496]
.
=============== Created Last 30 ================
.
2012-06-13 08:57:45 -------- d-----w- c:\program files\common files\xing shared
2012-05-29 13:27:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-05-29 13:27:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-05-29 13:27:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-05-29 13:27:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-05-29 13:27:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-05-29 13:27:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-05-29 13:27:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-05-24 17:09:35 208896 ----a-w- c:\windows\MBR.exe
2012-05-24 17:09:32 256000 ----a-w- c:\windows\PEV.exe
.
==================== Find3M ====================
.
2012-06-13 08:56:25 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-13 08:56:25 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 15:39:54 832512 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 07:51:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-09 07:51:31 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 14:46:47 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-04-23 14:46:47 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-23 14:46:47 17408 ----a-w- c:\windows\system32\corpol.dll
2012-04-19 03:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-18 19:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 04:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2003-09-01 12:56:26 235988 ----a-w- c:\program files\Logo - accounting1.exe
2003-08-29 21:06:45 16251072 ----a-w- c:\program files\AdbeRdr60_enu_full.exe
.
============= FINISH: 18:58:06.20 ===============

Cheweybacca
2012-06-13, 21:13
AVG disabled and checkpoint disabled.

Here is the GMER log


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-13 19:11:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC35L090AVV207-0 rev.V23OA66A
Running: 0gq3njce.exe; Driver: C:\DOCUME~1\Gerry\LOCALS~1\Temp\kgrcyuob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xAAB6A940]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xAAB64500]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xAAB884C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xAAB6B0D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xAAB6B230]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xAAB650C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xAAB89670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xAAB89200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xAAB89DE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xAAB8A000]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xAA907004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xAA9070D4]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xAAB64CB0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAA906D76]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xAAB8B140]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xAAB8A770]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xAAB6A490]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xAAB8ADF0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xAAB654E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xAAB88C20]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAA906E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAA906EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAA906F56]

---- Kernel code sections - GMER 1.0.15 ----

.text atapi.sys F74A0852 1 Byte [CC] {INT 3 }
? dimaint.sys The system cannot find the file specified. !
? C:\DOCUME~1\Gerry\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F51A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F58B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F6B9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 30, 00] {SUB [EAX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 30, 00] {SUB [EBX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 30, 00] {TEST AL, 0x1; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91061A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 30, 00] {TEST AL, 0x2; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91068B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 30, 00] {TEST AL, 0x0; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9107B9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 30, 00] {SUB [ECX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 30, 00] {SUB [EDX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text c:\program files\real\realplayer\Update\realsched.exe[2188] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 30, 00] {SUB [EAX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 30, 00] {SUB [EBX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 30, 00] {TEST AL, 0x1; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91061A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 30, 00] {TEST AL, 0x2; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91068B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 30, 00] {TEST AL, 0x0; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9107B9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 30, 00] {SUB [ECX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 30, 00] {SUB [EDX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 30, 00] {SUB [EAX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 30, 00] {SUB [EBX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 30, 00] {TEST AL, 0x1; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91061A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 30, 00] {TEST AL, 0x2; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91068B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 30, 00] {TEST AL, 0x0; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9107B9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 30, 00] {SUB [ECX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 30, 00] {SUB [EDX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 2B, 00] {SUB [EAX], AL; SUB EAX, [EAX]}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 2B, 00] {SUB [EBX], AL; SUB EAX, [EAX]}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 2B, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 2B, 00] {TEST AL, 0x1; SUB EAX, [EAX]}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91011A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 2B, 00] {TEST AL, 0x2; SUB EAX, [EAX]}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 2B, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 2B, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91018B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 2B, 00] {TEST AL, 0x0; SUB EAX, [EAX]}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9102B9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 2B, 00] {SUB [ECX], AL; SUB EAX, [EAX]}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 2B, 00] {SUB [EDX], AL; SUB EAX, [EAX]}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 2B, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F31A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F38B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F4B9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Threads - GMER 1.0.15 ----

Thread System [4:132] 8A84939F
Thread System [4:136] 8A7010F4

---- EOF - GMER 1.0.15 ----

Cheweybacca
2012-06-13, 22:46
Finally the Combofix log - in 2 posts.

Upon completion i opened chrome and googled "spybot malware forum" to post the combofix log to this thread. The redirect happened for the first time today :rolleyes: Somedays the redirect is rare and sometimes all the time. Here is the log. Thanks again.

ComboFix 12-06-13.04 - Gerry 13/06/2012 19:28:02.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1494 [GMT 1:00]
Running from: c:\documents and settings\Gerry\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Endpoint Security Client Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-13 08:57 . 2012-06-13 08:57 -------- d-----w- c:\program files\Common Files\xing shared
2012-05-29 13:27 . 2012-05-29 13:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-05-29 13:27 . 2012-05-29 13:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-05-29 13:27 . 2012-05-29 13:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-05-29 13:27 . 2012-05-29 13:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-05-29 13:27 . 2012-05-29 13:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-05-29 13:27 . 2012-05-29 13:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-05-29 13:27 . 2012-05-29 13:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-05-29 13:27 . 2012-05-29 13:27 -------- d-----w- c:\program files\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 08:56 . 2011-12-04 15:16 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-13 08:56 . 2011-12-04 15:16 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-31 13:22 . 2003-03-20 15:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 15:39 . 2006-02-24 13:26 832512 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2002-08-29 04:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 07:51 . 2012-04-19 17:51 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-09 07:51 . 2011-05-29 22:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 13:12 . 1979-12-31 23:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 1979-12-31 23:00 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2002-08-29 04:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 14:46 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-04-23 14:46 . 2002-08-29 04:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-23 14:46 . 2002-08-29 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2012-04-19 03:50 . 2012-04-19 03:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 14:56 . 2008-12-11 12:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 04:17 . 2011-02-10 06:54 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2003-09-01 12:56 . 2003-09-01 12:56 235988 ----a-w- c:\program files\Logo - accounting1.exe
2003-08-29 21:06 . 2003-08-29 20:31 16251072 ----a-w- c:\program files\AdbeRdr60_enu_full.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-24_17.28.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-13 07:43 . 2012-06-13 07:43 16384 c:\windows\Temp\Perflib_Perfdata_104.dat
- 2002-08-29 04:00 . 2012-03-01 01:25 44544 c:\windows\SYSTEM32\pngfilt.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 44544 c:\windows\SYSTEM32\pngfilt.dll
+ 2002-09-03 12:51 . 2012-06-13 00:47 84494 c:\windows\SYSTEM32\PERFC009.DAT
- 2002-09-03 12:51 . 2012-05-09 18:06 84494 c:\windows\SYSTEM32\PERFC009.DAT
- 2006-11-07 21:03 . 2012-03-01 01:25 52224 c:\windows\SYSTEM32\msfeedsbs.dll
+ 2006-11-07 21:03 . 2012-04-23 14:46 52224 c:\windows\SYSTEM32\msfeedsbs.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 27648 c:\windows\SYSTEM32\jsproxy.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 27648 c:\windows\SYSTEM32\jsproxy.dll
+ 2006-11-07 03:26 . 2012-04-23 11:33 13824 c:\windows\SYSTEM32\ieudinit.exe
- 2006-11-07 03:26 . 2012-02-29 12:16 13824 c:\windows\SYSTEM32\ieudinit.exe
+ 2002-08-29 04:00 . 2012-04-23 14:46 44544 c:\windows\SYSTEM32\iernonce.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 44544 c:\windows\SYSTEM32\iernonce.dll
+ 2002-08-29 04:00 . 2012-04-23 11:33 70656 c:\windows\SYSTEM32\ie4uinit.exe
- 2002-08-29 04:00 . 2012-02-29 12:16 70656 c:\windows\SYSTEM32\ie4uinit.exe
+ 2006-10-17 11:58 . 2012-04-23 14:46 63488 c:\windows\SYSTEM32\icardie.dll
- 2006-10-17 11:58 . 2012-03-01 01:25 63488 c:\windows\SYSTEM32\icardie.dll
- 2006-05-10 05:23 . 2012-03-01 01:25 44544 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2006-05-10 05:23 . 2012-04-23 14:46 44544 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
- 2007-05-15 12:13 . 2012-03-01 01:25 52224 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2007-05-15 12:13 . 2012-04-23 14:46 52224 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2006-05-10 05:22 . 2012-03-01 01:25 27648 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2006-05-10 05:22 . 2012-04-23 14:46 27648 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2007-05-15 12:13 . 2012-04-23 11:33 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
- 2007-05-15 12:13 . 2012-02-29 12:16 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
- 2006-11-07 03:26 . 2012-03-01 01:25 44544 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
+ 2006-11-07 03:26 . 2012-04-23 14:46 44544 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
+ 2009-02-20 18:09 . 2012-04-23 14:46 78336 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
- 2009-02-20 18:09 . 2012-03-01 01:25 78336 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
- 2006-11-07 03:26 . 2012-02-29 12:16 70656 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2006-11-07 03:26 . 2012-04-23 11:33 70656 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2007-08-20 10:04 . 2012-04-23 14:46 63488 c:\windows\SYSTEM32\DLLCACHE\icardie.dll
- 2007-08-20 10:04 . 2012-03-01 01:25 63488 c:\windows\SYSTEM32\DLLCACHE\icardie.dll
- 2009-06-29 16:12 . 2012-03-01 01:25 17408 c:\windows\SYSTEM32\DLLCACHE\corpol.dll
+ 2009-06-29 16:12 . 2012-04-23 14:46 17408 c:\windows\SYSTEM32\DLLCACHE\corpol.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-13 08:57 . 2012-06-13 08:57 18944 c:\windows\Installer\433a37.msi
+ 2012-06-13 08:56 . 2012-06-13 08:56 92672 c:\windows\Installer\433a2b.msi
+ 2012-06-13 00:16 . 2012-03-01 01:25 44544 c:\windows\ie7updates\KB2699988-IE7\pngfilt.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 52224 c:\windows\ie7updates\KB2699988-IE7\msfeedsbs.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 27648 c:\windows\ie7updates\KB2699988-IE7\jsproxy.dll
+ 2012-06-13 00:16 . 2012-02-29 12:16 13824 c:\windows\ie7updates\KB2699988-IE7\ieudinit.exe
+ 2012-06-13 00:16 . 2012-03-01 01:25 44544 c:\windows\ie7updates\KB2699988-IE7\iernonce.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 78336 c:\windows\ie7updates\KB2699988-IE7\ieencode.dll
+ 2012-06-13 00:16 . 2012-02-29 12:16 70656 c:\windows\ie7updates\KB2699988-IE7\ie4uinit.exe
+ 2012-06-13 00:16 . 2012-03-01 01:25 63488 c:\windows\ie7updates\KB2699988-IE7\icardie.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 17408 c:\windows\ie7updates\KB2699988-IE7\corpol.dll
+ 2012-06-13 08:04 . 2012-06-13 08:04 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\3b25cac7d0e813760d06d71f4285a0aa\System.Web.DynamicData.Design.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3b34fc2c8c94ffe21f75168980b69dfe\System.Web.DynamicData.Design.ni.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-11-30 14:44 . 2012-05-24 16:50 4212 c:\windows\SYSTEM32\zllictbl.dat
+ 2010-11-30 14:44 . 2012-06-13 17:50 4212 c:\windows\SYSTEM32\zllictbl.dat
+ 2011-12-04 15:16 . 2012-06-13 08:56 5632 c:\windows\SYSTEM32\pndx5032.dll
- 2011-12-04 15:16 . 2011-12-04 15:16 5632 c:\windows\SYSTEM32\pndx5032.dll
- 2011-12-04 15:16 . 2011-12-04 15:16 6656 c:\windows\SYSTEM32\pndx5016.dll
+ 2011-12-04 15:16 . 2012-06-13 08:56 6656 c:\windows\SYSTEM32\pndx5016.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-09 18:05 . 2012-05-09 18:05 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-09 18:05 . 2012-05-09 18:05 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 233472 c:\windows\SYSTEM32\webcheck.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 233472 c:\windows\SYSTEM32\webcheck.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 106496 c:\windows\SYSTEM32\url.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 106496 c:\windows\SYSTEM32\url.dll
+ 2011-12-04 15:16 . 2012-06-13 08:57 198832 c:\windows\SYSTEM32\rmoc3260.dll
- 2011-12-04 15:16 . 2011-12-04 15:16 198832 c:\windows\SYSTEM32\rmoc3260.dll
+ 2008-02-14 10:37 . 2012-06-13 08:56 272896 c:\windows\SYSTEM32\pncrt.dll
- 2008-02-14 10:37 . 2011-12-04 15:16 272896 c:\windows\SYSTEM32\pncrt.dll
+ 2002-09-03 12:51 . 2012-06-13 00:47 493950 c:\windows\SYSTEM32\PERFH009.DAT
- 2002-09-03 12:51 . 2012-05-09 18:06 493950 c:\windows\SYSTEM32\PERFH009.DAT
- 2002-08-29 04:00 . 2012-03-01 01:25 102912 c:\windows\SYSTEM32\occache.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 102912 c:\windows\SYSTEM32\occache.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 671232 c:\windows\SYSTEM32\mstime.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 671232 c:\windows\SYSTEM32\mstime.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 193024 c:\windows\SYSTEM32\msrating.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 193024 c:\windows\SYSTEM32\msrating.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 479744 c:\windows\SYSTEM32\mshtmled.dll
+ 2006-11-07 21:03 . 2012-04-23 14:46 496128 c:\windows\SYSTEM32\msfeeds.dll
+ 2006-10-17 11:57 . 2012-04-23 14:46 268288 c:\windows\SYSTEM32\iertutil.dll
- 2006-10-17 11:57 . 2012-03-01 01:25 268288 c:\windows\SYSTEM32\iertutil.dll
- 2006-02-24 13:24 . 2012-03-01 01:25 192512 c:\windows\SYSTEM32\iepeers.dll
+ 2006-02-24 13:24 . 2012-04-23 14:46 192512 c:\windows\SYSTEM32\iepeers.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 384512 c:\windows\SYSTEM32\iedkcs32.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 384512 c:\windows\SYSTEM32\iedkcs32.dll
- 2006-10-17 11:27 . 2012-03-01 01:25 380928 c:\windows\SYSTEM32\ieapfltr.dll
+ 2006-10-17 11:27 . 2012-04-23 14:46 380928 c:\windows\SYSTEM32\ieapfltr.dll
- 2002-08-29 04:00 . 2012-02-29 10:59 161792 c:\windows\SYSTEM32\ieakui.dll
+ 2002-08-29 04:00 . 2012-04-22 06:39 161792 c:\windows\SYSTEM32\ieakui.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 230400 c:\windows\SYSTEM32\ieaksie.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 230400 c:\windows\SYSTEM32\ieaksie.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 153088 c:\windows\SYSTEM32\ieakeng.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 153088 c:\windows\SYSTEM32\ieakeng.dll
+ 2002-09-03 12:42 . 2012-06-13 07:43 265416 c:\windows\SYSTEM32\FNTCACHE.DAT
- 2002-09-03 12:42 . 2012-05-09 18:48 265416 c:\windows\SYSTEM32\FNTCACHE.DAT
- 2004-08-04 07:56 . 2012-03-01 01:25 133120 c:\windows\SYSTEM32\extmgr.dll
+ 2004-08-04 07:56 . 2012-04-23 14:46 133120 c:\windows\SYSTEM32\extmgr.dll
+ 2006-02-24 13:24 . 2012-04-23 14:46 214528 c:\windows\SYSTEM32\dxtrans.dll
- 2006-02-24 13:24 . 2012-03-01 01:25 214528 c:\windows\SYSTEM32\dxtrans.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 347136 c:\windows\SYSTEM32\dxtmsft.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 347136 c:\windows\SYSTEM32\dxtmsft.dll
- 2006-05-10 05:23 . 2012-03-01 01:25 832512 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2006-05-10 05:23 . 2012-05-15 15:39 832512 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
- 2006-11-07 21:03 . 2012-03-01 01:25 233472 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
+ 2006-11-07 21:03 . 2012-04-23 14:46 233472 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
+ 2006-10-17 12:05 . 2012-04-23 14:46 106496 c:\windows\SYSTEM32\DLLCACHE\url.dll
- 2006-10-17 12:05 . 2012-03-01 01:25 106496 c:\windows\SYSTEM32\DLLCACHE\url.dll
+ 2011-08-10 18:05 . 2012-05-02 13:46 139656 c:\windows\SYSTEM32\DLLCACHE\rdpwd.sys
- 2006-10-17 12:04 . 2012-03-01 01:25 102912 c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2006-10-17 12:04 . 2012-04-23 14:46 102912 c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2006-05-10 05:23 . 2012-04-23 14:46 671232 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
- 2006-05-10 05:23 . 2012-03-01 01:25 671232 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
- 2006-05-10 05:23 . 2012-03-01 01:25 193024 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
+ 2006-05-10 05:23 . 2012-04-23 14:46 193024 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
+ 2006-05-10 05:23 . 2012-04-23 14:46 479744 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2007-05-15 12:13 . 2012-04-23 14:46 496128 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2006-10-17 12:04 . 2012-04-22 06:40 634488 c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
+ 2007-05-15 12:13 . 2012-04-23 14:46 268288 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
- 2007-05-15 12:13 . 2012-03-01 01:25 268288 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
- 2006-05-10 05:22 . 2012-03-01 01:25 192512 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
+ 2006-05-10 05:22 . 2012-04-23 14:46 192512 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
- 2006-11-07 03:27 . 2012-03-01 01:25 384512 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2006-11-07 03:27 . 2012-04-23 14:46 384512 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2007-05-15 12:13 . 2012-04-23 14:46 380928 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2007-05-15 12:13 . 2012-03-01 01:25 380928 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2006-11-07 03:25 . 2012-02-29 10:59 161792 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
+ 2006-11-07 03:25 . 2012-04-22 06:39 161792 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
+ 2006-11-07 03:27 . 2012-04-23 14:46 230400 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
- 2006-11-07 03:27 . 2012-03-01 01:25 230400 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2006-11-07 03:26 . 2012-04-23 14:46 153088 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
- 2006-11-07 03:26 . 2012-03-01 01:25 153088 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
- 2006-05-10 05:22 . 2012-03-01 01:25 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2006-05-10 05:22 . 2012-04-23 14:46 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2006-05-10 05:22 . 2012-04-23 14:46 214528 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
- 2006-05-10 05:22 . 2012-03-01 01:25 214528 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2006-05-10 05:22 . 2012-04-23 14:46 347136 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2006-05-10 05:22 . 2012-03-01 01:25 347136 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2011-09-03 10:17 . 2011-09-28 07:06 599040 c:\windows\SYSTEM32\DLLCACHE\crypt32.dll
+ 2011-09-03 10:17 . 2012-05-31 13:22 599040 c:\windows\SYSTEM32\DLLCACHE\crypt32.dll
- 2006-11-07 03:26 . 2012-03-01 01:25 124928 c:\windows\SYSTEM32\DLLCACHE\advpack.dll
+ 2006-11-07 03:26 . 2012-04-23 14:46 124928 c:\windows\SYSTEM32\DLLCACHE\advpack.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 124928 c:\windows\SYSTEM32\advpack.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 124928 c:\windows\SYSTEM32\advpack.dll
+ 2012-04-21 10:03 . 2012-04-21 10:03 616024 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
- 2012-01-31 02:38 . 2012-01-31 02:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-04-21 06:15 . 2012-04-21 06:15 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 616024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-04-21 20:55 . 2012-04-21 20:55 980480 c:\windows\Installer\caa155.msp
+ 2012-05-29 13:30 . 2012-05-29 13:30 897024 c:\windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
+ 2012-06-13 00:16 . 2012-03-01 01:25 832512 c:\windows\ie7updates\KB2699988-IE7\wininet.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 233472 c:\windows\ie7updates\KB2699988-IE7\webcheck.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 106496 c:\windows\ie7updates\KB2699988-IE7\url.dll
+ 2012-06-13 00:16 . 2012-03-08 15:40 382840 c:\windows\ie7updates\KB2699988-IE7\spuninst\updspapi.dll
+ 2012-06-13 00:16 . 2012-03-08 15:40 231288 c:\windows\ie7updates\KB2699988-IE7\spuninst\spuninst.exe
+ 2012-06-13 00:16 . 2012-03-01 01:25 102912 c:\windows\ie7updates\KB2699988-IE7\occache.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 671232 c:\windows\ie7updates\KB2699988-IE7\mstime.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 193024 c:\windows\ie7updates\KB2699988-IE7\msrating.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 478720 c:\windows\ie7updates\KB2699988-IE7\mshtmled.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 468480 c:\windows\ie7updates\KB2699988-IE7\msfeeds.dll
+ 2012-06-13 00:16 . 2012-02-29 11:01 634680 c:\windows\ie7updates\KB2699988-IE7\iexplore.exe
+ 2012-06-13 00:16 . 2012-03-01 01:25 268288 c:\windows\ie7updates\KB2699988-IE7\iertutil.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 192512 c:\windows\ie7updates\KB2699988-IE7\iepeers.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 384512 c:\windows\ie7updates\KB2699988-IE7\iedkcs32.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 380928 c:\windows\ie7updates\KB2699988-IE7\ieapfltr.dll
+ 2012-06-13 00:16 . 2012-02-29 10:59 161792 c:\windows\ie7updates\KB2699988-IE7\ieakui.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 230400 c:\windows\ie7updates\KB2699988-IE7\ieaksie.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 153088 c:\windows\ie7updates\KB2699988-IE7\ieakeng.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 133120 c:\windows\ie7updates\KB2699988-IE7\extmgr.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 214528 c:\windows\ie7updates\KB2699988-IE7\dxtrans.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 347136 c:\windows\ie7updates\KB2699988-IE7\dxtmsft.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 124928 c:\windows\ie7updates\KB2699988-IE7\advpack.dll
+ 2012-05-29 09:15 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\29-05-2012\ERDNT.EXE
+ 2012-05-28 19:36 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\28-05-2012\ERDNT.EXE
+ 2012-05-26 15:37 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\26-05-2012\ERDNT.EXE
+ 2012-06-13 07:50 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\13-06-2012\ERDNT.EXE
+ 2012-06-11 08:56 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\11-06-2012\ERDNT.EXE
+ 2012-06-06 07:49 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\06-06-2012\ERDNT.EXE
+ 2012-06-01 19:41 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\01-06-2012\ERDNT.EXE
+ 2012-06-13 08:04 . 2012-06-13 08:04 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\a64f6c2fbfed13a2bff7a4d5d00f700b\WindowsFormsIntegration.ni.dll
+ 2012-06-13 08:04 . 2012-06-13 08:04 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\29d24fe44bdfa436ea463565028dc849\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-06-13 08:04 . 2012-06-13 08:04 864256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\6adec34334da9c0762fe2e69f398b0df\System.Web.Extensions.Design.ni.dll
+ 2012-06-13 08:03 . 2012-06-13 08:03 334848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\2559ef16c23dd644f60fa31f11521aaa\System.Web.Entity.ni.dll
+ 2012-06-13 08:04 . 2012-06-13 08:04 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\5979cc4d4fe53dbf0919ea82370fe261\System.Web.Entity.Design.ni.dll
+ 2012-06-13 08:03 . 2012-06-13 08:03 708096 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\c6737478e64d305aa13ed952ac69543b\System.Web.DynamicData.ni.dll
+ 2012-06-13 08:03 . 2012-06-13 08:03 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\19e49ece4814c78f87a6a4c1bbf58bd1\System.Web.DataVisualization.Design.ni.dll
+ 2012-06-13 08:02 . 2012-06-13 08:02 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9f4f7e7199d4544f6621af546956e84d\System.ServiceProcess.ni.dll
+ 2012-06-13 08:03 . 2012-06-13 08:03 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\6816b81bbf5b0e4d948c7014270024e9\System.Messaging.ni.dll
+ 2012-06-13 00:42 . 2012-06-13 00:42 226304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\a9f00d46a2dce4447842d16ad10ffce4\System.Drawing.Design.ni.dll
+ 2012-06-13 08:02 . 2012-06-13 08:02 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\844034ad233269c619264768179c154d\System.Configuration.Install.ni.dll
+ 2012-06-13 08:02 . 2012-06-13 08:02 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\97e8e2e7a40521fc633bc6bba9cb5e6c\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-13 08:01 . 2012-06-13 08:01 852480 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\e8c8237c151f1c70994764b1df772bbc\AspNetMMCExt.ni.dll
+ 2012-06-13 07:51 . 2012-06-13 07:51 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\86e11a59f02b2dda27ec2e7cba351744\WindowsFormsIntegration.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\698c2093d7ac57af935b399d1c0b1790\System.Web.Routing.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\75248baf640115daeb0e580f1c5ff98b\System.Web.Extensions.Design.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\40c3b61ac38613e2b4b0f196e86185eb\System.Web.Entity.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\39cc9a830f7f08fd9f397be452fd78b0\System.Web.Entity.Design.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\88b1fd4792e7b698b788594d8e5e3c09\System.Web.DynamicData.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6333d22a2ea347432d46c40d93194c68\System.Web.Abstractions.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
+ 2012-06-13 07:49 . 2012-06-13 07:49 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\96a3fc1f74a00b618b70bd1701600408\System.Drawing.Design.ni.dll
+ 2012-06-13 00:30 . 2012-06-13 00:30 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll

Cheweybacca
2012-06-13, 22:47
+ 2012-06-13 07:58 . 2012-06-13 07:58 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c0045c1c7c29c7e7cc7bd60001b729a7\AspNetMMCExt.ni.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-09 18:06 . 2012-05-09 18:06 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-09 18:06 . 2012-05-09 18:06 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-09 18:06 . 2012-05-09 18:06 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-09 18:06 . 2012-05-09 18:06 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2006-03-02 14:57 . 2012-03-01 01:25 1168896 c:\windows\SYSTEM32\urlmon.dll
+ 2006-03-02 14:57 . 2012-04-23 14:46 1168896 c:\windows\SYSTEM32\urlmon.dll
+ 2006-03-22 16:35 . 2012-04-23 14:46 3618816 c:\windows\SYSTEM32\mshtml.dll
+ 2006-11-07 21:03 . 2012-04-23 14:46 6105088 c:\windows\SYSTEM32\ieframe.dll
+ 2008-10-15 00:08 . 2012-05-15 13:20 1863168 c:\windows\SYSTEM32\DLLCACHE\win32k.sys
- 2006-05-10 05:23 . 2012-03-01 01:25 1168896 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2006-05-10 05:23 . 2012-04-23 14:46 1168896 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-10-15 00:08 . 2012-05-04 13:12 2192640 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
- 2008-10-15 00:08 . 2012-04-11 13:10 2192640 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
- 2008-10-15 00:08 . 2012-04-11 12:35 2026496 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
+ 2008-10-15 00:08 . 2012-05-04 12:32 2026496 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
- 2008-10-15 00:08 . 2012-04-11 12:35 2069120 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
+ 2008-10-15 00:08 . 2012-05-04 12:32 2069120 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
+ 2008-10-15 00:08 . 2012-05-04 13:16 2148352 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
- 2008-10-15 00:08 . 2012-04-11 13:14 2148352 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
+ 2006-05-19 15:08 . 2012-04-23 14:46 3618816 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
+ 2007-05-15 12:13 . 2012-04-23 14:46 6105088 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
+ 2012-03-15 12:17 . 2012-03-15 12:17 5029672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2012-03-20 04:23 . 2012-03-20 04:23 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2011-12-25 02:50 . 2011-12-25 02:50 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-03-20 04:23 . 2012-03-20 04:23 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2008-07-25 10:17 . 2008-07-25 10:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 5029672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-05-29 13:30 . 2012-05-29 13:30 3666432 c:\windows\Installer\ea72fe.msi
+ 2012-05-29 13:27 . 2012-05-29 13:27 9474048 c:\windows\Installer\ea72d8.msi
+ 2012-03-15 12:43 . 2012-03-15 12:43 4216320 c:\windows\Installer\caa14f.msp
+ 2012-04-22 21:37 . 2012-04-22 21:37 1182720 c:\windows\Installer\b0e7c5.msp
+ 2012-03-20 22:57 . 2012-03-20 22:57 6188544 c:\windows\Installer\b0e7be.msp
+ 2012-06-05 21:04 . 2012-06-05 21:04 2208768 c:\windows\Installer\548be.msi
+ 2012-05-29 08:59 . 2012-05-29 08:59 5161984 c:\windows\Installer\2e1c9ae.msi
+ 2012-06-13 00:16 . 2012-03-01 01:25 1168896 c:\windows\ie7updates\KB2699988-IE7\urlmon.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 3616768 c:\windows\ie7updates\KB2699988-IE7\mshtml.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 6076928 c:\windows\ie7updates\KB2699988-IE7\ieframe.dll
+ 2012-05-29 09:15 . 2012-05-29 09:15 4861952 c:\windows\ERDNT\AutoBackup\29-05-2012\Users\00000002\UsrClass.dat
+ 2012-05-28 19:36 . 2012-05-28 19:36 4861952 c:\windows\ERDNT\AutoBackup\28-05-2012\Users\00000002\UsrClass.dat
+ 2012-05-26 15:37 . 2012-05-26 15:37 4861952 c:\windows\ERDNT\AutoBackup\26-05-2012\Users\00000002\UsrClass.dat
+ 2012-06-13 07:50 . 2012-06-13 07:50 4861952 c:\windows\ERDNT\AutoBackup\13-06-2012\Users\00000002\UsrClass.dat
+ 2012-06-11 08:56 . 2012-06-11 08:56 4861952 c:\windows\ERDNT\AutoBackup\11-06-2012\Users\00000002\UsrClass.dat
+ 2012-06-06 07:49 . 2012-06-06 07:49 4861952 c:\windows\ERDNT\AutoBackup\06-06-2012\Users\00000002\UsrClass.dat
+ 2012-06-01 19:41 . 2012-06-01 19:41 4861952 c:\windows\ERDNT\AutoBackup\01-06-2012\Users\00000002\UsrClass.dat
- 2008-10-15 00:08 . 2012-04-11 13:10 2192640 c:\windows\Driver Cache\I386\ntoskrnl.exe
+ 2008-10-15 00:08 . 2012-05-04 13:12 2192640 c:\windows\Driver Cache\I386\ntoskrnl.exe
+ 2008-10-15 00:08 . 2012-05-04 12:32 2026496 c:\windows\Driver Cache\I386\ntkrpamp.exe
- 2008-10-15 00:08 . 2012-04-11 12:35 2026496 c:\windows\Driver Cache\I386\ntkrpamp.exe
- 2008-10-15 00:08 . 2012-04-11 12:35 2069120 c:\windows\Driver Cache\I386\ntkrnlpa.exe
+ 2008-10-15 00:08 . 2012-05-04 12:32 2069120 c:\windows\Driver Cache\I386\ntkrnlpa.exe
+ 2008-10-15 00:08 . 2012-05-04 13:16 2148352 c:\windows\Driver Cache\I386\ntkrnlmp.exe
- 2008-10-15 00:08 . 2012-04-11 13:14 2148352 c:\windows\Driver Cache\I386\ntkrnlmp.exe
+ 2012-06-13 00:22 . 2012-06-13 00:22 3856896 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\874de73de0aefaefe4d1226396d1b0c3\WindowsBase.ni.dll
+ 2012-06-13 08:04 . 2012-06-13 08:04 1211904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\eed3da66d4b3306d756d3115df0f6bb1\System.WorkflowServices.ni.dll
+ 2012-06-13 08:04 . 2012-06-13 08:04 4475904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\5acb45c358bf02fb59410bb895c9ec48\System.Workflow.ComponentModel.ni.dll
+ 2012-06-13 08:04 . 2012-06-13 08:04 2872320 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\868856b522838fbf26dbe8cb705031b4\System.Workflow.Activities.ni.dll
+ 2012-06-13 08:04 . 2012-06-13 08:04 4586496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\e4e27bb9487647504e4b9f5ed0711be6\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-13 08:04 . 2012-06-13 08:04 2334720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\f9f93f4c8b467bafeb32a325cfde622c\System.Web.Mobile.ni.dll
+ 2012-06-13 08:03 . 2012-06-13 08:03 3123200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\5a5c95719bc244782badb71e93920dba\System.Web.Extensions.ni.dll
+ 2012-06-13 08:03 . 2012-06-13 08:03 4574720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\8d031a0cbe9ee927b5d99f0932065f0e\System.Web.DataVisualization.ni.dll
+ 2012-06-13 08:02 . 2012-06-13 08:02 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\8a66373a8576ba2937d601e9ac2163ba\System.Printing.ni.dll
+ 2012-06-13 00:23 . 2012-06-13 00:23 1666048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3d0c73f63305fa092666e6488634d025\System.Drawing.ni.dll
+ 2012-06-13 08:02 . 2012-06-13 08:02 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\28a82e1ecfa3a9fcb0b9e2f0599672ff\System.Deployment.ni.dll
+ 2012-06-13 08:03 . 2012-06-13 08:03 3755008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\2514311fe2bd97e63d383a1aa7481290\System.Activities.Presentation.ni.dll
+ 2012-06-13 08:03 . 2012-06-13 08:03 2904576 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\86bfef5128f2b3cce7b7d8eabde5d99a\ReachFramework.ni.dll
+ 2012-06-13 08:02 . 2012-06-13 08:02 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\cf5e39885f6ccd91fa9a178379403ae3\PresentationUI.ni.dll
+ 2012-06-13 08:02 . 2012-06-13 08:02 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\f69a4dd37c018ac04d1317d6726ead72\Microsoft.VisualBasic.ni.dll
+ 2012-06-13 08:02 . 2012-06-13 08:02 1136640 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\b40cf522500114046a9d1bc17d3e512d\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-13 08:02 . 2012-06-13 08:02 2868736 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\3d7b46a4d8d43b3486e4322ccfb0820a\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-06-13 00:39 . 2012-06-13 00:40 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP309.tmp\System.Web.Extensions.dll
+ 2012-06-13 08:01 . 2012-06-13 08:01 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bd5bd406670d483b82bd51249eee59e3\System.WorkflowServices.ni.dll
+ 2012-06-13 08:01 . 2012-06-13 08:01 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\77361ebe9ad8ff77cc9a8d7f8363eb05\System.Workflow.Runtime.ni.dll
+ 2012-06-13 08:01 . 2012-06-13 08:01 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1c12dfa7826b331b243b7b45daf9904d\System.Workflow.ComponentModel.ni.dll
+ 2012-06-13 08:01 . 2012-06-13 08:01 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\514bf0e69e2c9fc8509cd23236057356\System.Workflow.Activities.ni.dll
+ 2012-06-13 08:01 . 2012-06-13 08:01 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll
+ 2012-06-13 08:01 . 2012-06-13 08:01 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\77f8cde07b131839f1841be702837e8e\System.Web.Mobile.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\242b168aaca18197eca371ec269e23ac\System.Web.Extensions.ni.dll
+ 2012-06-13 07:49 . 2012-06-13 07:49 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d380f1813e27c2a086e62f0218669d67\System.Printing.ni.dll
+ 2012-06-13 07:49 . 2012-06-13 07:49 1592320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7a53d68ad544f8e9edfdbd5a90a48fd3\System.Deployment.ni.dll
+ 2012-06-13 07:49 . 2012-06-13 07:49 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\443dd7f0b84c3de54b1a72be655e307c\ReachFramework.ni.dll
+ 2012-06-13 07:48 . 2012-06-13 07:48 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\48ddcafff1a5603fb3289e90330275c0\PresentationUI.ni.dll
+ 2012-06-13 07:59 . 2012-06-13 07:59 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
+ 2012-06-13 07:59 . 2012-06-13 07:59 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\4e463dcf2a03c71913a61b44c32e2389\Microsoft.Build.Tasks.ni.dll
+ 2012-06-13 07:59 . 2012-06-13 07:59 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\395b4a85c7941ac4dd9d1c6f5eb444c7\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-05-09 18:06 . 2012-05-09 18:06 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-09 18:06 . 2012-05-09 18:06 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-12-11 17:28 . 2012-06-13 00:25 56731752 c:\windows\SYSTEM32\MRT.exe
+ 2012-05-29 09:15 . 2012-05-29 09:15 19312640 c:\windows\ERDNT\AutoBackup\29-05-2012\Users\00000001\ntuser.dat
+ 2012-05-28 19:36 . 2012-05-28 19:36 19312640 c:\windows\ERDNT\AutoBackup\28-05-2012\Users\00000001\ntuser.dat
+ 2012-05-26 15:37 . 2012-05-26 15:37 19312640 c:\windows\ERDNT\AutoBackup\26-05-2012\Users\00000001\ntuser.dat
+ 2012-06-13 07:50 . 2012-06-13 07:50 19312640 c:\windows\ERDNT\AutoBackup\13-06-2012\Users\00000001\ntuser.dat
+ 2012-06-11 08:56 . 2012-06-11 08:56 19312640 c:\windows\ERDNT\AutoBackup\11-06-2012\Users\00000001\ntuser.dat
+ 2012-06-06 07:48 . 2012-06-06 07:49 19312640 c:\windows\ERDNT\AutoBackup\06-06-2012\Users\00000001\ntuser.dat
+ 2012-06-01 19:41 . 2012-06-01 19:41 19312640 c:\windows\ERDNT\AutoBackup\01-06-2012\Users\00000001\ntuser.dat
+ 2012-06-13 00:42 . 2012-06-13 00:42 13197824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\31649acbb300c306f8359f26e94572a9\System.Windows.Forms.ni.dll
+ 2012-06-13 08:02 . 2012-06-13 08:02 12076544 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\ecb254465d18012f0f80e56f3b6f70ab\System.Web.ni.dll
+ 2012-06-13 00:42 . 2012-06-13 00:42 11002880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\6caaae10f534d7fa6a2c14689a0bdb6f\System.Design.ni.dll
+ 2012-06-13 00:23 . 2012-06-13 00:23 17998848 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\2be5c267837bce48c2588db1cb45a218\PresentationFramework.ni.dll
+ 2012-06-13 00:22 . 2012-06-13 00:22 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2dc4170e59c6defec194ce1d3b7e9b6e\PresentationCore.ni.dll
+ 2012-06-13 07:49 . 2012-06-13 07:50 12433920 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
+ 2012-06-13 07:49 . 2012-06-13 07:49 10682368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f73a8455f384e90f6925309336fece24\System.Design.ni.dll
+ 2012-06-13 07:48 . 2012-06-13 07:48 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Gerry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Gerry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Gerry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Gerry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2010-11-27 1496528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"Check Point Endpoint Tray Application"="c:\program files\Common Files\Check Point\UIFramework\cptray.exe" [2010-05-19 70144]
"Check Point Endpoint Connect"="c:\program files\Checkpoint\Endpoint Security\Endpoint Connect\TrGUI.exe" [2010-05-09 624136]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-13 296056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Gerry\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Gerry\Application Data\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-5-18 1454143]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\TunnelServer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Gerry\\My Documents\\Downloads\\T-RSMXP\\RapidShare Manager for XP\\RapidShareManager.exe"=
"c:\\Documents and Settings\\Gerry\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Checkpoint\\Endpoint Security\\Endpoint Connect\\TracSrvWrapper.exe"=
"c:\\Program Files\\Checkpoint\\Endpoint Security\\Endpoint Connect\\TrGUI.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\SYSTEM32\DRIVERS\avgidshx.sys [19/04/2012 04:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [19/01/2011 04:32 31952]
R0 DiMaint;Eicon Maintenance Driver;c:\windows\SYSTEM32\DRIVERS\DISDN\dimaint.sys [04/12/2002 14:49 91408]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [07/01/2011 06:41 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [10/02/2011 07:54 301248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 04:53 193288]
R2 DiCapi;Eicon CAPI 2.0 Driver;c:\windows\SYSTEM32\DRIVERS\DISDN\capi202k.sys [12/06/2001 14:27 181168]
R2 DiPort;Eicon Port Driver;c:\windows\SYSTEM32\DRIVERS\DISDN\diport40.sys [16/10/2002 15:32 206976]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [27/11/2010 01:55 398176]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\avgidsdriverx.sys [23/12/2011 13:32 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\avgidsfilterx.sys [23/12/2011 13:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\avgidsshimx.sys [23/12/2011 13:32 17232]
R3 DiWan;Eicon Driver for all Diva Client cards;c:\windows\SYSTEM32\DRIVERS\DISDN\Diwan.sys [03/10/2002 16:35 911920]
R3 vna_ap;Check Point Virtual Network Adapter - Apollo;c:\windows\SYSTEM32\DRIVERS\vnaap.sys [09/05/2010 20:11 129304]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [30/04/2012 09:44 5106744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate1c9f4b5549515e;Google Update Service (gupdate1c9f4b5549515e);c:\program files\Google\Update\GoogleUpdate.exe [24/06/2009 11:17 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [19/04/2012 18:51 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [24/06/2009 11:17 133104]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [29/08/2002 05:00 14336]
S3 NuVision;Hauppauge WinTV USB Pro (PAL I,D/K);c:\windows\SYSTEM32\DRIVERS\NUVision.sys [13/02/2008 16:13 260144]
S3 pcouffin;VSO Software pcouffin;c:\windows\SYSTEM32\DRIVERS\pcouffin.sys [07/07/2007 12:17 47360]
S3 TracSrvWrapper;Check Point Endpoint Connect;c:\program files\Checkpoint\Endpoint Security\Endpoint Connect\TracSrvWrapper.exe [09/05/2010 20:11 3511824]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 BCSWAP;BCSWAP;c:\windows\SYSTEM32\DRIVERS\BCSwap.sys [25/01/2007 15:54 91496]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - kgrcyuob
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 07:51]
.
2012-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2003-12-01 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2200 series5E771253C1676EBED677BF361FDFC537825E15B8062102495.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 10:17]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 10:17]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3836196526-914930832-50539439-1006Core.job
- c:\documents and settings\Brid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-19 23:26]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3836196526-914930832-50539439-1006UA.job
- c:\documents and settings\Brid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-19 23:26]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3836196526-914930832-50539439-1007Core.job
- c:\documents and settings\Gerry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-29 09:24]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3836196526-914930832-50539439-1007UA.job
- c:\documents and settings\Gerry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-29 09:24]
.
2012-06-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3836196526-914930832-50539439-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21]
.
2012-06-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3836196526-914930832-50539439-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21]
.
2012-04-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3836196526-914930832-50539439-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21]
.
2012-06-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3836196526-914930832-50539439-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21]
.
2003-08-06 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-07-29 08:04]
.
2012-06-12 c:\windows\Tasks\User_Feed_Synchronization-{F5622167-D928-44CB-8ABA-F40AB5B55F88}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-13 19:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1488)
c:\windows\system32\WININET.dll
c:\documents and settings\Gerry\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-06-13 19:43:09
ComboFix-quarantined-files.txt 2012-06-13 18:42
ComboFix2.txt 2012-05-24 17:35
ComboFix3.txt 2008-12-17 02:49
.
Pre-Run: 3,539,197,952 bytes free
Post-Run: 3,834,159,104 bytes free
.
- - End Of File - - C39B1C57874E4D4BB58F566385763E6F

shelf life
2012-06-14, 03:46
Not really seeing anything in the logs that would provide a hint as far as malware goes. I know you ran tdsskiller already but go ahead and run it again, no doubt its been updated and it will prompt you to download and run the new version.

Cheweybacca
2012-06-16, 01:20
Heres the TDSS log. There was an update too.

23:17:34.0218 1296 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
23:17:34.0484 1296 ============================================================
23:17:34.0484 1296 Current date / time: 2012/06/15 23:17:34.0484
23:17:34.0484 1296 SystemInfo:
23:17:34.0484 1296
23:17:34.0484 1296 OS Version: 5.1.2600 ServicePack: 3.0
23:17:34.0484 1296 Product type: Workstation
23:17:34.0484 1296 ComputerName: BRIDS_DELL
23:17:34.0484 1296 UserName: Gerry
23:17:34.0484 1296 Windows directory: C:\WINDOWS
23:17:34.0484 1296 System windows directory: C:\WINDOWS
23:17:34.0484 1296 Processor architecture: Intel x86
23:17:34.0484 1296 Number of processors: 1
23:17:34.0484 1296 Page size: 0x1000
23:17:34.0484 1296 Boot type: Normal boot
23:17:34.0484 1296 ============================================================
23:17:38.0953 1296 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:17:38.0968 1296 ============================================================
23:17:38.0968 1296 \Device\Harddisk0\DR0:
23:17:38.0968 1296 MBR partitions:
23:17:38.0968 1296 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x94EEEB9
23:17:38.0968 1296 ============================================================
23:17:38.0968 1296 Initialize success
23:17:38.0968 1296 ============================================================
23:17:48.0140 0560 ============================================================
23:17:48.0140 0560 Scan started
23:17:48.0140 0560 Mode: Manual;
23:17:48.0140 0560 ============================================================
23:17:48.0187 0560 6to4 - ok
23:17:48.0203 0560 Abiosdsk - ok
23:17:48.0218 0560 abp480n5 - ok
23:17:48.0234 0560 ACPI - ok
23:17:48.0250 0560 ACPIEC - ok
23:17:48.0250 0560 AdobeFlashPlayerUpdateSvc - ok
23:17:48.0265 0560 adpu160m - ok
23:17:48.0281 0560 aeaudio - ok
23:17:48.0296 0560 aec - ok
23:17:48.0296 0560 AFD - ok
23:17:48.0312 0560 AFS2K - ok
23:17:48.0328 0560 agp440 - ok
23:17:48.0343 0560 agpCPQ - ok
23:17:48.0359 0560 Aha154x - ok
23:17:48.0359 0560 aic78u2 - ok
23:17:48.0375 0560 aic78xx - ok
23:17:48.0390 0560 Alerter - ok
23:17:48.0406 0560 ALG - ok
23:17:48.0421 0560 AliIde - ok
23:17:48.0437 0560 alim1541 - ok
23:17:48.0453 0560 amdagp - ok
23:17:48.0453 0560 amsint - ok
23:17:48.0468 0560 Apple Mobile Device - ok
23:17:48.0484 0560 AppMgmt - ok
23:17:48.0500 0560 asc - ok
23:17:48.0515 0560 asc3350p - ok
23:17:48.0531 0560 asc3550 - ok
23:17:48.0562 0560 aspnet_state - ok
23:17:48.0578 0560 AsyncMac - ok
23:17:48.0593 0560 atapi - ok
23:17:48.0609 0560 Atdisk - ok
23:17:48.0625 0560 Atmarpc - ok
23:17:48.0625 0560 AudioSrv - ok
23:17:48.0640 0560 audstub - ok
23:17:48.0671 0560 AVGIDSAgent - ok
23:17:48.0671 0560 AVGIDSDriver - ok
23:17:48.0687 0560 AVGIDSFilter - ok
23:17:48.0703 0560 AVGIDSHX - ok
23:17:48.0718 0560 AVGIDSShim - ok
23:17:48.0734 0560 Avgldx86 - ok
23:17:48.0734 0560 Avgmfx86 - ok
23:17:48.0750 0560 Avgrkx86 - ok
23:17:48.0765 0560 Avgtdix - ok
23:17:48.0781 0560 avgwd - ok
23:17:48.0796 0560 bcm4sbxp - ok
23:17:48.0812 0560 BCSWAP - ok
23:17:48.0828 0560 Beep - ok
23:17:48.0843 0560 BITS - ok
23:17:48.0859 0560 Bonjour Service - ok
23:17:48.0875 0560 BridgeMP - ok
23:17:48.0875 0560 Browser - ok
23:17:48.0890 0560 catchme - ok
23:17:48.0906 0560 cbidf - ok
23:17:48.0921 0560 cbidf2k - ok
23:17:48.0937 0560 CCALib8 - ok
23:17:48.0953 0560 CCDECODE - ok
23:17:48.0968 0560 cd20xrnt - ok
23:17:48.0968 0560 Cdaudio - ok
23:17:48.0984 0560 Cdfs - ok
23:17:49.0000 0560 Cdr4_xp - ok
23:17:49.0015 0560 Cdralw2k - ok
23:17:49.0031 0560 Cdrom - ok
23:17:49.0031 0560 cdudf_xp - ok
23:17:49.0046 0560 Changer - ok
23:17:49.0062 0560 CiSvc - ok
23:17:49.0078 0560 ClipSrv - ok
23:17:49.0093 0560 clr_optimization_v2.0.50727_32 - ok
23:17:49.0109 0560 clr_optimization_v4.0.30319_32 - ok
23:17:49.0125 0560 CmdIde - ok
23:17:49.0125 0560 COMSysApp - ok
23:17:49.0156 0560 Cpqarray - ok
23:17:49.0171 0560 CryptSvc - ok
23:17:49.0187 0560 CVirtA - ok
23:17:49.0203 0560 CVPND - ok
23:17:49.0218 0560 CVPNDRVA - ok
23:17:49.0234 0560 dac2w2k - ok
23:17:49.0250 0560 dac960nt - ok
23:17:49.0250 0560 DcomLaunch - ok
23:17:49.0265 0560 Dhcp - ok
23:17:49.0281 0560 DiCapi - ok
23:17:49.0296 0560 DiMaint - ok
23:17:49.0312 0560 DiPort - ok
23:17:49.0328 0560 Disk - ok
23:17:49.0328 0560 DiWan - ok
23:17:49.0343 0560 dmadmin - ok
23:17:49.0359 0560 dmboot - ok
23:17:49.0359 0560 dmio - ok
23:17:49.0375 0560 dmload - ok
23:17:49.0390 0560 dmserver - ok
23:17:49.0406 0560 DMusic - ok
23:17:49.0406 0560 DNE - ok
23:17:49.0421 0560 Dnscache - ok
23:17:49.0468 0560 Dot3svc - ok
23:17:49.0468 0560 dpti2o - ok
23:17:49.0484 0560 drmkaud - ok
23:17:49.0500 0560 dvd_2K - ok
23:17:49.0500 0560 EapHost - ok
23:17:49.0515 0560 EL90XBC - ok
23:17:49.0531 0560 ERSvc - ok
23:17:49.0546 0560 Eventlog - ok
23:17:49.0562 0560 EventSystem - ok
23:17:49.0562 0560 Fastfat - ok
23:17:49.0578 0560 FastUserSwitchingCompatibility - ok
23:17:49.0593 0560 Fdc - ok
23:17:49.0609 0560 Fips - ok
23:17:49.0609 0560 Flpydisk - ok
23:17:49.0625 0560 FltMgr - ok
23:17:49.0640 0560 FontCache3.0.0.0 - ok
23:17:49.0656 0560 Fs_Rec - ok
23:17:49.0656 0560 Ftdisk - ok
23:17:49.0671 0560 GEARAspiWDM - ok
23:17:49.0687 0560 Gpc - ok
23:17:49.0703 0560 gupdate1c9f4b5549515e - ok
23:17:49.0718 0560 gupdatem - ok
23:17:49.0718 0560 helpsvc - ok
23:17:49.0734 0560 HidServ - ok
23:17:49.0750 0560 hkmsvc - ok
23:17:49.0765 0560 hpn - ok
23:17:49.0765 0560 HPZid412 - ok
23:17:49.0781 0560 HPZipr12 - ok
23:17:49.0796 0560 HPZius12 - ok
23:17:49.0812 0560 HTTP - ok
23:17:49.0828 0560 HTTPFilter - ok
23:17:49.0828 0560 i2omgmt - ok
23:17:49.0843 0560 i2omp - ok
23:17:49.0859 0560 i8042prt - ok
23:17:49.0875 0560 i81x - ok
23:17:49.0875 0560 iAimFP0 - ok
23:17:49.0890 0560 iAimFP1 - ok
23:17:49.0906 0560 iAimFP2 - ok
23:17:49.0906 0560 iAimFP3 - ok
23:17:49.0921 0560 iAimFP4 - ok
23:17:49.0937 0560 iAimTV0 - ok
23:17:49.0953 0560 iAimTV1 - ok
23:17:49.0953 0560 iAimTV2 - ok
23:17:49.0968 0560 iAimTV3 - ok
23:17:49.0984 0560 iAimTV4 - ok
23:17:50.0000 0560 ialm - ok
23:17:50.0000 0560 IDriverT - ok
23:17:50.0015 0560 idsvc - ok
23:17:50.0031 0560 Imapi - ok
23:17:50.0046 0560 Imapi Helper - ok
23:17:50.0062 0560 ImapiService - ok
23:17:50.0093 0560 ini910u - ok
23:17:50.0109 0560 IntelIde - ok
23:17:50.0109 0560 intelppm - ok
23:17:50.0125 0560 ip6fw - ok
23:17:50.0140 0560 IpFilterDriver - ok
23:17:50.0156 0560 iphlpsvc - ok
23:17:50.0156 0560 IpInIp - ok
23:17:50.0171 0560 IpNat - ok
23:17:50.0187 0560 iPod Service - ok
23:17:50.0203 0560 IPSec - ok
23:17:50.0203 0560 IRENUM - ok
23:17:50.0234 0560 isapnp - ok
23:17:50.0234 0560 JavaQuickStarterService - ok
23:17:50.0250 0560 Kbdclass - ok
23:17:50.0265 0560 kmixer - ok
23:17:50.0281 0560 KSecDD - ok
23:17:50.0296 0560 lanmanserver - ok
23:17:50.0312 0560 lanmanworkstation - ok
23:17:50.0328 0560 lbrtfdc - ok
23:17:50.0343 0560 LmHosts - ok
23:17:50.0359 0560 MDM - ok
23:17:50.0375 0560 mmc_2K - ok
23:17:50.0390 0560 mnmdd - ok
23:17:50.0406 0560 mnmsrvc - ok
23:17:50.0406 0560 Modem - ok
23:17:50.0421 0560 Mouclass - ok
23:17:50.0437 0560 MountMgr - ok
23:17:50.0453 0560 mraid35x - ok
23:17:50.0468 0560 MRxDAV - ok
23:17:50.0468 0560 MRxSmb - ok
23:17:50.0484 0560 MSDTC - ok
23:17:50.0515 0560 Msfs - ok
23:17:50.0515 0560 MSIServer - ok
23:17:50.0546 0560 MSKSSRV - ok
23:17:50.0562 0560 MSPCLOCK - ok
23:17:50.0578 0560 MSPQM - ok
23:17:50.0578 0560 mssmbios - ok
23:17:50.0593 0560 MSTEE - ok
23:17:50.0609 0560 Mup - ok
23:17:50.0625 0560 NABTSFEC - ok
23:17:50.0640 0560 napagent - ok
23:17:50.0640 0560 NDIS - ok
23:17:50.0656 0560 NdisIP - ok
23:17:50.0671 0560 NdisTapi - ok
23:17:50.0687 0560 Ndisuio - ok
23:17:50.0703 0560 NdisWan - ok
23:17:50.0718 0560 NDProxy - ok
23:17:50.0734 0560 NetBIOS - ok
23:17:50.0750 0560 NetBT - ok
23:17:50.0750 0560 NetDDE - ok
23:17:50.0765 0560 NetDDEdsdm - ok
23:17:50.0781 0560 Netlogon - ok
23:17:50.0796 0560 Netman - ok
23:17:50.0812 0560 NetTcpPortSharing - ok
23:17:50.0812 0560 Nla - ok
23:17:50.0843 0560 nosGetPlusHelper - ok
23:17:50.0843 0560 Npfs - ok
23:17:50.0859 0560 Ntfs - ok
23:17:50.0875 0560 NtLmSsp - ok
23:17:50.0890 0560 NtmsSvc - ok
23:17:50.0906 0560 Null - ok
23:17:50.0906 0560 NuVision - ok
23:17:50.0921 0560 nv - ok
23:17:50.0937 0560 NwlnkFlt - ok
23:17:50.0953 0560 NwlnkFwd - ok
23:17:50.0953 0560 omci - ok
23:17:50.0968 0560 P3 - ok
23:17:50.0984 0560 Parport - ok
23:17:51.0000 0560 PartMgr - ok
23:17:51.0000 0560 ParVdm - ok
23:17:51.0015 0560 PCI - ok
23:17:51.0031 0560 PCIDump - ok
23:17:51.0046 0560 PCIIde - ok
23:17:51.0062 0560 Pcmcia - ok
23:17:51.0078 0560 pcouffin - ok
23:17:51.0093 0560 PDCOMP - ok
23:17:51.0109 0560 PDFRAME - ok
23:17:51.0109 0560 PDRELI - ok
23:17:51.0125 0560 PDRFRAME - ok
23:17:51.0140 0560 perc2 - ok
23:17:51.0156 0560 perc2hib - ok
23:17:51.0187 0560 PlugPlay - ok
23:17:51.0203 0560 PMBDeviceInfoProvider - ok
23:17:51.0203 0560 Pml Driver HPZ12 - ok
23:17:51.0218 0560 PolicyAgent - ok
23:17:51.0234 0560 PptpMiniport - ok
23:17:51.0250 0560 Processor - ok
23:17:51.0265 0560 ProtectedStorage - ok
23:17:51.0281 0560 PSched - ok
23:17:51.0296 0560 Ptilink - ok
23:17:51.0296 0560 pwd_2k - ok
23:17:51.0328 0560 PxHelp20 - ok
23:17:51.0328 0560 ql1080 - ok
23:17:51.0343 0560 Ql10wnt - ok
23:17:51.0359 0560 ql12160 - ok
23:17:51.0375 0560 ql1240 - ok
23:17:51.0390 0560 ql1280 - ok
23:17:51.0390 0560 RasAcd - ok
23:17:51.0406 0560 RasAuto - ok
23:17:51.0437 0560 Rasl2tp - ok
23:17:51.0437 0560 RasMan - ok
23:17:51.0437 0560 RasPppoe - ok
23:17:51.0453 0560 Raspti - ok
23:17:51.0468 0560 Rdbss - ok
23:17:51.0484 0560 RDPCDD - ok
23:17:51.0500 0560 rdpdr - ok
23:17:51.0531 0560 RDPWD - ok
23:17:51.0546 0560 RDSessMgr - ok
23:17:51.0546 0560 redbook - ok
23:17:51.0562 0560 RemoteAccess - ok
23:17:51.0578 0560 RemoteRegistry - ok
23:17:51.0593 0560 RpcLocator - ok
23:17:51.0609 0560 RpcSs - ok
23:17:51.0609 0560 RSVP - ok
23:17:51.0625 0560 SamSs - ok
23:17:51.0640 0560 SCardSvr - ok
23:17:51.0656 0560 Schedule - ok
23:17:51.0671 0560 Secdrv - ok
23:17:51.0687 0560 seclogon - ok
23:17:51.0687 0560 SENS - ok
23:17:51.0703 0560 serenum - ok
23:17:51.0718 0560 Serial - ok
23:17:51.0765 0560 Sfloppy - ok
23:17:51.0781 0560 SharedAccess - ok
23:17:51.0796 0560 ShellHWDetection - ok
23:17:51.0812 0560 Simbad - ok
23:17:51.0812 0560 sisagp - ok
23:17:51.0828 0560 SLIP - ok
23:17:51.0859 0560 smwdm - ok
23:17:51.0875 0560 Sparrow - ok
23:17:51.0890 0560 splitter - ok
23:17:51.0890 0560 Spooler - ok
23:17:51.0906 0560 sr - ok
23:17:51.0921 0560 srservice - ok
23:17:51.0921 0560 Srv - ok
23:17:51.0937 0560 SSDPSRV - ok
23:17:51.0953 0560 stisvc - ok
23:17:51.0968 0560 streamip - ok
23:17:51.0984 0560 swenum - ok
23:17:52.0000 0560 swmidi - ok
23:17:52.0000 0560 SwPrv - ok
23:17:52.0031 0560 symc810 - ok
23:17:52.0031 0560 symc8xx - ok
23:17:52.0046 0560 sym_hi - ok
23:17:52.0062 0560 sym_u3 - ok
23:17:52.0093 0560 sysaudio - ok
23:17:52.0093 0560 SysmonLog - ok
23:17:52.0109 0560 TapiSrv - ok
23:17:52.0125 0560 Tcpip - ok
23:17:52.0140 0560 Tcpip6 - ok
23:17:52.0156 0560 TDPIPE - ok
23:17:52.0156 0560 TDTCP - ok
23:17:52.0171 0560 tdx - ok
23:17:52.0187 0560 TermDD - ok
23:17:52.0203 0560 TermService - ok
23:17:52.0203 0560 Themes - ok
23:17:52.0218 0560 TlntSvr - ok
23:17:52.0234 0560 TosIde - ok
23:17:52.0250 0560 TracSrvWrapper - ok
23:17:52.0265 0560 TrkWks - ok
23:17:52.0281 0560 truecrypt - ok
23:17:52.0296 0560 tunmp - ok
23:17:52.0312 0560 UdfReadr_xp - ok
23:17:52.0328 0560 Udfs - ok
23:17:52.0343 0560 ultra - ok
23:17:52.0343 0560 Update - ok
23:17:52.0359 0560 upnphost - ok
23:17:52.0375 0560 UPS - ok
23:17:52.0390 0560 USBAAPL - ok
23:17:52.0406 0560 usbccgp - ok
23:17:52.0406 0560 usbehci - ok
23:17:52.0421 0560 usbhub - ok
23:17:52.0437 0560 usbprint - ok
23:17:52.0468 0560 usbscan - ok
23:17:52.0484 0560 USBSTOR - ok
23:17:52.0500 0560 usbuhci - ok
23:17:52.0500 0560 VgaSave - ok
23:17:52.0515 0560 viaagp - ok
23:17:52.0531 0560 ViaIde - ok
23:17:52.0546 0560 vna_ap - ok
23:17:52.0562 0560 VolSnap - ok
23:17:52.0578 0560 vsdatant - ok
23:17:52.0593 0560 vsmon - ok
23:17:52.0593 0560 VSS - ok
23:17:52.0625 0560 w32time - ok
23:17:52.0640 0560 Wanarp - ok
23:17:52.0656 0560 WDICA - ok
23:17:52.0656 0560 wdmaud - ok
23:17:52.0671 0560 WebClient - ok
23:17:52.0687 0560 WinDefend - ok
23:17:52.0718 0560 WinHttpAutoProxySvc - ok
23:17:52.0718 0560 winmgmt - ok
23:17:52.0796 0560 WmdmPmSN - ok
23:17:52.0812 0560 Wmi - ok
23:17:52.0828 0560 WmiApSrv - ok
23:17:52.0843 0560 WMPNetworkSvc - ok
23:17:52.0859 0560 WPFFontCache_v0400 - ok
23:17:52.0875 0560 WS2IFSL - ok
23:17:52.0890 0560 wscsvc - ok
23:17:52.0906 0560 WSTCODEC - ok
23:17:52.0906 0560 wuauserv - ok
23:17:52.0953 0560 WudfPf - ok
23:17:52.0953 0560 WudfRd - ok
23:17:52.0968 0560 WudfSvc - ok
23:17:52.0984 0560 WZCSVC - ok
23:17:53.0000 0560 xmlprov - ok
23:17:53.0031 0560 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
23:17:53.0062 0560 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
23:17:53.0093 0560 MBR (0x1B8) (ef2eec94b0e09a39d077d3e01a352d8f) \Device\Harddisk0\DR0
23:17:53.0640 0560 \Device\Harddisk0\DR0 - ok
23:17:53.0687 0560 Boot (0x1200) (cf03cf63873571b28db5bed637f3053c) \Device\Harddisk0\DR0\Partition0
23:17:53.0687 0560 \Device\Harddisk0\DR0\Partition0 - ok
23:17:53.0687 0560 ============================================================
23:17:53.0687 0560 Scan finished
23:17:53.0687 0560 ============================================================
23:17:53.0703 0796 Detected object count: 0
23:17:53.0703 0796 Actual detected object count: 0
23:18:07.0078 0876 Deinitialize success

shelf life
2012-06-16, 15:25
Normally if its possible I like to get confirmation of malware in more than just one log before proceeding with attempting to fix it.

We will get another download to use. First download mbrcheck (http://www2.gmer.net/mbr/mbr.exe) to your desktop. Double click it to run and produce a .txt (mbr.log) file on your desktop. Post the file in your reply.

I know you already ran aswMBR once but lets run it again. You can delete the old copy on your desktop if you havent already as well as the old aswMBR.txt log and MBR.dat file.
Download a new copy (http://public.avast.com/~gmerek/aswMBR.exe) to your destop, double click to start and click the scan button. When its done click the save log button and post the log.

Cheweybacca
2012-06-21, 13:27
MBR log

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: IC35L090AVV207-0 rev.V23OA66A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
sectors 156249998 (+255): user != kernel

Cheweybacca
2012-06-21, 13:31
aswmbr log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-21 11:29:33
-----------------------------
11:29:33.081 OS Version: Windows 5.1.2600 Service Pack 3
11:29:33.081 Number of processors: 1 586 0x207
11:29:33.096 ComputerName: BRIDS_DELL UserName: Gerry
11:29:34.096 Initialize success
11:30:20.987 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:30:20.987 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 76293MB BusType: 3
11:30:21.003 Disk 0 MBR read successfully
11:30:21.003 Disk 0 MBR scan
11:30:21.003 Disk 0 unknown MBR code
11:30:21.003 Disk 0 Partition 1 00 DE Dell Utility 31 MB offset 63
11:30:21.003 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS 76253 MB offset 64260
11:30:21.003 Disk 0 scanning sectors +156232125
11:30:21.065 Disk 0 scanning C:\WINDOWS\system32\drivers
11:30:21.065 Service scanning
11:30:21.815 Service ACPI C:\WINDOWS\System32\DRIVERS\ACPI.sys **LOCKED** 32
11:30:56.549 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
11:31:02.924 Modules scanning
11:31:03.003 Disk 0 trace - called modules:
11:31:03.034 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x8a9e5999]<<
11:31:03.034 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a9ddab8]
11:31:03.034 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aa59d98]
11:31:03.034 Scan finished successfully
11:31:40.534 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gerry\My Documents\MBR.dat"
11:31:40.534 The log file has been saved successfully to "C:\Documents and Settings\Gerry\My Documents\aswMBR2.txt"

Cheweybacca
2012-06-21, 13:37
One more thing i've noticed. Since we ran last combofix Windows update is not available. I looked at the event viewer and these errors are logged.


The @%SystemRoot%\system32\tcpipcfg.dll,-50004 service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


The @%SystemRoot%\system32\tcpipcfg.dll,-50004 service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

The Automatic Updates service failed to start due to the following error:
%%1290

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

My computer is still functioning but i think windows updates may go out of date soon. Virus redirect is quieter some days and not other days but still appears when the mood takes it. Really weird like it has a mind of its own.

Thanks for your help again.

shelf life
2012-06-22, 03:20
Thanks for the info. Really I dont have a lot to go on with your logs. Normally you get confirmation of malware between logs but Iam having a hard time finding anything to go on with your logs. But your still getting the redirects.

When you ran aswmbr it created a MBR.dat file on your desktop. Go here (https://www.virustotal.com/) browse for the file on your desktop then upload it using the Scan It! button.
Once its done scanning you can copy/paste the URL in your reply.

Also download Minitoolbox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) run it and select:
Report IE proxy settings
Report FF proxy settings
List Content of Host
List IP configuration
Next click GO at the bottom. It will create a Results.txt on your desktop. Post it in your reply.

Cheweybacca
2012-06-27, 12:06
Got the redirect today first thing when googling 'spybot malware forum'
reran aswmbr. The line in bold below appears in red during scan ?

link to mbr.dat virustool scan
https://www.virustotal.com/file/f5aa81e0d7be5b66b39dda523d1aea3cd7f1632f789c5d9117c99ec986c45c71/analysis/1340787730/


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-27 09:58:56
-----------------------------
09:58:56.859 OS Version: Windows 5.1.2600 Service Pack 3
09:58:56.859 Number of processors: 1 586 0x207
09:58:56.859 ComputerName: BRIDS_DELL UserName: Gerry
09:59:07.406 Initialize success
09:59:20.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:59:20.406 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 76293MB BusType: 3
09:59:20.515 Disk 0 MBR read successfully
09:59:20.515 Disk 0 MBR scan
09:59:20.515 Disk 0 unknown MBR code
09:59:20.546 Disk 0 Partition 1 00 DE Dell Utility 31 MB offset 63
09:59:20.609 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS 76253 MB offset 64260
09:59:20.625 Disk 0 scanning sectors +156232125
09:59:20.875 Disk 0 scanning C:\WINDOWS\system32\drivers
09:59:20.906 Service scanning
09:59:23.343 Service ACPI C:\WINDOWS\System32\DRIVERS\ACPI.sys **LOCKED** 32
10:00:30.093 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
10:00:33.796 Modules scanning
10:00:34.078 Disk 0 trace - called modules:
10:00:34.109 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x8a80a509]<<
10:00:34.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a9ddab8]
10:00:34.109 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aa59d98]
10:00:34.109 Scan finished successfully
10:01:07.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gerry\My Documents\Downloads\MBR.dat"
10:01:07.968 The log file has been saved successfully to "C:\Documents and Settings\Gerry\My Documents\Downloads\aswMBR3.txt"

Cheweybacca
2012-06-27, 12:14
MiniToolBox by Farbar Version: 25-06-2012
Ran by Gerry (administrator) on 27-06-2012 at 10:07:29
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com

There are 15218 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Cisco Systems VPN Adapter = Local Area Connection 2 (Disconnected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "{464B29D9-1754-4002-8858-1DE1933BA105}"

set address name="{464B29D9-1754-4002-8858-1DE1933BA105}" source=dhcp
set dns name="{464B29D9-1754-4002-8858-1DE1933BA105}" source=dhcp register=NONE
set wins name="{464B29D9-1754-4002-8858-1DE1933BA105}" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : BRIDS_DELL

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : lan



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : lan

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-0B-DB-B2-A3-4F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::20b:dbff:feb2:a34f%4

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

fec0:0:0:ffff::1%2

fec0:0:0:ffff::2%2

fec0:0:0:ffff::3%2

Lease Obtained. . . . . . . . . . : 27 June 2012 08:58:40

Lease Expires . . . . . . . . . . : 28 June 2012 08:58:40



Ethernet adapter {464B29D9-1754-4002-8858-1DE1933BA105}:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Check Point Virtual Network Adapter For Endpoint VPN Client - Packet Scheduler Miniport

Physical Address. . . . . . . . . : 54-51-E8-DD-9E-12



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 80-00-23-3A-AB-34-DF-64

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 2001:0:5ef5:79fd:8000:233a:ab34:df64

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%6

Default Gateway . . . . . . . . . : ::

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . : lan

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-01-64

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.100%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2

fec0:0:0:ffff::2%2

fec0:0:0:ffff::3%2

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: smart.lan
Address: 192.168.1.1

Name: google.com
Address: 87.125.87.99



Pinging google.com [87.125.87.99] with 32 bytes of data:



Reply from 87.125.87.99: bytes=32 time=125ms TTL=57

Reply from 87.125.87.99: bytes=32 time=124ms TTL=57



Ping statistics for 87.125.87.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 124ms, Maximum = 125ms, Average = 124ms

Server: smart.lan
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=168ms TTL=50

Reply from 209.191.122.70: bytes=32 time=171ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 168ms, Maximum = 171ms, Average = 169ms

Server: smart.lan
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0b db b2 a3 4f ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x3 ...54 51 e8 dd 9e 12 ...... Check Point Virtual Network Adapter For Endpoint VPN Client - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.100 192.168.1.100 20
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 20
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 20
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 20
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
255.255.255.255 255.255.255.255 192.168.1.100 3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

**** End of log ****

shelf life
2012-06-28, 03:09
Ok thanks for the info. Next step is to rerun aswmbr like you did before by clicking the Scan button, when its done running click the Fix button.
Once its done click the save log button to save the .txt file somewhere then immediately reboot your machine and post the log you saved.

Cheweybacca
2012-06-28, 20:35
The option to fix is greyed out / not available. The option to FixMBR is available.
should i take the option to fixMBR ?

shelf life
2012-06-29, 04:12
Normally I dont like to run a fix without confirmation from another tool which I dont see in any of the logs and also we seem to have exhausted other possible causes for the redirects along with other utilities to use. So since this is the case I dont see any other option but to use the Fixmbr tool in aswMBR.exe.

Do you have data/files you dont want to lose backed up to other media, just as a precaution? The tool will rewrite a new master boot record to the hard drive.

Cheweybacca
2012-07-03, 17:38
Normally I dont like to run a fix without confirmation from another tool which I dont see in any of the logs and also we seem to have exhausted other possible causes for the redirects along with other utilities to use. So since this is the case I dont see any other option but to use the Fixmbr tool in aswMBR.exe.

Do you have data/files you dont want to lose backed up to other media, just as a precaution? The tool will rewrite a new master boot record to the hard drive.

Ok Shelf - I better do a backup so. Is a MBR rewrite high risk ? What exactly is an MBR ?


Do you have any ideas how to resolve the windows update issues (see above) that the last run of combofix appears to have caused ?
I can see these errors in the windows event viewer.

shelf life
2012-07-05, 03:33
Its not high risk, its actually quick and simple. Its just if something goes wrong you would be left with a unbootable machine. The larger concern now is the redirection issue. We can resolve the update issue later.

MBR (http://www.ntfs.com/mbr.htm)

Cheweybacca
2012-07-31, 18:54
Its not high risk, its actually quick and simple. Its just if something goes wrong you would be left with a unbootable machine. The larger concern now is the redirection issue. We can resolve the update issue later.

MBR (http://www.ntfs.com/mbr.htm)

Just back from hols :D:

1 more question. My harddrive is encrypted by truecrypt. I input a password at boot time before XP loads. Could the MBR rewrite impact clash with this ?

shelf life
2012-08-01, 03:02
Welcome back, its been awhile. In fact, since its been almost 1 month then we should get some new logs before you do anything. No doubt everything has been updated so we might get some new clues in the logs. So...

If you havent yet you can remove combofix like this:
start>run and type in combofix /uninstall and click ok or enter
note the space after the x and before the /.
You can delete tdsskiller icon and the aswmbr icon, log and .dat file from the desktop also.

Download new copies of each and run in this order:

tdsskiller (http://support.kaspersky.com/faq/?qid=208283363)
aswmbr (http://public.avast.com/%7Egmerek/aswMBR.htm) scan and save log
Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) Read the guide first.

Post the logs
Do you by chance have the original Windows XP installation media for your machine?