Cheweys Browser Redirect Issue

hi,

ok. We will get another download to use (Gmer) and also you can get a new copy of combofix since no doubt its been updated.

There is a short guide and links to the Gmer application here. Just move down until you see the Section about creating a gmer log. Read and follow the directions for running gmer and post the log.

Run gmer first. Next get combofix and temporarily disable any AV or real time protection that may be running and run combofix like you did before. The combofix link and guide is here.
 
Hi Shelf,
GMER log is below and i have a combofix question. Do i have to uninstall combofix and reinstall it again or does combofix update itself when you install a new version ?
Cheers
Chewey

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-06 10:43:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC35L090AVV207-0 rev.V23OA66A
Running: wkke872i.exe; Driver: C:\DOCUME~1\Gerry\LOCALS~1\Temp\kgrcyuob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xADE5D940]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xADE57500]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xADE7B4C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xADE5E0D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xADE752D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xADE756E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xADE7E9C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xADE5E230]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xADE580C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xADE7C670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xADE7C200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xADE74420]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xADE7CDE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xADE7D000]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xAD9D4004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xAD9D40D4]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xADE57CB0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAD9D3D76]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xADE775A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xADE7E140]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xADE7D770]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xADE5D490]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xADE7DDF0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xADE5DBC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xADE584E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xADE7BC20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xADE76280]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAD9D3E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAD9D3EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAD9D3F56]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2770 12 Bytes [D0, E0, E5, AD, D0, 52, E7, ...] {SHL AL, 0x1; IN EAX, 0xad; RCL BYTE [EDX-0x19], 0x1; LODSD ; LOOPNZ 0x60; OUT 0xad, EAX}
.text ntoskrnl.exe!_abnormal_termination + 114 804E2780 4 Bytes [C0, E9, E7, AD] {SHR CL, 0xe7; LODSD }
.text atapi.sys F74A0852 1 Byte [CC] {INT 3 }
? dimaint.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1172] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 1C, 00] {SUB [EAX], AL; SBB AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 1C, 00] {SUB [EBX], AL; SBB AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 1C, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 1C, 00] {TEST AL, 0x1; SBB AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F21A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 1C, 00] {TEST AL, 0x2; SBB AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 1C, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 1C, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F28B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 1C, 00] {TEST AL, 0x0; SBB AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F3B9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 1C, 00] {SUB [ECX], AL; SBB AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 1C, 00] {SUB [EDX], AL; SBB AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 1C, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2472] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 31, 00] {SUB [EAX], AL; XOR [EAX], EAX}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 31, 00] {SUB [EBX], AL; XOR [EAX], EAX}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 31, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 31, 00] {TEST AL, 0x1; XOR [EAX], EAX}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91071A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 31, 00] {TEST AL, 0x2; XOR [EAX], EAX}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 31, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 31, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91078B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 31, 00] {TEST AL, 0x0; XOR [EAX], EAX}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9108B9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 31, 00] {SUB [ECX], AL; XOR [EAX], EAX}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 31, 00] {SUB [EDX], AL; XOR [EAX], EAX}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 31, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 34, 00] {SUB [EAX], AL; XOR AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 34, 00] {SUB [EBX], AL; XOR AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 34, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 34, 00] {TEST AL, 0x1; XOR AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B910A1A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 34, 00] {TEST AL, 0x2; XOR AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 34, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 34, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B910A8B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 34, 00] {TEST AL, 0x0; XOR AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910BB9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 34, 00] {SUB [ECX], AL; XOR AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 34, 00] {SUB [EDX], AL; XOR AL, 0x0}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 34, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91141A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91148B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9115B9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 3E, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\program files\real\realplayer\update\realsched.exe[3784] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Threads - GMER 1.0.15 ----

Thread System [4:132] 8A84939F
Thread System [4:516] 8A5BB0F4

---- EOF - GMER 1.0.15 ----
 
Because its been awhile please post a new DDS log like you did at the start of the thread.

If you havent uninstalled combofix then it should prompt you to update once it starts up after clicking the icon. If you already uninstalled it then just download a new copy which will be the latest version.

Try running Gmer once more except this time temporarily disable AVG.
Also temporarily disable what I assume is a firewall from "Check Point Endpoint Security"? If that suite includes antivirus also then you should disable the AV portion as you already have AVG and only one is needed per machine.

So: new DDS log, disable AVG/CheckPoint and run Gmer. Once gmer is done and you have the log you can reboot to start up the AV and firewall. Last rerun Combofix. Three logs to post
 
Hi Shelf,
I'm back. Heres the DDS log again with the new attach.txt file (attach2.txt)
Rgds
Chewey


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by Gerry at 18:56:59 on 2012-06-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1298 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Endpoint Security Client Firewall *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Checkpoint\Endpoint Security\EapConnMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\program files\real\realplayer\Update\realsched.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ie/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [TrueCrypt] "c:\program files\truecrypt\TrueCrypt.exe" /q preferences /a logon
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\gerry\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Check Point Endpoint Tray Application] c:\program files\common files\check point\uiframework\cptray.exe
mRun: [Check Point Endpoint Connect] "c:\program files\checkpoint\endpoint security\endpoint connect\TrGUI.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\gerry\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\gerry\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\gerry\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Video Poker - hxxp://download2.games.yahoo.com/games/clients/y/vpt0_x.cab
DPF: Yahoo! Poker - hxxp://download.games.yahoo.com/games/clients/y/pt3_x.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} - hxxp://community.webshots.com/html/atx/wsaxcontrol.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://213.94.214.30/vdesk/terminal/f5tunsrv.cab#version=6031,2009,1204,1610
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://213.94.214.30/vdesk/terminal/InstallerControl.cab#version=6031,2009,1204,1613
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://213.94.214.30/vdesk/terminal/f5InspectionHost.cab#version=6031,2009,1204,1603
DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - hxxps://213.94.214.30/vdesk/terminal/urTermProxy.cab#version=6020,2008,0514,2337
DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} - hxxps://213.94.214.30/vdesk/terminal/msrdp.cab#version=5,2,3790,0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - hxxp://static.photobox.co.uk/sg/common/uploader_uni.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://213.94.214.30/vdesk/terminal/urxhost.cab#version=6031,2009,1204,1604
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - hxxps://213.94.214.30/policy/download_binary.php/win32/f5syschk.cab#Version=6031,2010,0125,2111
DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - hxxp://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
TCP: Interfaces\{92E1B20F-0BA1-4722-B920-4CE8C48534CD} : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 31952]
R0 DiMaint;Eicon Maintenance Driver;c:\windows\system32\drivers\disdn\dimaint.sys [2002-12-4 91408]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 301248]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-1-18 470920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 DiCapi;Eicon CAPI 2.0 Driver;c:\windows\system32\drivers\disdn\capi202k.sys [2001-6-12 181168]
R2 DiPort;Eicon Port Driver;c:\windows\system32\drivers\disdn\diport40.sys [2002-10-16 206976]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 DiWan;Eicon Driver for all Diva Client cards;c:\windows\system32\drivers\disdn\Diwan.sys [2002-10-3 911920]
R3 vna_ap;Check Point Virtual Network Adapter - Apollo;c:\windows\system32\drivers\vnaap.sys [2010-5-9 129304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9f4b5549515e;Google Update Service (gupdate1c9f4b5549515e);c:\program files\google\update\GoogleUpdate.exe [2009-6-24 133104]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-19 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-24 133104]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2002-8-29 14336]
S3 NuVision;Hauppauge WinTV USB Pro (PAL I,D/K);c:\windows\system32\drivers\NUVision.sys [2008-2-13 260144]
S3 TracSrvWrapper;Check Point Endpoint Connect;c:\program files\checkpoint\endpoint security\endpoint connect\TracSrvWrapper.exe [2010-5-9 3511824]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\BCSwap.sys [2007-1-25 91496]
.
=============== Created Last 30 ================
.
2012-06-13 08:57:45 -------- d-----w- c:\program files\common files\xing shared
2012-05-29 13:27:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-05-29 13:27:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-05-29 13:27:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-05-29 13:27:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-05-29 13:27:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-05-29 13:27:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-05-29 13:27:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-05-24 17:09:35 208896 ----a-w- c:\windows\MBR.exe
2012-05-24 17:09:32 256000 ----a-w- c:\windows\PEV.exe
.
==================== Find3M ====================
.
2012-06-13 08:56:25 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-13 08:56:25 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 15:39:54 832512 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 07:51:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-09 07:51:31 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 14:46:47 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-04-23 14:46:47 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-23 14:46:47 17408 ----a-w- c:\windows\system32\corpol.dll
2012-04-19 03:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-18 19:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 04:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2003-09-01 12:56:26 235988 ----a-w- c:\program files\Logo - accounting1.exe
2003-08-29 21:06:45 16251072 ----a-w- c:\program files\AdbeRdr60_enu_full.exe
.
============= FINISH: 18:58:06.20 ===============
 
AVG disabled and checkpoint disabled.

Here is the GMER log


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-13 19:11:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC35L090AVV207-0 rev.V23OA66A
Running: 0gq3njce.exe; Driver: C:\DOCUME~1\Gerry\LOCALS~1\Temp\kgrcyuob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xAAB6A940]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xAAB64500]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xAAB884C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xAAB6B0D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xAAB6B230]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xAAB650C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xAAB89670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xAAB89200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xAAB89DE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xAAB8A000]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xAA907004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xAA9070D4]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xAAB64CB0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAA906D76]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xAAB8B140]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xAAB8A770]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xAAB6A490]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xAAB8ADF0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xAAB654E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xAAB88C20]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAA906E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAA906EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAA906F56]

---- Kernel code sections - GMER 1.0.15 ----

.text atapi.sys F74A0852 1 Byte [CC] {INT 3 }
? dimaint.sys The system cannot find the file specified. !
? C:\DOCUME~1\Gerry\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F51A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F58B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F6B9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 1F, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1920] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 30, 00] {SUB [EAX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 30, 00] {SUB [EBX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 30, 00] {TEST AL, 0x1; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91061A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 30, 00] {TEST AL, 0x2; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91068B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 30, 00] {TEST AL, 0x0; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9107B9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 30, 00] {SUB [ECX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 30, 00] {SUB [EDX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2064] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text c:\program files\real\realplayer\Update\realsched.exe[2188] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 30, 00] {SUB [EAX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 30, 00] {SUB [EBX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 30, 00] {TEST AL, 0x1; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91061A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 30, 00] {TEST AL, 0x2; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91068B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 30, 00] {TEST AL, 0x0; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9107B9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 30, 00] {SUB [ECX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 30, 00] {SUB [EDX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 30, 00] {SUB [EAX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 30, 00] {SUB [EBX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 30, 00] {TEST AL, 0x1; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91061A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 30, 00] {TEST AL, 0x2; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91068B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 30, 00] {TEST AL, 0x0; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9107B9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 30, 00] {SUB [ECX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 30, 00] {SUB [EDX], AL; XOR [EAX], AL}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 30, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 2B, 00] {SUB [EAX], AL; SUB EAX, [EAX]}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 2B, 00] {SUB [EBX], AL; SUB EAX, [EAX]}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 2B, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 2B, 00] {TEST AL, 0x1; SUB EAX, [EAX]}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91011A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 2B, 00] {TEST AL, 0x2; SUB EAX, [EAX]}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 2B, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 2B, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91018B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 2B, 00] {TEST AL, 0x0; SUB EAX, [EAX]}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9102B9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 2B, 00] {SUB [ECX], AL; SUB EAX, [EAX]}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 2B, 00] {SUB [EDX], AL; SUB EAX, [EAX]}
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 2B, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F31A
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F38B
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F4B9
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 1D, 00]
.text C:\Documents and Settings\Gerry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3588] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Threads - GMER 1.0.15 ----

Thread System [4:132] 8A84939F
Thread System [4:136] 8A7010F4

---- EOF - GMER 1.0.15 ----
 
Finally the Combofix log - in 2 posts.

Upon completion i opened chrome and googled "spybot malware forum" to post the combofix log to this thread. The redirect happened for the first time today :rolleyes: Somedays the redirect is rare and sometimes all the time. Here is the log. Thanks again.

ComboFix 12-06-13.04 - Gerry 13/06/2012 19:28:02.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1494 [GMT 1:00]
Running from: c:\documents and settings\Gerry\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Endpoint Security Client Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-13 08:57 . 2012-06-13 08:57 -------- d-----w- c:\program files\Common Files\xing shared
2012-05-29 13:27 . 2012-05-29 13:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-05-29 13:27 . 2012-05-29 13:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-05-29 13:27 . 2012-05-29 13:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-05-29 13:27 . 2012-05-29 13:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-05-29 13:27 . 2012-05-29 13:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-05-29 13:27 . 2012-05-29 13:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-05-29 13:27 . 2012-05-29 13:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-05-29 13:27 . 2012-05-29 13:27 -------- d-----w- c:\program files\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 08:56 . 2011-12-04 15:16 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-13 08:56 . 2011-12-04 15:16 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-31 13:22 . 2003-03-20 15:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 15:39 . 2006-02-24 13:26 832512 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2002-08-29 04:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 07:51 . 2012-04-19 17:51 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-09 07:51 . 2011-05-29 22:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 13:12 . 1979-12-31 23:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 1979-12-31 23:00 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2002-08-29 04:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 14:46 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-04-23 14:46 . 2002-08-29 04:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-23 14:46 . 2002-08-29 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2012-04-19 03:50 . 2012-04-19 03:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 14:56 . 2008-12-11 12:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 04:17 . 2011-02-10 06:54 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2003-09-01 12:56 . 2003-09-01 12:56 235988 ----a-w- c:\program files\Logo - accounting1.exe
2003-08-29 21:06 . 2003-08-29 20:31 16251072 ----a-w- c:\program files\AdbeRdr60_enu_full.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-24_17.28.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-13 07:43 . 2012-06-13 07:43 16384 c:\windows\Temp\Perflib_Perfdata_104.dat
- 2002-08-29 04:00 . 2012-03-01 01:25 44544 c:\windows\SYSTEM32\pngfilt.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 44544 c:\windows\SYSTEM32\pngfilt.dll
+ 2002-09-03 12:51 . 2012-06-13 00:47 84494 c:\windows\SYSTEM32\PERFC009.DAT
- 2002-09-03 12:51 . 2012-05-09 18:06 84494 c:\windows\SYSTEM32\PERFC009.DAT
- 2006-11-07 21:03 . 2012-03-01 01:25 52224 c:\windows\SYSTEM32\msfeedsbs.dll
+ 2006-11-07 21:03 . 2012-04-23 14:46 52224 c:\windows\SYSTEM32\msfeedsbs.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 27648 c:\windows\SYSTEM32\jsproxy.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 27648 c:\windows\SYSTEM32\jsproxy.dll
+ 2006-11-07 03:26 . 2012-04-23 11:33 13824 c:\windows\SYSTEM32\ieudinit.exe
- 2006-11-07 03:26 . 2012-02-29 12:16 13824 c:\windows\SYSTEM32\ieudinit.exe
+ 2002-08-29 04:00 . 2012-04-23 14:46 44544 c:\windows\SYSTEM32\iernonce.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 44544 c:\windows\SYSTEM32\iernonce.dll
+ 2002-08-29 04:00 . 2012-04-23 11:33 70656 c:\windows\SYSTEM32\ie4uinit.exe
- 2002-08-29 04:00 . 2012-02-29 12:16 70656 c:\windows\SYSTEM32\ie4uinit.exe
+ 2006-10-17 11:58 . 2012-04-23 14:46 63488 c:\windows\SYSTEM32\icardie.dll
- 2006-10-17 11:58 . 2012-03-01 01:25 63488 c:\windows\SYSTEM32\icardie.dll
- 2006-05-10 05:23 . 2012-03-01 01:25 44544 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2006-05-10 05:23 . 2012-04-23 14:46 44544 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
- 2007-05-15 12:13 . 2012-03-01 01:25 52224 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2007-05-15 12:13 . 2012-04-23 14:46 52224 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2006-05-10 05:22 . 2012-03-01 01:25 27648 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2006-05-10 05:22 . 2012-04-23 14:46 27648 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2007-05-15 12:13 . 2012-04-23 11:33 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
- 2007-05-15 12:13 . 2012-02-29 12:16 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
- 2006-11-07 03:26 . 2012-03-01 01:25 44544 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
+ 2006-11-07 03:26 . 2012-04-23 14:46 44544 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
+ 2009-02-20 18:09 . 2012-04-23 14:46 78336 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
- 2009-02-20 18:09 . 2012-03-01 01:25 78336 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
- 2006-11-07 03:26 . 2012-02-29 12:16 70656 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2006-11-07 03:26 . 2012-04-23 11:33 70656 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2007-08-20 10:04 . 2012-04-23 14:46 63488 c:\windows\SYSTEM32\DLLCACHE\icardie.dll
- 2007-08-20 10:04 . 2012-03-01 01:25 63488 c:\windows\SYSTEM32\DLLCACHE\icardie.dll
- 2009-06-29 16:12 . 2012-03-01 01:25 17408 c:\windows\SYSTEM32\DLLCACHE\corpol.dll
+ 2009-06-29 16:12 . 2012-04-23 14:46 17408 c:\windows\SYSTEM32\DLLCACHE\corpol.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-13 08:57 . 2012-06-13 08:57 18944 c:\windows\Installer\433a37.msi
+ 2012-06-13 08:56 . 2012-06-13 08:56 92672 c:\windows\Installer\433a2b.msi
+ 2012-06-13 00:16 . 2012-03-01 01:25 44544 c:\windows\ie7updates\KB2699988-IE7\pngfilt.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 52224 c:\windows\ie7updates\KB2699988-IE7\msfeedsbs.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 27648 c:\windows\ie7updates\KB2699988-IE7\jsproxy.dll
+ 2012-06-13 00:16 . 2012-02-29 12:16 13824 c:\windows\ie7updates\KB2699988-IE7\ieudinit.exe
+ 2012-06-13 00:16 . 2012-03-01 01:25 44544 c:\windows\ie7updates\KB2699988-IE7\iernonce.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 78336 c:\windows\ie7updates\KB2699988-IE7\ieencode.dll
+ 2012-06-13 00:16 . 2012-02-29 12:16 70656 c:\windows\ie7updates\KB2699988-IE7\ie4uinit.exe
+ 2012-06-13 00:16 . 2012-03-01 01:25 63488 c:\windows\ie7updates\KB2699988-IE7\icardie.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 17408 c:\windows\ie7updates\KB2699988-IE7\corpol.dll
+ 2012-06-13 08:04 . 2012-06-13 08:04 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\3b25cac7d0e813760d06d71f4285a0aa\System.Web.DynamicData.Design.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3b34fc2c8c94ffe21f75168980b69dfe\System.Web.DynamicData.Design.ni.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-11-30 14:44 . 2012-05-24 16:50 4212 c:\windows\SYSTEM32\zllictbl.dat
+ 2010-11-30 14:44 . 2012-06-13 17:50 4212 c:\windows\SYSTEM32\zllictbl.dat
+ 2011-12-04 15:16 . 2012-06-13 08:56 5632 c:\windows\SYSTEM32\pndx5032.dll
- 2011-12-04 15:16 . 2011-12-04 15:16 5632 c:\windows\SYSTEM32\pndx5032.dll
- 2011-12-04 15:16 . 2011-12-04 15:16 6656 c:\windows\SYSTEM32\pndx5016.dll
+ 2011-12-04 15:16 . 2012-06-13 08:56 6656 c:\windows\SYSTEM32\pndx5016.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-09 18:05 . 2012-05-09 18:05 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-09 18:05 . 2012-05-09 18:05 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 233472 c:\windows\SYSTEM32\webcheck.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 233472 c:\windows\SYSTEM32\webcheck.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 106496 c:\windows\SYSTEM32\url.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 106496 c:\windows\SYSTEM32\url.dll
+ 2011-12-04 15:16 . 2012-06-13 08:57 198832 c:\windows\SYSTEM32\rmoc3260.dll
- 2011-12-04 15:16 . 2011-12-04 15:16 198832 c:\windows\SYSTEM32\rmoc3260.dll
+ 2008-02-14 10:37 . 2012-06-13 08:56 272896 c:\windows\SYSTEM32\pncrt.dll
- 2008-02-14 10:37 . 2011-12-04 15:16 272896 c:\windows\SYSTEM32\pncrt.dll
+ 2002-09-03 12:51 . 2012-06-13 00:47 493950 c:\windows\SYSTEM32\PERFH009.DAT
- 2002-09-03 12:51 . 2012-05-09 18:06 493950 c:\windows\SYSTEM32\PERFH009.DAT
- 2002-08-29 04:00 . 2012-03-01 01:25 102912 c:\windows\SYSTEM32\occache.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 102912 c:\windows\SYSTEM32\occache.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 671232 c:\windows\SYSTEM32\mstime.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 671232 c:\windows\SYSTEM32\mstime.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 193024 c:\windows\SYSTEM32\msrating.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 193024 c:\windows\SYSTEM32\msrating.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 479744 c:\windows\SYSTEM32\mshtmled.dll
+ 2006-11-07 21:03 . 2012-04-23 14:46 496128 c:\windows\SYSTEM32\msfeeds.dll
+ 2006-10-17 11:57 . 2012-04-23 14:46 268288 c:\windows\SYSTEM32\iertutil.dll
- 2006-10-17 11:57 . 2012-03-01 01:25 268288 c:\windows\SYSTEM32\iertutil.dll
- 2006-02-24 13:24 . 2012-03-01 01:25 192512 c:\windows\SYSTEM32\iepeers.dll
+ 2006-02-24 13:24 . 2012-04-23 14:46 192512 c:\windows\SYSTEM32\iepeers.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 384512 c:\windows\SYSTEM32\iedkcs32.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 384512 c:\windows\SYSTEM32\iedkcs32.dll
- 2006-10-17 11:27 . 2012-03-01 01:25 380928 c:\windows\SYSTEM32\ieapfltr.dll
+ 2006-10-17 11:27 . 2012-04-23 14:46 380928 c:\windows\SYSTEM32\ieapfltr.dll
- 2002-08-29 04:00 . 2012-02-29 10:59 161792 c:\windows\SYSTEM32\ieakui.dll
+ 2002-08-29 04:00 . 2012-04-22 06:39 161792 c:\windows\SYSTEM32\ieakui.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 230400 c:\windows\SYSTEM32\ieaksie.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 230400 c:\windows\SYSTEM32\ieaksie.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 153088 c:\windows\SYSTEM32\ieakeng.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 153088 c:\windows\SYSTEM32\ieakeng.dll
+ 2002-09-03 12:42 . 2012-06-13 07:43 265416 c:\windows\SYSTEM32\FNTCACHE.DAT
- 2002-09-03 12:42 . 2012-05-09 18:48 265416 c:\windows\SYSTEM32\FNTCACHE.DAT
- 2004-08-04 07:56 . 2012-03-01 01:25 133120 c:\windows\SYSTEM32\extmgr.dll
+ 2004-08-04 07:56 . 2012-04-23 14:46 133120 c:\windows\SYSTEM32\extmgr.dll
+ 2006-02-24 13:24 . 2012-04-23 14:46 214528 c:\windows\SYSTEM32\dxtrans.dll
- 2006-02-24 13:24 . 2012-03-01 01:25 214528 c:\windows\SYSTEM32\dxtrans.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 347136 c:\windows\SYSTEM32\dxtmsft.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 347136 c:\windows\SYSTEM32\dxtmsft.dll
- 2006-05-10 05:23 . 2012-03-01 01:25 832512 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2006-05-10 05:23 . 2012-05-15 15:39 832512 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
- 2006-11-07 21:03 . 2012-03-01 01:25 233472 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
+ 2006-11-07 21:03 . 2012-04-23 14:46 233472 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
+ 2006-10-17 12:05 . 2012-04-23 14:46 106496 c:\windows\SYSTEM32\DLLCACHE\url.dll
- 2006-10-17 12:05 . 2012-03-01 01:25 106496 c:\windows\SYSTEM32\DLLCACHE\url.dll
+ 2011-08-10 18:05 . 2012-05-02 13:46 139656 c:\windows\SYSTEM32\DLLCACHE\rdpwd.sys
- 2006-10-17 12:04 . 2012-03-01 01:25 102912 c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2006-10-17 12:04 . 2012-04-23 14:46 102912 c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2006-05-10 05:23 . 2012-04-23 14:46 671232 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
- 2006-05-10 05:23 . 2012-03-01 01:25 671232 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
- 2006-05-10 05:23 . 2012-03-01 01:25 193024 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
+ 2006-05-10 05:23 . 2012-04-23 14:46 193024 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
+ 2006-05-10 05:23 . 2012-04-23 14:46 479744 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2007-05-15 12:13 . 2012-04-23 14:46 496128 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2006-10-17 12:04 . 2012-04-22 06:40 634488 c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
+ 2007-05-15 12:13 . 2012-04-23 14:46 268288 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
- 2007-05-15 12:13 . 2012-03-01 01:25 268288 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
- 2006-05-10 05:22 . 2012-03-01 01:25 192512 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
+ 2006-05-10 05:22 . 2012-04-23 14:46 192512 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
- 2006-11-07 03:27 . 2012-03-01 01:25 384512 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2006-11-07 03:27 . 2012-04-23 14:46 384512 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2007-05-15 12:13 . 2012-04-23 14:46 380928 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2007-05-15 12:13 . 2012-03-01 01:25 380928 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2006-11-07 03:25 . 2012-02-29 10:59 161792 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
+ 2006-11-07 03:25 . 2012-04-22 06:39 161792 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
+ 2006-11-07 03:27 . 2012-04-23 14:46 230400 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
- 2006-11-07 03:27 . 2012-03-01 01:25 230400 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2006-11-07 03:26 . 2012-04-23 14:46 153088 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
- 2006-11-07 03:26 . 2012-03-01 01:25 153088 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
- 2006-05-10 05:22 . 2012-03-01 01:25 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2006-05-10 05:22 . 2012-04-23 14:46 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2006-05-10 05:22 . 2012-04-23 14:46 214528 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
- 2006-05-10 05:22 . 2012-03-01 01:25 214528 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2006-05-10 05:22 . 2012-04-23 14:46 347136 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2006-05-10 05:22 . 2012-03-01 01:25 347136 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2011-09-03 10:17 . 2011-09-28 07:06 599040 c:\windows\SYSTEM32\DLLCACHE\crypt32.dll
+ 2011-09-03 10:17 . 2012-05-31 13:22 599040 c:\windows\SYSTEM32\DLLCACHE\crypt32.dll
- 2006-11-07 03:26 . 2012-03-01 01:25 124928 c:\windows\SYSTEM32\DLLCACHE\advpack.dll
+ 2006-11-07 03:26 . 2012-04-23 14:46 124928 c:\windows\SYSTEM32\DLLCACHE\advpack.dll
+ 2002-08-29 04:00 . 2012-04-23 14:46 124928 c:\windows\SYSTEM32\advpack.dll
- 2002-08-29 04:00 . 2012-03-01 01:25 124928 c:\windows\SYSTEM32\advpack.dll
+ 2012-04-21 10:03 . 2012-04-21 10:03 616024 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
- 2012-01-31 02:38 . 2012-01-31 02:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-04-21 06:15 . 2012-04-21 06:15 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 616024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-04-21 20:55 . 2012-04-21 20:55 980480 c:\windows\Installer\caa155.msp
+ 2012-05-29 13:30 . 2012-05-29 13:30 897024 c:\windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
+ 2012-06-13 00:16 . 2012-03-01 01:25 832512 c:\windows\ie7updates\KB2699988-IE7\wininet.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 233472 c:\windows\ie7updates\KB2699988-IE7\webcheck.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 106496 c:\windows\ie7updates\KB2699988-IE7\url.dll
+ 2012-06-13 00:16 . 2012-03-08 15:40 382840 c:\windows\ie7updates\KB2699988-IE7\spuninst\updspapi.dll
+ 2012-06-13 00:16 . 2012-03-08 15:40 231288 c:\windows\ie7updates\KB2699988-IE7\spuninst\spuninst.exe
+ 2012-06-13 00:16 . 2012-03-01 01:25 102912 c:\windows\ie7updates\KB2699988-IE7\occache.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 671232 c:\windows\ie7updates\KB2699988-IE7\mstime.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 193024 c:\windows\ie7updates\KB2699988-IE7\msrating.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 478720 c:\windows\ie7updates\KB2699988-IE7\mshtmled.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 468480 c:\windows\ie7updates\KB2699988-IE7\msfeeds.dll
+ 2012-06-13 00:16 . 2012-02-29 11:01 634680 c:\windows\ie7updates\KB2699988-IE7\iexplore.exe
+ 2012-06-13 00:16 . 2012-03-01 01:25 268288 c:\windows\ie7updates\KB2699988-IE7\iertutil.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 192512 c:\windows\ie7updates\KB2699988-IE7\iepeers.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 384512 c:\windows\ie7updates\KB2699988-IE7\iedkcs32.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 380928 c:\windows\ie7updates\KB2699988-IE7\ieapfltr.dll
+ 2012-06-13 00:16 . 2012-02-29 10:59 161792 c:\windows\ie7updates\KB2699988-IE7\ieakui.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 230400 c:\windows\ie7updates\KB2699988-IE7\ieaksie.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 153088 c:\windows\ie7updates\KB2699988-IE7\ieakeng.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 133120 c:\windows\ie7updates\KB2699988-IE7\extmgr.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 214528 c:\windows\ie7updates\KB2699988-IE7\dxtrans.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 347136 c:\windows\ie7updates\KB2699988-IE7\dxtmsft.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 124928 c:\windows\ie7updates\KB2699988-IE7\advpack.dll
+ 2012-05-29 09:15 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\29-05-2012\ERDNT.EXE
+ 2012-05-28 19:36 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\28-05-2012\ERDNT.EXE
+ 2012-05-26 15:37 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\26-05-2012\ERDNT.EXE
+ 2012-06-13 07:50 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\13-06-2012\ERDNT.EXE
+ 2012-06-11 08:56 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\11-06-2012\ERDNT.EXE
+ 2012-06-06 07:49 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\06-06-2012\ERDNT.EXE
+ 2012-06-01 19:41 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\01-06-2012\ERDNT.EXE
+ 2012-06-13 08:04 . 2012-06-13 08:04 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\a64f6c2fbfed13a2bff7a4d5d00f700b\WindowsFormsIntegration.ni.dll
+ 2012-06-13 08:04 . 2012-06-13 08:04 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\29d24fe44bdfa436ea463565028dc849\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-06-13 08:04 . 2012-06-13 08:04 864256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\6adec34334da9c0762fe2e69f398b0df\System.Web.Extensions.Design.ni.dll
+ 2012-06-13 08:03 . 2012-06-13 08:03 334848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\2559ef16c23dd644f60fa31f11521aaa\System.Web.Entity.ni.dll
+ 2012-06-13 08:04 . 2012-06-13 08:04 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\5979cc4d4fe53dbf0919ea82370fe261\System.Web.Entity.Design.ni.dll
+ 2012-06-13 08:03 . 2012-06-13 08:03 708096 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\c6737478e64d305aa13ed952ac69543b\System.Web.DynamicData.ni.dll
+ 2012-06-13 08:03 . 2012-06-13 08:03 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\19e49ece4814c78f87a6a4c1bbf58bd1\System.Web.DataVisualization.Design.ni.dll
+ 2012-06-13 08:02 . 2012-06-13 08:02 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9f4f7e7199d4544f6621af546956e84d\System.ServiceProcess.ni.dll
+ 2012-06-13 08:03 . 2012-06-13 08:03 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\6816b81bbf5b0e4d948c7014270024e9\System.Messaging.ni.dll
+ 2012-06-13 00:42 . 2012-06-13 00:42 226304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\a9f00d46a2dce4447842d16ad10ffce4\System.Drawing.Design.ni.dll
+ 2012-06-13 08:02 . 2012-06-13 08:02 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\844034ad233269c619264768179c154d\System.Configuration.Install.ni.dll
+ 2012-06-13 08:02 . 2012-06-13 08:02 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\97e8e2e7a40521fc633bc6bba9cb5e6c\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-13 08:01 . 2012-06-13 08:01 852480 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\e8c8237c151f1c70994764b1df772bbc\AspNetMMCExt.ni.dll
+ 2012-06-13 07:51 . 2012-06-13 07:51 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\86e11a59f02b2dda27ec2e7cba351744\WindowsFormsIntegration.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\698c2093d7ac57af935b399d1c0b1790\System.Web.Routing.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\75248baf640115daeb0e580f1c5ff98b\System.Web.Extensions.Design.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\40c3b61ac38613e2b4b0f196e86185eb\System.Web.Entity.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\39cc9a830f7f08fd9f397be452fd78b0\System.Web.Entity.Design.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\88b1fd4792e7b698b788594d8e5e3c09\System.Web.DynamicData.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6333d22a2ea347432d46c40d93194c68\System.Web.Abstractions.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
+ 2012-06-13 07:49 . 2012-06-13 07:49 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\96a3fc1f74a00b618b70bd1701600408\System.Drawing.Design.ni.dll
+ 2012-06-13 00:30 . 2012-06-13 00:30 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll
 
+ 2012-06-13 07:58 . 2012-06-13 07:58 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c0045c1c7c29c7e7cc7bd60001b729a7\AspNetMMCExt.ni.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-09 18:06 . 2012-05-09 18:06 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-05-09 18:06 . 2012-05-09 18:06 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-09 18:06 . 2012-05-09 18:06 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-09 18:06 . 2012-05-09 18:06 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2006-03-02 14:57 . 2012-03-01 01:25 1168896 c:\windows\SYSTEM32\urlmon.dll
+ 2006-03-02 14:57 . 2012-04-23 14:46 1168896 c:\windows\SYSTEM32\urlmon.dll
+ 2006-03-22 16:35 . 2012-04-23 14:46 3618816 c:\windows\SYSTEM32\mshtml.dll
+ 2006-11-07 21:03 . 2012-04-23 14:46 6105088 c:\windows\SYSTEM32\ieframe.dll
+ 2008-10-15 00:08 . 2012-05-15 13:20 1863168 c:\windows\SYSTEM32\DLLCACHE\win32k.sys
- 2006-05-10 05:23 . 2012-03-01 01:25 1168896 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2006-05-10 05:23 . 2012-04-23 14:46 1168896 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-10-15 00:08 . 2012-05-04 13:12 2192640 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
- 2008-10-15 00:08 . 2012-04-11 13:10 2192640 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
- 2008-10-15 00:08 . 2012-04-11 12:35 2026496 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
+ 2008-10-15 00:08 . 2012-05-04 12:32 2026496 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
- 2008-10-15 00:08 . 2012-04-11 12:35 2069120 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
+ 2008-10-15 00:08 . 2012-05-04 12:32 2069120 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
+ 2008-10-15 00:08 . 2012-05-04 13:16 2148352 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
- 2008-10-15 00:08 . 2012-04-11 13:14 2148352 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
+ 2006-05-19 15:08 . 2012-04-23 14:46 3618816 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
+ 2007-05-15 12:13 . 2012-04-23 14:46 6105088 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
+ 2012-03-15 12:17 . 2012-03-15 12:17 5029672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2012-03-20 04:23 . 2012-03-20 04:23 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2011-12-25 02:50 . 2011-12-25 02:50 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-03-20 04:23 . 2012-03-20 04:23 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2008-07-25 10:17 . 2008-07-25 10:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 5029672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-09 17:55 . 2012-05-09 17:55 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-05-09 17:54 . 2012-05-09 17:54 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-06-13 00:41 . 2012-06-13 00:41 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-05-29 13:30 . 2012-05-29 13:30 3666432 c:\windows\Installer\ea72fe.msi
+ 2012-05-29 13:27 . 2012-05-29 13:27 9474048 c:\windows\Installer\ea72d8.msi
+ 2012-03-15 12:43 . 2012-03-15 12:43 4216320 c:\windows\Installer\caa14f.msp
+ 2012-04-22 21:37 . 2012-04-22 21:37 1182720 c:\windows\Installer\b0e7c5.msp
+ 2012-03-20 22:57 . 2012-03-20 22:57 6188544 c:\windows\Installer\b0e7be.msp
+ 2012-06-05 21:04 . 2012-06-05 21:04 2208768 c:\windows\Installer\548be.msi
+ 2012-05-29 08:59 . 2012-05-29 08:59 5161984 c:\windows\Installer\2e1c9ae.msi
+ 2012-06-13 00:16 . 2012-03-01 01:25 1168896 c:\windows\ie7updates\KB2699988-IE7\urlmon.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 3616768 c:\windows\ie7updates\KB2699988-IE7\mshtml.dll
+ 2012-06-13 00:16 . 2012-03-01 01:25 6076928 c:\windows\ie7updates\KB2699988-IE7\ieframe.dll
+ 2012-05-29 09:15 . 2012-05-29 09:15 4861952 c:\windows\ERDNT\AutoBackup\29-05-2012\Users\00000002\UsrClass.dat
+ 2012-05-28 19:36 . 2012-05-28 19:36 4861952 c:\windows\ERDNT\AutoBackup\28-05-2012\Users\00000002\UsrClass.dat
+ 2012-05-26 15:37 . 2012-05-26 15:37 4861952 c:\windows\ERDNT\AutoBackup\26-05-2012\Users\00000002\UsrClass.dat
+ 2012-06-13 07:50 . 2012-06-13 07:50 4861952 c:\windows\ERDNT\AutoBackup\13-06-2012\Users\00000002\UsrClass.dat
+ 2012-06-11 08:56 . 2012-06-11 08:56 4861952 c:\windows\ERDNT\AutoBackup\11-06-2012\Users\00000002\UsrClass.dat
+ 2012-06-06 07:49 . 2012-06-06 07:49 4861952 c:\windows\ERDNT\AutoBackup\06-06-2012\Users\00000002\UsrClass.dat
+ 2012-06-01 19:41 . 2012-06-01 19:41 4861952 c:\windows\ERDNT\AutoBackup\01-06-2012\Users\00000002\UsrClass.dat
- 2008-10-15 00:08 . 2012-04-11 13:10 2192640 c:\windows\Driver Cache\I386\ntoskrnl.exe
+ 2008-10-15 00:08 . 2012-05-04 13:12 2192640 c:\windows\Driver Cache\I386\ntoskrnl.exe
+ 2008-10-15 00:08 . 2012-05-04 12:32 2026496 c:\windows\Driver Cache\I386\ntkrpamp.exe
- 2008-10-15 00:08 . 2012-04-11 12:35 2026496 c:\windows\Driver Cache\I386\ntkrpamp.exe
- 2008-10-15 00:08 . 2012-04-11 12:35 2069120 c:\windows\Driver Cache\I386\ntkrnlpa.exe
+ 2008-10-15 00:08 . 2012-05-04 12:32 2069120 c:\windows\Driver Cache\I386\ntkrnlpa.exe
+ 2008-10-15 00:08 . 2012-05-04 13:16 2148352 c:\windows\Driver Cache\I386\ntkrnlmp.exe
- 2008-10-15 00:08 . 2012-04-11 13:14 2148352 c:\windows\Driver Cache\I386\ntkrnlmp.exe
+ 2012-06-13 00:22 . 2012-06-13 00:22 3856896 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\874de73de0aefaefe4d1226396d1b0c3\WindowsBase.ni.dll
+ 2012-06-13 08:04 . 2012-06-13 08:04 1211904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\eed3da66d4b3306d756d3115df0f6bb1\System.WorkflowServices.ni.dll
+ 2012-06-13 08:04 . 2012-06-13 08:04 4475904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\5acb45c358bf02fb59410bb895c9ec48\System.Workflow.ComponentModel.ni.dll
+ 2012-06-13 08:04 . 2012-06-13 08:04 2872320 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\868856b522838fbf26dbe8cb705031b4\System.Workflow.Activities.ni.dll
+ 2012-06-13 08:04 . 2012-06-13 08:04 4586496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\e4e27bb9487647504e4b9f5ed0711be6\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-13 08:04 . 2012-06-13 08:04 2334720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\f9f93f4c8b467bafeb32a325cfde622c\System.Web.Mobile.ni.dll
+ 2012-06-13 08:03 . 2012-06-13 08:03 3123200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\5a5c95719bc244782badb71e93920dba\System.Web.Extensions.ni.dll
+ 2012-06-13 08:03 . 2012-06-13 08:03 4574720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\8d031a0cbe9ee927b5d99f0932065f0e\System.Web.DataVisualization.ni.dll
+ 2012-06-13 08:02 . 2012-06-13 08:02 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\8a66373a8576ba2937d601e9ac2163ba\System.Printing.ni.dll
+ 2012-06-13 00:23 . 2012-06-13 00:23 1666048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3d0c73f63305fa092666e6488634d025\System.Drawing.ni.dll
+ 2012-06-13 08:02 . 2012-06-13 08:02 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\28a82e1ecfa3a9fcb0b9e2f0599672ff\System.Deployment.ni.dll
+ 2012-06-13 08:03 . 2012-06-13 08:03 3755008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\2514311fe2bd97e63d383a1aa7481290\System.Activities.Presentation.ni.dll
+ 2012-06-13 08:03 . 2012-06-13 08:03 2904576 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\86bfef5128f2b3cce7b7d8eabde5d99a\ReachFramework.ni.dll
+ 2012-06-13 08:02 . 2012-06-13 08:02 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\cf5e39885f6ccd91fa9a178379403ae3\PresentationUI.ni.dll
+ 2012-06-13 08:02 . 2012-06-13 08:02 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\f69a4dd37c018ac04d1317d6726ead72\Microsoft.VisualBasic.ni.dll
+ 2012-06-13 08:02 . 2012-06-13 08:02 1136640 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\b40cf522500114046a9d1bc17d3e512d\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-13 08:02 . 2012-06-13 08:02 2868736 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\3d7b46a4d8d43b3486e4322ccfb0820a\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-06-13 00:39 . 2012-06-13 00:40 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP309.tmp\System.Web.Extensions.dll
+ 2012-06-13 08:01 . 2012-06-13 08:01 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bd5bd406670d483b82bd51249eee59e3\System.WorkflowServices.ni.dll
+ 2012-06-13 08:01 . 2012-06-13 08:01 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\77361ebe9ad8ff77cc9a8d7f8363eb05\System.Workflow.Runtime.ni.dll
+ 2012-06-13 08:01 . 2012-06-13 08:01 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1c12dfa7826b331b243b7b45daf9904d\System.Workflow.ComponentModel.ni.dll
+ 2012-06-13 08:01 . 2012-06-13 08:01 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\514bf0e69e2c9fc8509cd23236057356\System.Workflow.Activities.ni.dll
+ 2012-06-13 08:01 . 2012-06-13 08:01 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll
+ 2012-06-13 08:01 . 2012-06-13 08:01 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\77f8cde07b131839f1841be702837e8e\System.Web.Mobile.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\242b168aaca18197eca371ec269e23ac\System.Web.Extensions.ni.dll
+ 2012-06-13 07:49 . 2012-06-13 07:49 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d380f1813e27c2a086e62f0218669d67\System.Printing.ni.dll
+ 2012-06-13 07:49 . 2012-06-13 07:49 1592320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7a53d68ad544f8e9edfdbd5a90a48fd3\System.Deployment.ni.dll
+ 2012-06-13 07:49 . 2012-06-13 07:49 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\443dd7f0b84c3de54b1a72be655e307c\ReachFramework.ni.dll
+ 2012-06-13 07:48 . 2012-06-13 07:48 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\48ddcafff1a5603fb3289e90330275c0\PresentationUI.ni.dll
+ 2012-06-13 07:59 . 2012-06-13 07:59 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
+ 2012-06-13 07:59 . 2012-06-13 07:59 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\4e463dcf2a03c71913a61b44c32e2389\Microsoft.Build.Tasks.ni.dll
+ 2012-06-13 07:59 . 2012-06-13 07:59 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\395b4a85c7941ac4dd9d1c6f5eb444c7\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-05-09 18:06 . 2012-05-09 18:06 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-09 18:06 . 2012-05-09 18:06 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-05-09 18:05 . 2012-05-09 18:05 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-13 00:46 . 2012-06-13 00:46 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-12-11 17:28 . 2012-06-13 00:25 56731752 c:\windows\SYSTEM32\MRT.exe
+ 2012-05-29 09:15 . 2012-05-29 09:15 19312640 c:\windows\ERDNT\AutoBackup\29-05-2012\Users\00000001\ntuser.dat
+ 2012-05-28 19:36 . 2012-05-28 19:36 19312640 c:\windows\ERDNT\AutoBackup\28-05-2012\Users\00000001\ntuser.dat
+ 2012-05-26 15:37 . 2012-05-26 15:37 19312640 c:\windows\ERDNT\AutoBackup\26-05-2012\Users\00000001\ntuser.dat
+ 2012-06-13 07:50 . 2012-06-13 07:50 19312640 c:\windows\ERDNT\AutoBackup\13-06-2012\Users\00000001\ntuser.dat
+ 2012-06-11 08:56 . 2012-06-11 08:56 19312640 c:\windows\ERDNT\AutoBackup\11-06-2012\Users\00000001\ntuser.dat
+ 2012-06-06 07:48 . 2012-06-06 07:49 19312640 c:\windows\ERDNT\AutoBackup\06-06-2012\Users\00000001\ntuser.dat
+ 2012-06-01 19:41 . 2012-06-01 19:41 19312640 c:\windows\ERDNT\AutoBackup\01-06-2012\Users\00000001\ntuser.dat
+ 2012-06-13 00:42 . 2012-06-13 00:42 13197824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\31649acbb300c306f8359f26e94572a9\System.Windows.Forms.ni.dll
+ 2012-06-13 08:02 . 2012-06-13 08:02 12076544 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\ecb254465d18012f0f80e56f3b6f70ab\System.Web.ni.dll
+ 2012-06-13 00:42 . 2012-06-13 00:42 11002880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\6caaae10f534d7fa6a2c14689a0bdb6f\System.Design.ni.dll
+ 2012-06-13 00:23 . 2012-06-13 00:23 17998848 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\2be5c267837bce48c2588db1cb45a218\PresentationFramework.ni.dll
+ 2012-06-13 00:22 . 2012-06-13 00:22 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2dc4170e59c6defec194ce1d3b7e9b6e\PresentationCore.ni.dll
+ 2012-06-13 07:49 . 2012-06-13 07:50 12433920 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
+ 2012-06-13 08:00 . 2012-06-13 08:00 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
+ 2012-06-13 07:49 . 2012-06-13 07:49 10682368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f73a8455f384e90f6925309336fece24\System.Design.ni.dll
+ 2012-06-13 07:48 . 2012-06-13 07:48 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Gerry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Gerry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Gerry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Gerry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2010-11-27 1496528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"Check Point Endpoint Tray Application"="c:\program files\Common Files\Check Point\UIFramework\cptray.exe" [2010-05-19 70144]
"Check Point Endpoint Connect"="c:\program files\Checkpoint\Endpoint Security\Endpoint Connect\TrGUI.exe" [2010-05-09 624136]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-13 296056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Gerry\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Gerry\Application Data\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-5-18 1454143]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\TunnelServer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Gerry\\My Documents\\Downloads\\T-RSMXP\\RapidShare Manager for XP\\RapidShareManager.exe"=
"c:\\Documents and Settings\\Gerry\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Checkpoint\\Endpoint Security\\Endpoint Connect\\TracSrvWrapper.exe"=
"c:\\Program Files\\Checkpoint\\Endpoint Security\\Endpoint Connect\\TrGUI.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\SYSTEM32\DRIVERS\avgidshx.sys [19/04/2012 04:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [19/01/2011 04:32 31952]
R0 DiMaint;Eicon Maintenance Driver;c:\windows\SYSTEM32\DRIVERS\DISDN\dimaint.sys [04/12/2002 14:49 91408]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [07/01/2011 06:41 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [10/02/2011 07:54 301248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 04:53 193288]
R2 DiCapi;Eicon CAPI 2.0 Driver;c:\windows\SYSTEM32\DRIVERS\DISDN\capi202k.sys [12/06/2001 14:27 181168]
R2 DiPort;Eicon Port Driver;c:\windows\SYSTEM32\DRIVERS\DISDN\diport40.sys [16/10/2002 15:32 206976]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [27/11/2010 01:55 398176]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\avgidsdriverx.sys [23/12/2011 13:32 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\avgidsfilterx.sys [23/12/2011 13:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\avgidsshimx.sys [23/12/2011 13:32 17232]
R3 DiWan;Eicon Driver for all Diva Client cards;c:\windows\SYSTEM32\DRIVERS\DISDN\Diwan.sys [03/10/2002 16:35 911920]
R3 vna_ap;Check Point Virtual Network Adapter - Apollo;c:\windows\SYSTEM32\DRIVERS\vnaap.sys [09/05/2010 20:11 129304]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [30/04/2012 09:44 5106744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate1c9f4b5549515e;Google Update Service (gupdate1c9f4b5549515e);c:\program files\Google\Update\GoogleUpdate.exe [24/06/2009 11:17 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [19/04/2012 18:51 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [24/06/2009 11:17 133104]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [29/08/2002 05:00 14336]
S3 NuVision;Hauppauge WinTV USB Pro (PAL I,D/K);c:\windows\SYSTEM32\DRIVERS\NUVision.sys [13/02/2008 16:13 260144]
S3 pcouffin;VSO Software pcouffin;c:\windows\SYSTEM32\DRIVERS\pcouffin.sys [07/07/2007 12:17 47360]
S3 TracSrvWrapper;Check Point Endpoint Connect;c:\program files\Checkpoint\Endpoint Security\Endpoint Connect\TracSrvWrapper.exe [09/05/2010 20:11 3511824]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 BCSWAP;BCSWAP;c:\windows\SYSTEM32\DRIVERS\BCSwap.sys [25/01/2007 15:54 91496]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - kgrcyuob
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 07:51]
.
2012-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2003-12-01 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2200 series5E771253C1676EBED677BF361FDFC537825E15B8062102495.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 10:17]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 10:17]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3836196526-914930832-50539439-1006Core.job
- c:\documents and settings\Brid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-19 23:26]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3836196526-914930832-50539439-1006UA.job
- c:\documents and settings\Brid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-19 23:26]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3836196526-914930832-50539439-1007Core.job
- c:\documents and settings\Gerry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-29 09:24]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3836196526-914930832-50539439-1007UA.job
- c:\documents and settings\Gerry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-29 09:24]
.
2012-06-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3836196526-914930832-50539439-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21]
.
2012-06-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3836196526-914930832-50539439-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21]
.
2012-04-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3836196526-914930832-50539439-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21]
.
2012-06-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3836196526-914930832-50539439-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21]
.
2003-08-06 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-07-29 08:04]
.
2012-06-12 c:\windows\Tasks\User_Feed_Synchronization-{F5622167-D928-44CB-8ABA-F40AB5B55F88}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-13 19:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1488)
c:\windows\system32\WININET.dll
c:\documents and settings\Gerry\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-06-13 19:43:09
ComboFix-quarantined-files.txt 2012-06-13 18:42
ComboFix2.txt 2012-05-24 17:35
ComboFix3.txt 2008-12-17 02:49
.
Pre-Run: 3,539,197,952 bytes free
Post-Run: 3,834,159,104 bytes free
.
- - End Of File - - C39B1C57874E4D4BB58F566385763E6F
 
Not really seeing anything in the logs that would provide a hint as far as malware goes. I know you ran tdsskiller already but go ahead and run it again, no doubt its been updated and it will prompt you to download and run the new version.
 
Heres the TDSS log. There was an update too.

23:17:34.0218 1296 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
23:17:34.0484 1296 ============================================================
23:17:34.0484 1296 Current date / time: 2012/06/15 23:17:34.0484
23:17:34.0484 1296 SystemInfo:
23:17:34.0484 1296
23:17:34.0484 1296 OS Version: 5.1.2600 ServicePack: 3.0
23:17:34.0484 1296 Product type: Workstation
23:17:34.0484 1296 ComputerName: BRIDS_DELL
23:17:34.0484 1296 UserName: Gerry
23:17:34.0484 1296 Windows directory: C:\WINDOWS
23:17:34.0484 1296 System windows directory: C:\WINDOWS
23:17:34.0484 1296 Processor architecture: Intel x86
23:17:34.0484 1296 Number of processors: 1
23:17:34.0484 1296 Page size: 0x1000
23:17:34.0484 1296 Boot type: Normal boot
23:17:34.0484 1296 ============================================================
23:17:38.0953 1296 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:17:38.0968 1296 ============================================================
23:17:38.0968 1296 \Device\Harddisk0\DR0:
23:17:38.0968 1296 MBR partitions:
23:17:38.0968 1296 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x94EEEB9
23:17:38.0968 1296 ============================================================
23:17:38.0968 1296 Initialize success
23:17:38.0968 1296 ============================================================
23:17:48.0140 0560 ============================================================
23:17:48.0140 0560 Scan started
23:17:48.0140 0560 Mode: Manual;
23:17:48.0140 0560 ============================================================
23:17:48.0187 0560 6to4 - ok
23:17:48.0203 0560 Abiosdsk - ok
23:17:48.0218 0560 abp480n5 - ok
23:17:48.0234 0560 ACPI - ok
23:17:48.0250 0560 ACPIEC - ok
23:17:48.0250 0560 AdobeFlashPlayerUpdateSvc - ok
23:17:48.0265 0560 adpu160m - ok
23:17:48.0281 0560 aeaudio - ok
23:17:48.0296 0560 aec - ok
23:17:48.0296 0560 AFD - ok
23:17:48.0312 0560 AFS2K - ok
23:17:48.0328 0560 agp440 - ok
23:17:48.0343 0560 agpCPQ - ok
23:17:48.0359 0560 Aha154x - ok
23:17:48.0359 0560 aic78u2 - ok
23:17:48.0375 0560 aic78xx - ok
23:17:48.0390 0560 Alerter - ok
23:17:48.0406 0560 ALG - ok
23:17:48.0421 0560 AliIde - ok
23:17:48.0437 0560 alim1541 - ok
23:17:48.0453 0560 amdagp - ok
23:17:48.0453 0560 amsint - ok
23:17:48.0468 0560 Apple Mobile Device - ok
23:17:48.0484 0560 AppMgmt - ok
23:17:48.0500 0560 asc - ok
23:17:48.0515 0560 asc3350p - ok
23:17:48.0531 0560 asc3550 - ok
23:17:48.0562 0560 aspnet_state - ok
23:17:48.0578 0560 AsyncMac - ok
23:17:48.0593 0560 atapi - ok
23:17:48.0609 0560 Atdisk - ok
23:17:48.0625 0560 Atmarpc - ok
23:17:48.0625 0560 AudioSrv - ok
23:17:48.0640 0560 audstub - ok
23:17:48.0671 0560 AVGIDSAgent - ok
23:17:48.0671 0560 AVGIDSDriver - ok
23:17:48.0687 0560 AVGIDSFilter - ok
23:17:48.0703 0560 AVGIDSHX - ok
23:17:48.0718 0560 AVGIDSShim - ok
23:17:48.0734 0560 Avgldx86 - ok
23:17:48.0734 0560 Avgmfx86 - ok
23:17:48.0750 0560 Avgrkx86 - ok
23:17:48.0765 0560 Avgtdix - ok
23:17:48.0781 0560 avgwd - ok
23:17:48.0796 0560 bcm4sbxp - ok
23:17:48.0812 0560 BCSWAP - ok
23:17:48.0828 0560 Beep - ok
23:17:48.0843 0560 BITS - ok
23:17:48.0859 0560 Bonjour Service - ok
23:17:48.0875 0560 BridgeMP - ok
23:17:48.0875 0560 Browser - ok
23:17:48.0890 0560 catchme - ok
23:17:48.0906 0560 cbidf - ok
23:17:48.0921 0560 cbidf2k - ok
23:17:48.0937 0560 CCALib8 - ok
23:17:48.0953 0560 CCDECODE - ok
23:17:48.0968 0560 cd20xrnt - ok
23:17:48.0968 0560 Cdaudio - ok
23:17:48.0984 0560 Cdfs - ok
23:17:49.0000 0560 Cdr4_xp - ok
23:17:49.0015 0560 Cdralw2k - ok
23:17:49.0031 0560 Cdrom - ok
23:17:49.0031 0560 cdudf_xp - ok
23:17:49.0046 0560 Changer - ok
23:17:49.0062 0560 CiSvc - ok
23:17:49.0078 0560 ClipSrv - ok
23:17:49.0093 0560 clr_optimization_v2.0.50727_32 - ok
23:17:49.0109 0560 clr_optimization_v4.0.30319_32 - ok
23:17:49.0125 0560 CmdIde - ok
23:17:49.0125 0560 COMSysApp - ok
23:17:49.0156 0560 Cpqarray - ok
23:17:49.0171 0560 CryptSvc - ok
23:17:49.0187 0560 CVirtA - ok
23:17:49.0203 0560 CVPND - ok
23:17:49.0218 0560 CVPNDRVA - ok
23:17:49.0234 0560 dac2w2k - ok
23:17:49.0250 0560 dac960nt - ok
23:17:49.0250 0560 DcomLaunch - ok
23:17:49.0265 0560 Dhcp - ok
23:17:49.0281 0560 DiCapi - ok
23:17:49.0296 0560 DiMaint - ok
23:17:49.0312 0560 DiPort - ok
23:17:49.0328 0560 Disk - ok
23:17:49.0328 0560 DiWan - ok
23:17:49.0343 0560 dmadmin - ok
23:17:49.0359 0560 dmboot - ok
23:17:49.0359 0560 dmio - ok
23:17:49.0375 0560 dmload - ok
23:17:49.0390 0560 dmserver - ok
23:17:49.0406 0560 DMusic - ok
23:17:49.0406 0560 DNE - ok
23:17:49.0421 0560 Dnscache - ok
23:17:49.0468 0560 Dot3svc - ok
23:17:49.0468 0560 dpti2o - ok
23:17:49.0484 0560 drmkaud - ok
23:17:49.0500 0560 dvd_2K - ok
23:17:49.0500 0560 EapHost - ok
23:17:49.0515 0560 EL90XBC - ok
23:17:49.0531 0560 ERSvc - ok
23:17:49.0546 0560 Eventlog - ok
23:17:49.0562 0560 EventSystem - ok
23:17:49.0562 0560 Fastfat - ok
23:17:49.0578 0560 FastUserSwitchingCompatibility - ok
23:17:49.0593 0560 Fdc - ok
23:17:49.0609 0560 Fips - ok
23:17:49.0609 0560 Flpydisk - ok
23:17:49.0625 0560 FltMgr - ok
23:17:49.0640 0560 FontCache3.0.0.0 - ok
23:17:49.0656 0560 Fs_Rec - ok
23:17:49.0656 0560 Ftdisk - ok
23:17:49.0671 0560 GEARAspiWDM - ok
23:17:49.0687 0560 Gpc - ok
23:17:49.0703 0560 gupdate1c9f4b5549515e - ok
23:17:49.0718 0560 gupdatem - ok
23:17:49.0718 0560 helpsvc - ok
23:17:49.0734 0560 HidServ - ok
23:17:49.0750 0560 hkmsvc - ok
23:17:49.0765 0560 hpn - ok
23:17:49.0765 0560 HPZid412 - ok
23:17:49.0781 0560 HPZipr12 - ok
23:17:49.0796 0560 HPZius12 - ok
23:17:49.0812 0560 HTTP - ok
23:17:49.0828 0560 HTTPFilter - ok
23:17:49.0828 0560 i2omgmt - ok
23:17:49.0843 0560 i2omp - ok
23:17:49.0859 0560 i8042prt - ok
23:17:49.0875 0560 i81x - ok
23:17:49.0875 0560 iAimFP0 - ok
23:17:49.0890 0560 iAimFP1 - ok
23:17:49.0906 0560 iAimFP2 - ok
23:17:49.0906 0560 iAimFP3 - ok
23:17:49.0921 0560 iAimFP4 - ok
23:17:49.0937 0560 iAimTV0 - ok
23:17:49.0953 0560 iAimTV1 - ok
23:17:49.0953 0560 iAimTV2 - ok
23:17:49.0968 0560 iAimTV3 - ok
23:17:49.0984 0560 iAimTV4 - ok
23:17:50.0000 0560 ialm - ok
23:17:50.0000 0560 IDriverT - ok
23:17:50.0015 0560 idsvc - ok
23:17:50.0031 0560 Imapi - ok
23:17:50.0046 0560 Imapi Helper - ok
23:17:50.0062 0560 ImapiService - ok
23:17:50.0093 0560 ini910u - ok
23:17:50.0109 0560 IntelIde - ok
23:17:50.0109 0560 intelppm - ok
23:17:50.0125 0560 ip6fw - ok
23:17:50.0140 0560 IpFilterDriver - ok
23:17:50.0156 0560 iphlpsvc - ok
23:17:50.0156 0560 IpInIp - ok
23:17:50.0171 0560 IpNat - ok
23:17:50.0187 0560 iPod Service - ok
23:17:50.0203 0560 IPSec - ok
23:17:50.0203 0560 IRENUM - ok
23:17:50.0234 0560 isapnp - ok
23:17:50.0234 0560 JavaQuickStarterService - ok
23:17:50.0250 0560 Kbdclass - ok
23:17:50.0265 0560 kmixer - ok
23:17:50.0281 0560 KSecDD - ok
23:17:50.0296 0560 lanmanserver - ok
23:17:50.0312 0560 lanmanworkstation - ok
23:17:50.0328 0560 lbrtfdc - ok
23:17:50.0343 0560 LmHosts - ok
23:17:50.0359 0560 MDM - ok
23:17:50.0375 0560 mmc_2K - ok
23:17:50.0390 0560 mnmdd - ok
23:17:50.0406 0560 mnmsrvc - ok
23:17:50.0406 0560 Modem - ok
23:17:50.0421 0560 Mouclass - ok
23:17:50.0437 0560 MountMgr - ok
23:17:50.0453 0560 mraid35x - ok
23:17:50.0468 0560 MRxDAV - ok
23:17:50.0468 0560 MRxSmb - ok
23:17:50.0484 0560 MSDTC - ok
23:17:50.0515 0560 Msfs - ok
23:17:50.0515 0560 MSIServer - ok
23:17:50.0546 0560 MSKSSRV - ok
23:17:50.0562 0560 MSPCLOCK - ok
23:17:50.0578 0560 MSPQM - ok
23:17:50.0578 0560 mssmbios - ok
23:17:50.0593 0560 MSTEE - ok
23:17:50.0609 0560 Mup - ok
23:17:50.0625 0560 NABTSFEC - ok
23:17:50.0640 0560 napagent - ok
23:17:50.0640 0560 NDIS - ok
23:17:50.0656 0560 NdisIP - ok
23:17:50.0671 0560 NdisTapi - ok
23:17:50.0687 0560 Ndisuio - ok
23:17:50.0703 0560 NdisWan - ok
23:17:50.0718 0560 NDProxy - ok
23:17:50.0734 0560 NetBIOS - ok
23:17:50.0750 0560 NetBT - ok
23:17:50.0750 0560 NetDDE - ok
23:17:50.0765 0560 NetDDEdsdm - ok
23:17:50.0781 0560 Netlogon - ok
23:17:50.0796 0560 Netman - ok
23:17:50.0812 0560 NetTcpPortSharing - ok
23:17:50.0812 0560 Nla - ok
23:17:50.0843 0560 nosGetPlusHelper - ok
23:17:50.0843 0560 Npfs - ok
23:17:50.0859 0560 Ntfs - ok
23:17:50.0875 0560 NtLmSsp - ok
23:17:50.0890 0560 NtmsSvc - ok
23:17:50.0906 0560 Null - ok
23:17:50.0906 0560 NuVision - ok
23:17:50.0921 0560 nv - ok
23:17:50.0937 0560 NwlnkFlt - ok
23:17:50.0953 0560 NwlnkFwd - ok
23:17:50.0953 0560 omci - ok
23:17:50.0968 0560 P3 - ok
23:17:50.0984 0560 Parport - ok
23:17:51.0000 0560 PartMgr - ok
23:17:51.0000 0560 ParVdm - ok
23:17:51.0015 0560 PCI - ok
23:17:51.0031 0560 PCIDump - ok
23:17:51.0046 0560 PCIIde - ok
23:17:51.0062 0560 Pcmcia - ok
23:17:51.0078 0560 pcouffin - ok
23:17:51.0093 0560 PDCOMP - ok
23:17:51.0109 0560 PDFRAME - ok
23:17:51.0109 0560 PDRELI - ok
23:17:51.0125 0560 PDRFRAME - ok
23:17:51.0140 0560 perc2 - ok
23:17:51.0156 0560 perc2hib - ok
23:17:51.0187 0560 PlugPlay - ok
23:17:51.0203 0560 PMBDeviceInfoProvider - ok
23:17:51.0203 0560 Pml Driver HPZ12 - ok
23:17:51.0218 0560 PolicyAgent - ok
23:17:51.0234 0560 PptpMiniport - ok
23:17:51.0250 0560 Processor - ok
23:17:51.0265 0560 ProtectedStorage - ok
23:17:51.0281 0560 PSched - ok
23:17:51.0296 0560 Ptilink - ok
23:17:51.0296 0560 pwd_2k - ok
23:17:51.0328 0560 PxHelp20 - ok
23:17:51.0328 0560 ql1080 - ok
23:17:51.0343 0560 Ql10wnt - ok
23:17:51.0359 0560 ql12160 - ok
23:17:51.0375 0560 ql1240 - ok
23:17:51.0390 0560 ql1280 - ok
23:17:51.0390 0560 RasAcd - ok
23:17:51.0406 0560 RasAuto - ok
23:17:51.0437 0560 Rasl2tp - ok
23:17:51.0437 0560 RasMan - ok
23:17:51.0437 0560 RasPppoe - ok
23:17:51.0453 0560 Raspti - ok
23:17:51.0468 0560 Rdbss - ok
23:17:51.0484 0560 RDPCDD - ok
23:17:51.0500 0560 rdpdr - ok
23:17:51.0531 0560 RDPWD - ok
23:17:51.0546 0560 RDSessMgr - ok
23:17:51.0546 0560 redbook - ok
23:17:51.0562 0560 RemoteAccess - ok
23:17:51.0578 0560 RemoteRegistry - ok
23:17:51.0593 0560 RpcLocator - ok
23:17:51.0609 0560 RpcSs - ok
23:17:51.0609 0560 RSVP - ok
23:17:51.0625 0560 SamSs - ok
23:17:51.0640 0560 SCardSvr - ok
23:17:51.0656 0560 Schedule - ok
23:17:51.0671 0560 Secdrv - ok
23:17:51.0687 0560 seclogon - ok
23:17:51.0687 0560 SENS - ok
23:17:51.0703 0560 serenum - ok
23:17:51.0718 0560 Serial - ok
23:17:51.0765 0560 Sfloppy - ok
23:17:51.0781 0560 SharedAccess - ok
23:17:51.0796 0560 ShellHWDetection - ok
23:17:51.0812 0560 Simbad - ok
23:17:51.0812 0560 sisagp - ok
23:17:51.0828 0560 SLIP - ok
23:17:51.0859 0560 smwdm - ok
23:17:51.0875 0560 Sparrow - ok
23:17:51.0890 0560 splitter - ok
23:17:51.0890 0560 Spooler - ok
23:17:51.0906 0560 sr - ok
23:17:51.0921 0560 srservice - ok
23:17:51.0921 0560 Srv - ok
23:17:51.0937 0560 SSDPSRV - ok
23:17:51.0953 0560 stisvc - ok
23:17:51.0968 0560 streamip - ok
23:17:51.0984 0560 swenum - ok
23:17:52.0000 0560 swmidi - ok
23:17:52.0000 0560 SwPrv - ok
23:17:52.0031 0560 symc810 - ok
23:17:52.0031 0560 symc8xx - ok
23:17:52.0046 0560 sym_hi - ok
23:17:52.0062 0560 sym_u3 - ok
23:17:52.0093 0560 sysaudio - ok
23:17:52.0093 0560 SysmonLog - ok
23:17:52.0109 0560 TapiSrv - ok
23:17:52.0125 0560 Tcpip - ok
23:17:52.0140 0560 Tcpip6 - ok
23:17:52.0156 0560 TDPIPE - ok
23:17:52.0156 0560 TDTCP - ok
23:17:52.0171 0560 tdx - ok
23:17:52.0187 0560 TermDD - ok
23:17:52.0203 0560 TermService - ok
23:17:52.0203 0560 Themes - ok
23:17:52.0218 0560 TlntSvr - ok
23:17:52.0234 0560 TosIde - ok
23:17:52.0250 0560 TracSrvWrapper - ok
23:17:52.0265 0560 TrkWks - ok
23:17:52.0281 0560 truecrypt - ok
23:17:52.0296 0560 tunmp - ok
23:17:52.0312 0560 UdfReadr_xp - ok
23:17:52.0328 0560 Udfs - ok
23:17:52.0343 0560 ultra - ok
23:17:52.0343 0560 Update - ok
23:17:52.0359 0560 upnphost - ok
23:17:52.0375 0560 UPS - ok
23:17:52.0390 0560 USBAAPL - ok
23:17:52.0406 0560 usbccgp - ok
23:17:52.0406 0560 usbehci - ok
23:17:52.0421 0560 usbhub - ok
23:17:52.0437 0560 usbprint - ok
23:17:52.0468 0560 usbscan - ok
23:17:52.0484 0560 USBSTOR - ok
23:17:52.0500 0560 usbuhci - ok
23:17:52.0500 0560 VgaSave - ok
23:17:52.0515 0560 viaagp - ok
23:17:52.0531 0560 ViaIde - ok
23:17:52.0546 0560 vna_ap - ok
23:17:52.0562 0560 VolSnap - ok
23:17:52.0578 0560 vsdatant - ok
23:17:52.0593 0560 vsmon - ok
23:17:52.0593 0560 VSS - ok
23:17:52.0625 0560 w32time - ok
23:17:52.0640 0560 Wanarp - ok
23:17:52.0656 0560 WDICA - ok
23:17:52.0656 0560 wdmaud - ok
23:17:52.0671 0560 WebClient - ok
23:17:52.0687 0560 WinDefend - ok
23:17:52.0718 0560 WinHttpAutoProxySvc - ok
23:17:52.0718 0560 winmgmt - ok
23:17:52.0796 0560 WmdmPmSN - ok
23:17:52.0812 0560 Wmi - ok
23:17:52.0828 0560 WmiApSrv - ok
23:17:52.0843 0560 WMPNetworkSvc - ok
23:17:52.0859 0560 WPFFontCache_v0400 - ok
23:17:52.0875 0560 WS2IFSL - ok
23:17:52.0890 0560 wscsvc - ok
23:17:52.0906 0560 WSTCODEC - ok
23:17:52.0906 0560 wuauserv - ok
23:17:52.0953 0560 WudfPf - ok
23:17:52.0953 0560 WudfRd - ok
23:17:52.0968 0560 WudfSvc - ok
23:17:52.0984 0560 WZCSVC - ok
23:17:53.0000 0560 xmlprov - ok
23:17:53.0031 0560 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
23:17:53.0062 0560 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
23:17:53.0093 0560 MBR (0x1B8) (ef2eec94b0e09a39d077d3e01a352d8f) \Device\Harddisk0\DR0
23:17:53.0640 0560 \Device\Harddisk0\DR0 - ok
23:17:53.0687 0560 Boot (0x1200) (cf03cf63873571b28db5bed637f3053c) \Device\Harddisk0\DR0\Partition0
23:17:53.0687 0560 \Device\Harddisk0\DR0\Partition0 - ok
23:17:53.0687 0560 ============================================================
23:17:53.0687 0560 Scan finished
23:17:53.0687 0560 ============================================================
23:17:53.0703 0796 Detected object count: 0
23:17:53.0703 0796 Actual detected object count: 0
23:18:07.0078 0876 Deinitialize success
 
Normally if its possible I like to get confirmation of malware in more than just one log before proceeding with attempting to fix it.

We will get another download to use. First download mbrcheck to your desktop. Double click it to run and produce a .txt (mbr.log) file on your desktop. Post the file in your reply.

I know you already ran aswMBR once but lets run it again. You can delete the old copy on your desktop if you havent already as well as the old aswMBR.txt log and MBR.dat file.
Download a new copy to your destop, double click to start and click the scan button. When its done click the save log button and post the log.
 
MBR log

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: IC35L090AVV207-0 rev.V23OA66A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
sectors 156249998 (+255): user != kernel
 
aswmbr log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-21 11:29:33
-----------------------------
11:29:33.081 OS Version: Windows 5.1.2600 Service Pack 3
11:29:33.081 Number of processors: 1 586 0x207
11:29:33.096 ComputerName: BRIDS_DELL UserName: Gerry
11:29:34.096 Initialize success
11:30:20.987 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:30:20.987 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 76293MB BusType: 3
11:30:21.003 Disk 0 MBR read successfully
11:30:21.003 Disk 0 MBR scan
11:30:21.003 Disk 0 unknown MBR code
11:30:21.003 Disk 0 Partition 1 00 DE Dell Utility 31 MB offset 63
11:30:21.003 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS 76253 MB offset 64260
11:30:21.003 Disk 0 scanning sectors +156232125
11:30:21.065 Disk 0 scanning C:\WINDOWS\system32\drivers
11:30:21.065 Service scanning
11:30:21.815 Service ACPI C:\WINDOWS\System32\DRIVERS\ACPI.sys **LOCKED** 32
11:30:56.549 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
11:31:02.924 Modules scanning
11:31:03.003 Disk 0 trace - called modules:
11:31:03.034 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x8a9e5999]<<
11:31:03.034 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a9ddab8]
11:31:03.034 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aa59d98]
11:31:03.034 Scan finished successfully
11:31:40.534 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gerry\My Documents\MBR.dat"
11:31:40.534 The log file has been saved successfully to "C:\Documents and Settings\Gerry\My Documents\aswMBR2.txt"
 
One more thing i've noticed. Since we ran last combofix Windows update is not available. I looked at the event viewer and these errors are logged.


The @%SystemRoot%\system32\tcpipcfg.dll,-50004 service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


The @%SystemRoot%\system32\tcpipcfg.dll,-50004 service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

The Automatic Updates service failed to start due to the following error:
%%1290

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

My computer is still functioning but i think windows updates may go out of date soon. Virus redirect is quieter some days and not other days but still appears when the mood takes it. Really weird like it has a mind of its own.

Thanks for your help again.
 
Thanks for the info. Really I dont have a lot to go on with your logs. Normally you get confirmation of malware between logs but Iam having a hard time finding anything to go on with your logs. But your still getting the redirects.

When you ran aswmbr it created a MBR.dat file on your desktop. Go here browse for the file on your desktop then upload it using the Scan It! button.
Once its done scanning you can copy/paste the URL in your reply.

Also download Minitoolbox run it and select:
Report IE proxy settings
Report FF proxy settings
List Content of Host
List IP configuration
Next click GO at the bottom. It will create a Results.txt on your desktop. Post it in your reply.
 
Got the redirect today first thing when googling 'spybot malware forum'
reran aswmbr. The line in bold below appears in red during scan ?

link to mbr.dat virustool scan
https://www.virustotal.com/file/f5a...789c5d9117c99ec986c45c71/analysis/1340787730/


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-27 09:58:56
-----------------------------
09:58:56.859 OS Version: Windows 5.1.2600 Service Pack 3
09:58:56.859 Number of processors: 1 586 0x207
09:58:56.859 ComputerName: BRIDS_DELL UserName: Gerry
09:59:07.406 Initialize success
09:59:20.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:59:20.406 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 76293MB BusType: 3
09:59:20.515 Disk 0 MBR read successfully
09:59:20.515 Disk 0 MBR scan
09:59:20.515 Disk 0 unknown MBR code
09:59:20.546 Disk 0 Partition 1 00 DE Dell Utility 31 MB offset 63
09:59:20.609 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS 76253 MB offset 64260
09:59:20.625 Disk 0 scanning sectors +156232125
09:59:20.875 Disk 0 scanning C:\WINDOWS\system32\drivers
09:59:20.906 Service scanning
09:59:23.343 Service ACPI C:\WINDOWS\System32\DRIVERS\ACPI.sys **LOCKED** 32
10:00:30.093 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
10:00:33.796 Modules scanning
10:00:34.078 Disk 0 trace - called modules:
10:00:34.109 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x8a80a509]<<
10:00:34.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a9ddab8]
10:00:34.109 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aa59d98]
10:00:34.109 Scan finished successfully
10:01:07.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gerry\My Documents\Downloads\MBR.dat"
10:01:07.968 The log file has been saved successfully to "C:\Documents and Settings\Gerry\My Documents\Downloads\aswMBR3.txt"
 
MiniToolBox by Farbar Version: 25-06-2012
Ran by Gerry (administrator) on 27-06-2012 at 10:07:29
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com

There are 15218 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Cisco Systems VPN Adapter = Local Area Connection 2 (Disconnected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "{464B29D9-1754-4002-8858-1DE1933BA105}"

set address name="{464B29D9-1754-4002-8858-1DE1933BA105}" source=dhcp
set dns name="{464B29D9-1754-4002-8858-1DE1933BA105}" source=dhcp register=NONE
set wins name="{464B29D9-1754-4002-8858-1DE1933BA105}" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : BRIDS_DELL

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : lan



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : lan

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-0B-DB-B2-A3-4F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::20b:dbff:feb2:a34f%4

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

fec0:0:0:ffff::1%2

fec0:0:0:ffff::2%2

fec0:0:0:ffff::3%2

Lease Obtained. . . . . . . . . . : 27 June 2012 08:58:40

Lease Expires . . . . . . . . . . : 28 June 2012 08:58:40



Ethernet adapter {464B29D9-1754-4002-8858-1DE1933BA105}:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Check Point Virtual Network Adapter For Endpoint VPN Client - Packet Scheduler Miniport

Physical Address. . . . . . . . . : 54-51-E8-DD-9E-12



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 80-00-23-3A-AB-34-DF-64

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 2001:0:5ef5:79fd:8000:233a:ab34:df64

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%6

Default Gateway . . . . . . . . . : ::

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . : lan

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-01-64

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.100%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2

fec0:0:0:ffff::2%2

fec0:0:0:ffff::3%2

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: smart.lan
Address: 192.168.1.1

Name: google.com
Address: 87.125.87.99



Pinging google.com [87.125.87.99] with 32 bytes of data:



Reply from 87.125.87.99: bytes=32 time=125ms TTL=57

Reply from 87.125.87.99: bytes=32 time=124ms TTL=57



Ping statistics for 87.125.87.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 124ms, Maximum = 125ms, Average = 124ms

Server: smart.lan
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=168ms TTL=50

Reply from 209.191.122.70: bytes=32 time=171ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 168ms, Maximum = 171ms, Average = 169ms

Server: smart.lan
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0b db b2 a3 4f ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x3 ...54 51 e8 dd 9e 12 ...... Check Point Virtual Network Adapter For Endpoint VPN Client - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.100 192.168.1.100 20
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 20
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 20
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 20
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
255.255.255.255 255.255.255.255 192.168.1.100 3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

**** End of log ****
 
Ok thanks for the info. Next step is to rerun aswmbr like you did before by clicking the Scan button, when its done running click the Fix button.
Once its done click the save log button to save the .txt file somewhere then immediately reboot your machine and post the log you saved.
 
Normally I dont like to run a fix without confirmation from another tool which I dont see in any of the logs and also we seem to have exhausted other possible causes for the redirects along with other utilities to use. So since this is the case I dont see any other option but to use the Fixmbr tool in aswMBR.exe.

Do you have data/files you dont want to lose backed up to other media, just as a precaution? The tool will rewrite a new master boot record to the hard drive.
 
You must log in or register to reply here.
Back
Top