FlowerEye Skrevet 22. august 2008 Del Skrevet 22. august 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:46:09, on 22.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\QuickTime\QTTask.exe C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\WINDOWS\System32\igfxtray.exe C:\Programfiler\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\V0350Mon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\Programfiler\MagicDisc\MagicDisc.exe C:\Programfiler\HPQ\shared\hpqwmi.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\Adobe\Adobe Photoshop CS2\Photoshop.exe C:\DOCUME~1\DANIEL~1\LOKALE~1\Temp\Adobelm_Cleanup.0001 C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe C:\DOCUME~1\DANIEL~1\LOKALE~1\Temp\Adobelm_Cleanup.0001 C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://norwegian.ircfast2.com/index.php?rvs=hompag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programfiler\TorrentMan\tbTor1.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programfiler\TorrentMan\tbTor1.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programfiler\TorrentMan\tbTor1.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Programfiler\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - HKCU\..\Run: [A00F1A5A8B3.exe] C:\DOCUME~1\DANIEL~1\LOKALE~1\Temp\_A00F1A5A8B3.exe O4 - HKCU\..\Run: [A00F1506EA5.exe] C:\DOCUME~1\DANIEL~1\LOKALE~1\Temp\_A00F1506EA5.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Programfiler\MagicDisc\MagicDisc.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179924975546 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179924950593 O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: __c00B8AAC - C:\WINDOWS\system32\__c00B8AAC.dat O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\shared\hpqwmi.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe -- End of file - 7467 bytes Takk, takk Lenke til kommentar
Havar14 Skrevet 22. august 2008 Del Skrevet 22. august 2008 C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe Gyldig program? Lenke til kommentar
norbat Skrevet 23. august 2008 Del Skrevet 23. august 2008 Punkt 1: Last ned Malwarebytes Anti-Malware til skrivebordet. Kjør og installer programmet. Velg Norsk-språk La programmet oppdatere seg og velg å kjør en 'hurtig systemscan', klikk Skann. Det kommer en meldingsboks om at scannen er ferdig, klikk Ok Klikk på 'Vis resultat'-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet. Det vil deretter åpnes en logg i notisblokk. Den kopiere du og poster senere. Punkt 2: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) + loggen fra MBAM Lenke til kommentar
FlowerEye Skrevet 23. august 2008 Forfatter Del Skrevet 23. august 2008 Mbam logg Malwarebytes' Anti-Malware 1.25 Database versjon: 1078 Windows 5.1.2600 Service Pack 2 09:53:57 23.08.2008 mbam-log-08-23-2008 (09-53-54).txt Skanntype: Rask Skann Objekter skannet: 40283 Tid tilbakelagt: 5 minute(s), 46 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 1 Registernøkler infisert: 10 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 5 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: C:\WINDOWS\system32\__c00B8AAC.dat (Trojan.Agent) -> No action taken. Registernøkler infisert: HKEY_CLASSES_ROOT\dlp.dlpobj (Adware.WebDir) -> No action taken. HKEY_CLASSES_ROOT\dlp.dlpobj.1 (Adware.WebDir) -> No action taken. HKEY_CLASSES_ROOT\Interface\{b1e22eb8-2ae8-4e8e-96ae-74f2a1764533} (Adware.WebDir) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> No action taken. HKEY_CLASSES_ROOT\AppID\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> No action taken. HKEY_CLASSES_ROOT\AppID\DLP.DLL (Trojan.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00b8aac (Trojan.Vundo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f1a5a8b3.exe (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f1506ea5.exe (Trojan.Agent) -> No action taken. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Documents and Settings\Daniel lindter\Lokale innstillinger\Temp\_A00F1A5A8B3.exe (Trojan.Agent) -> No action taken. C:\Documents and Settings\Daniel lindter\Lokale innstillinger\Temp\_A00F1506EA5.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\__c00B8AAC.dat (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\__c005F501.dat (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> No action taken. Combofix logg ComboFix 08-08-21.02 - Daniel lindter 2008-08-23 9:55:43.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.157 [GMT 2:00] Running from: C:\Documents and Settings\Daniel lindter\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\__c005F501.dat C:\WINDOWS\system32\__c00B8AAC.dat C:\WINDOWS\system32\~.exe C:\xcrashdump.dat . ((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))) . 2008-08-23 09:45 . 2008-08-23 09:53 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-08-23 09:45 . 2008-08-23 09:45 <DIR> d-------- C:\Documents and Settings\Daniel lindter\Programdata\Malwarebytes 2008-08-23 09:45 . 2008-08-23 09:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-08-23 09:45 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-23 09:45 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-22 13:11 . 2008-08-22 13:11 <DIR> d-------- C:\Documents and Settings\Daniel lindter\Programdata\GlobalSCAPE 2008-08-22 13:11 . 2008-08-22 13:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\GlobalSCAPE 2008-08-22 13:08 . 2008-08-22 13:08 <DIR> d-------- C:\Programfiler\GlobalSCAPE 2008-08-22 13:08 . 2008-08-22 13:08 <DIR> d-------- C:\Programfiler\AskBarDis 2008-08-21 23:27 . 2008-08-21 23:27 <DIR> d-------- C:\Programfiler\Fellesfiler\AOL 2008-08-21 23:27 . 2008-08-21 23:27 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\AOL OCP 2008-08-21 23:27 . 2008-08-21 23:27 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\AOL 2008-08-21 23:26 . 2008-08-21 23:27 <DIR> d-------- C:\Programfiler\AIM6 2008-08-21 23:26 . 2008-08-21 23:30 364 --ah----- C:\IPH.PH 2008-08-20 17:41 . 2008-08-20 17:41 <DIR> d-------- C:\Programfiler\EasyPHP 2.0b1 2008-08-18 07:34 . 2008-08-18 07:34 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe AIR 2008-08-13 01:42 . 2008-08-13 17:17 <DIR> d-------- C:\Programfiler\SmartFTP Client 3.0 Setup Files 2008-07-26 23:28 . 2008-07-26 23:28 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Pinnacle Studio Ultimate 2008-07-25 11:33 . 2008-07-25 11:33 <DIR> d-------- C:\Documents and Settings\Daniel lindter\Programdata\muvee Technologies 2008-07-25 11:25 . 2008-07-25 11:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\TEMP 2008-07-24 22:28 . 2008-07-24 22:28 <DIR> d-------- C:\Documents and Settings\Daniel lindter\Programdata\Creative 2008-07-24 22:28 . 2008-07-24 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Creative 2008-07-24 22:23 . 2006-10-06 08:17 53,248 --------- C:\WINDOWS\Ctregrun.exe 2008-07-24 22:23 . 2003-06-12 23:25 7,062 --------- C:\WINDOWS\system32\audiopid.vxd 2008-07-24 22:21 . 2008-07-24 22:21 <DIR> d-------- C:\WINDOWS\CtDrvInstall 2008-07-24 22:19 . 2008-07-24 22:19 <DIR> d-------- C:\Programfiler\muvee Technologies 2008-07-24 22:19 . 2008-07-24 22:19 <DIR> d-------- C:\Programfiler\Fellesfiler\muvee Technologies 2008-07-24 22:18 . 2008-07-24 22:18 <DIR> d-------- C:\Documents and Settings\Daniel lindter\Programdata\InstallShield 2008-07-24 22:18 . 2008-07-24 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\muvee Technologies 2008-07-24 22:17 . 2008-07-24 22:17 <DIR> d-------- C:\Programfiler\SightSpeed 2008-07-24 22:12 . 2008-07-24 22:23 <DIR> d-------- C:\Programfiler\Creative . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-23 08:02 --------- d-----w C:\Documents and Settings\Daniel lindter\Programdata\WTablet 2008-08-23 08:01 --------- d-----w C:\Documents and Settings\LocalService\Programdata\WTablet 2008-08-22 22:07 --------- d-----w C:\Documents and Settings\All Users\Programdata\Pinnacle 2008-08-22 11:08 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-08-19 06:43 --------- d-----w C:\Documents and Settings\Daniel lindter\Programdata\LimeWire 2008-08-18 05:33 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-08-16 17:45 --------- d-----w C:\Documents and Settings\Daniel lindter\Programdata\dvdcss 2008-08-12 23:44 --------- d-----w C:\Programfiler\SmartFTP Client 2008-07-18 06:38 --------- d-----w C:\Programfiler\Java 2008-07-17 21:00 --------- d-----w C:\Programfiler\Project64 1.6 2008-07-16 06:44 --------- d-----w C:\Programfiler\Fellesfiler\DVDVideoSoft 2008-07-16 06:42 --------- d-----w C:\Programfiler\EA GAMES 2008-07-15 21:59 --------- d-----w C:\Documents and Settings\Daniel lindter\Programdata\Moyea 2008-07-15 21:58 --------- d-----w C:\Programfiler\TorrentMan 2008-07-14 22:33 --------- d-----w C:\Programfiler\LimeWire 2008-07-14 22:10 --------- d-----w C:\Programfiler\DVDVideoSoft 2008-07-14 22:07 --------- d-----w C:\Programfiler\Moyea 2008-07-07 22:07 --------- d-----w C:\Programfiler\Conduit 2008-07-07 22:07 --------- d-----w C:\Programfiler\BitLord 2008-07-06 09:20 --------- d-----w C:\Programfiler\Macromedia 2008-07-05 20:51 --------- d-----w C:\Programfiler\Trend Micro 2008-07-03 19:47 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-07-03 19:47 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-06-30 12:37 --------- d-----w C:\Programfiler\PhotomatixPro3 2008-06-25 12:12 --------- d-----w C:\Documents and Settings\All Users\Programdata\SmartSound Software Inc 2008-06-25 12:06 --------- d-----w C:\Programfiler\Fellesfiler\Macromedia . ((((((((((((((((((((((((((((( snapshot@2008-07-26_20.17.38.57 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-07 20:23:14 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll + 2008-07-07 20:29:49 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll + 2008-07-07 20:26:07 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll + 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll + 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe + 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll + 2007-11-30 12:39:47 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe + 2007-11-30 12:39:48 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll + 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe + 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe + 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe + 2007-11-30 11:19:51 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll + 2007-11-30 11:19:51 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe + 2007-11-30 11:19:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll + 2007-11-30 12:39:50 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe + 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll + 2008-06-24 16:31:15 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll + 2008-06-24 16:46:40 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll + 2008-06-24 16:54:35 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll + 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll + 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe + 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll + 2007-11-30 12:39:50 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe + 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll - 2008-04-11 21:11:06 69,120 -c--a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2008-07-27 11:30:42 69,120 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2008-04-11 21:11:13 72,192 -c--a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2008-07-27 11:30:49 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2008-04-11 21:10:45 4,444,160 -c--a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2008-07-27 11:30:27 4,444,160 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll - 2008-04-11 21:11:15 483,840 -c--a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2008-07-27 11:30:51 483,840 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll - 2008-04-11 21:10:57 3,036,160 -c--a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll + 2008-07-27 11:30:36 3,036,160 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - 2008-04-11 21:11:18 258,048 -c--a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2008-07-27 11:30:54 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2008-04-11 21:11:18 113,664 -c--a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2008-07-27 11:30:54 113,664 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2008-04-11 21:11:13 261,120 -c--a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2008-07-27 11:30:49 261,120 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll - 2008-04-11 21:10:55 5,431,296 -c--a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll + 2008-07-27 11:30:33 5,431,296 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll - 2008-04-11 21:11:03 10,752 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2008-07-27 11:30:40 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2008-04-11 21:10:55 507,904 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll + 2008-07-27 11:30:34 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll - 2008-04-11 21:11:05 13,312 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll + 2008-07-27 11:30:42 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll - 2008-04-11 21:11:09 8,192 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2008-07-27 11:30:45 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll - 2008-04-11 21:11:10 77,824 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll + 2008-07-27 11:30:46 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll - 2008-04-11 21:11:10 6,656 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll + 2008-07-27 11:30:46 6,656 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2008-04-11 21:11:19 348,160 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2008-07-27 11:30:54 348,160 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll - 2008-04-11 21:11:19 36,864 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll + 2008-07-27 11:30:55 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2008-04-11 21:11:20 655,360 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll + 2008-07-27 11:30:56 655,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2008-04-11 21:11:21 77,824 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll + 2008-07-27 11:30:56 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll - 2008-04-11 21:11:11 749,568 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2008-07-27 11:30:47 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2008-04-11 21:11:09 110,592 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2008-07-27 11:30:45 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2008-04-11 21:11:09 372,736 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2008-07-27 11:30:44 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2008-04-11 21:11:15 28,672 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2008-07-27 11:30:51 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll - 2008-04-11 21:11:08 671,744 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2008-07-27 11:30:44 671,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2008-04-11 21:10:51 5,632 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2008-07-27 11:30:30 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2008-04-11 21:11:17 12,800 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2008-07-27 11:30:52 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2008-04-11 21:11:07 32,768 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll + 2008-07-27 11:30:43 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2008-04-11 21:11:06 7,168 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2008-07-27 11:30:43 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll - 2008-04-11 21:11:12 110,592 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2008-07-27 11:30:47 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2008-04-11 21:11:12 81,920 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2008-07-27 11:30:48 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2008-04-11 21:10:56 425,984 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2008-07-27 11:30:35 425,984 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2008-04-11 21:10:58 741,376 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2008-07-27 11:30:36 741,376 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2008-04-11 21:10:58 933,888 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2008-07-27 11:30:37 933,888 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll - 2008-04-11 21:11:22 5,070,848 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2008-07-27 11:30:57 5,070,848 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll - 2008-04-11 21:11:20 188,416 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2008-07-27 11:30:55 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll - 2008-04-11 21:11:04 401,408 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2008-07-27 11:30:40 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2008-04-11 21:11:16 81,920 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2008-07-27 11:30:52 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll - 2008-04-11 21:10:52 630,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2008-07-27 11:30:30 630,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2008-04-11 21:11:17 372,736 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2008-07-27 11:30:53 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll - 2008-04-11 21:11:16 258,048 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2008-07-27 11:30:52 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2008-04-11 21:11:14 299,008 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2008-07-27 11:30:50 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2008-04-11 21:11:14 131,072 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2008-07-27 11:30:50 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2008-04-11 21:10:53 258,048 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2008-07-27 11:30:31 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll - 2008-04-11 21:10:54 114,688 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2008-07-27 11:30:31 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2008-04-11 21:11:02 884,736 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2008-07-27 11:30:39 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2008-04-11 21:11:03 90,112 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2008-07-27 11:30:39 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2008-04-11 21:11:01 839,680 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2008-07-27 11:30:38 839,680 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2008-04-11 21:11:04 5,013,504 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2008-07-27 11:30:41 5,013,504 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2008-04-11 21:10:54 2,068,480 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll + 2008-07-27 11:30:32 2,068,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - 2008-04-11 21:10:59 3,076,096 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2008-07-27 11:30:38 3,076,096 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll - 2008-04-12 05:54:05 27,136 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll + 2008-07-27 17:15:55 27,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll - 2008-04-12 05:54:06 884,736 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll + 2008-07-27 17:15:56 884,736 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll - 2008-04-12 05:56:02 237,568 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll + 2008-07-27 17:15:57 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll - 2008-04-12 05:54:46 15,360 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe + 2008-07-27 17:15:57 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe - 2008-04-12 05:56:03 876,544 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll + 2008-07-27 17:15:59 876,544 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll - 2008-04-12 05:56:04 81,920 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll + 2008-07-27 17:15:59 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll - 2008-04-12 05:56:06 1,695,744 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll + 2008-07-27 17:16:02 1,695,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll - 2008-04-12 05:56:07 167,936 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll + 2008-07-27 17:16:03 167,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll - 2008-04-12 05:56:09 1,740,800 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll + 2008-07-27 17:16:06 1,740,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll - 2008-04-12 05:49:10 11,722,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll + 2008-07-27 17:07:19 11,722,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll - 2008-04-12 05:54:58 1,011,712 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll + 2008-07-27 17:16:08 1,011,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll - 2008-04-12 05:49:44 7,049,216 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll + 2008-07-27 17:07:43 7,049,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll - 2008-04-12 05:55:07 1,798,144 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll + 2008-07-27 17:16:10 1,798,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll - 2008-04-12 05:50:08 10,969,088 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll + 2008-07-27 17:08:02 10,969,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll - 2008-04-12 05:55:37 1,224,704 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll + 2008-07-27 17:16:12 1,224,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll - 2008-04-12 05:56:00 512,000 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll + 2008-07-27 17:16:13 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll - 2008-04-12 05:50:14 229,376 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll + 2008-07-27 17:08:06 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll - 2008-04-12 05:50:12 1,667,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll + 2008-07-27 17:08:05 1,667,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll - 2008-04-12 05:55:35 659,456 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll + 2008-07-27 17:16:14 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll - 2008-04-12 05:55:35 294,912 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll + 2008-07-27 17:16:14 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll - 2008-04-12 05:55:04 733,184 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll + 2008-07-27 17:16:16 733,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll - 2008-04-12 05:54:57 233,472 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll + 2008-07-27 17:16:16 233,472 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll - 2008-04-12 05:55:34 679,936 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll + 2008-07-27 17:16:18 679,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll - 2008-04-12 05:57:09 2,342,912 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll + 2008-07-27 17:16:38 2,342,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll - 2008-04-12 05:55:59 237,568 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll + 2008-07-27 17:16:39 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll - 2008-04-12 05:55:56 1,986,560 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll + 2008-07-27 17:16:42 1,986,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll - 2008-04-12 05:55:53 12,509,184 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll + 2008-07-27 17:16:34 12,509,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll - 2008-04-12 05:50:37 13,193,216 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll + 2008-07-27 17:08:26 13,193,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll - 2008-04-12 05:50:49 5,771,264 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll + 2008-07-27 17:08:39 5,771,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll - 2008-04-12 05:49:26 8,265,728 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll + 2008-07-27 17:07:32 8,265,728 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll + 2008-07-26 22:00:11 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D9.tmp\System.Web.RegularExpressions.dll + 2008-04-23 04:22:22 124,928 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll + 2008-04-23 04:22:22 347,136 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll + 2008-04-23 04:22:22 214,528 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll + 2008-04-23 04:22:22 133,120 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll + 2008-04-23 04:22:22 63,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll + 2008-04-22 07:43:26 70,656 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe + 2008-04-23 04:22:22 153,088 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll + 2008-04-23 04:22:22 230,400 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll + 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll + 2008-04-23 04:22:22 383,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll + 2008-04-23 04:22:22 384,512 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll + 2008-04-23 04:22:23 6,066,176 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll + 2008-04-23 04:22:23 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll + 2008-04-23 04:22:23 267,776 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll + 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe + 2008-04-22 07:43:46 625,664 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe + 2008-04-23 04:22:23 27,648 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll + 2008-04-23 04:22:23 459,264 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll + 2008-04-23 04:22:23 52,224 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll + 2008-04-23 20:22:24 3,591,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll + 2008-04-23 04:22:23 478,208 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll + 2008-04-23 04:22:23 193,024 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll + 2008-04-23 04:22:23 671,232 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll + 2008-04-23 04:22:23 102,912 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll + 2008-04-23 04:22:23 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll + 2007-03-06 02:01:51 214,752 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe + 2007-03-06 02:03:01 374,496 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll + 2008-04-23 04:22:23 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll + 2008-04-23 04:22:23 1,159,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll + 2008-04-23 04:22:23 233,472 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll + 2008-04-23 04:22:23 826,368 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll + 2008-08-12 23:44:24 22,486 ----a-r C:\WINDOWS\Installer\{6F23C1A3-9F62-470C-BD12-B83F04E67865}\Icon_SFTPBackup.exe + 2008-08-12 23:44:24 157,733 ----a-r C:\WINDOWS\Installer\{6F23C1A3-9F62-470C-BD12-B83F04E67865}\Icon_SmartFTP.exe + 2007-12-12 13:06:42 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe + 2007-10-23 23:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll + 2007-10-23 23:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll + 2007-10-23 23:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll + 2007-10-23 23:47:26 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll + 2007-10-23 23:47:30 145,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll + 2007-10-23 23:47:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll + 2007-10-23 23:47:48 193,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll + 2007-10-23 23:47:20 218,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll + 2007-10-23 23:47:40 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll + 2007-10-23 23:47:42 147,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll + 2007-10-23 23:47:26 99,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll + 2007-10-23 23:47:42 59,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe + 2007-10-23 23:47:22 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe + 2007-10-23 23:47:22 22,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll + 2007-10-23 23:47:22 17,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll + 2007-10-23 23:47:22 33,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll + 2007-10-23 23:47:22 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll + 2007-10-23 23:47:22 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe + 2007-10-23 23:47:22 32,776 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe + 2007-10-23 23:47:22 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe + 2007-10-23 23:47:22 33,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe + 2007-10-23 23:47:22 33,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe + 2007-10-23 23:47:22 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll + 2007-10-23 23:47:40 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe + 2007-10-23 23:47:40 101,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll + 2007-10-23 23:47:30 80,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe + 2007-10-23 23:47:30 1,162,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll + 2007-10-23 23:47:30 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll + 2007-10-23 23:47:42 27,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll + 2007-10-23 23:47:40 69,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll + 2007-10-23 23:47:30 35,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe + 2007-10-23 23:47:28 66,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll + 2007-10-23 23:47:28 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe + 2007-10-23 23:47:54 572,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll + 2007-10-23 23:47:40 798,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll + 2007-10-23 23:47:36 18,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll + 2007-10-23 23:47:40 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe + 2007-10-23 23:47:40 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll + 2007-10-23 23:47:40 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll + 2007-10-23 23:47:40 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll + 2007-10-23 23:47:40 230,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe + 2007-10-23 23:47:40 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe + 2007-10-23 23:47:40 65,032 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll + 2007-10-23 23:47:40 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll + 2007-10-23 23:47:34 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe + 2007-10-23 23:47:36 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll + 2007-10-23 23:47:36 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll + 2007-10-23 23:47:36 655,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll + 2007-10-23 23:47:36 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll + 2007-10-23 23:47:34 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll + 2007-10-23 23:47:52 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll + 2007-10-23 23:47:52 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll + 2007-10-23 23:47:50 671,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll + 2007-10-23 23:47:20 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll + 2007-10-23 23:47:52 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll + 2007-10-23 23:47:20 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll + 2007-10-23 23:47:20 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2007-10-23 23:47:20 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll + 2007-10-23 23:47:22 97,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll + 2007-10-23 23:47:36 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe + 2007-10-23 23:47:40 822,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll + 2007-10-23 23:47:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll + 2007-10-23 23:47:40 308,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll + 2007-10-23 23:47:40 47,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll + 2007-10-23 23:47:40 348,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll + 2007-10-23 23:47:40 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll + 2007-10-23 23:47:40 4,444,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll + 2007-10-23 23:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll + 2007-10-23 23:47:44 340,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll + 2007-10-23 23:47:40 77,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll + 2007-10-23 23:47:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll + 2007-10-23 23:47:40 242,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll + 2007-10-23 23:47:40 70,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe + 2007-10-23 23:47:40 19,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll + 2007-10-23 23:47:36 5,814,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll + 2007-10-23 23:47:44 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll + 2007-10-23 23:47:40 101,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe + 2007-10-23 23:47:40 24,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll + 2007-10-23 23:47:40 89,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll + 2007-10-23 23:47:36 144,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll + 2007-10-23 23:47:40 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe + 2007-10-23 23:47:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe + 2007-10-23 23:47:46 61,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe + 2007-10-23 23:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll + 2007-10-23 23:47:40 119,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll + 2007-10-23 23:47:44 95,232 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll + 2007-10-23 23:47:40 392,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll + 2007-10-23 23:47:40 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll + 2007-10-23 23:47:42 425,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll + 2007-10-23 23:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll + 2007-10-23 23:47:40 3,036,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll + 2007-10-23 23:47:40 483,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll + 2007-10-23 23:47:40 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll + 2007-10-23 23:47:28 933,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll + 2007-10-23 23:47:40 5,070,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll + 2007-10-23 23:47:40 401,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll + 2007-10-23 23:47:40 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll + 2007-10-23 23:47:40 3,076,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll + 2007-10-23 23:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll + 2007-10-23 23:47:40 630,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll + 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll + 2007-10-23 23:47:40 57,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll + 2007-10-23 23:47:40 113,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll + 2007-10-23 23:47:40 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll + 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll + 2007-10-23 23:47:40 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll + 2007-10-23 23:47:40 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll + 2007-10-23 23:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll + 2007-10-23 23:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll + 2007-10-23 23:47:40 261,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll + 2007-10-23 23:47:40 5,431,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll + 2007-10-23 23:47:40 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll + 2007-10-23 23:47:40 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll + 2007-10-23 23:47:40 839,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll + 2007-10-23 23:47:40 5,013,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll + 2007-10-23 23:47:40 2,068,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll + 2007-10-23 23:47:40 81,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL + 2007-10-23 23:47:48 1,172,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe + 2007-10-23 23:47:20 1,344,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll + 2007-10-23 23:47:22 434,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll + 2007-10-23 23:47:40 37,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll - 2008-04-23 04:22:22 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2008-06-23 16:57:25 124,928 ------w C:\WINDOWS\system32\advpack.dll + 2007-10-23 23:47:28 96,760 ------w C:\WINDOWS\system32\dfshim.dll - 2008-04-23 04:22:22 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll + 2008-06-23 16:57:25 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll - 2008-04-23 04:22:22 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-06-23 16:57:25 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2008-04-23 04:22:22 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-06-23 16:57:25 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-07-07 20:33:05 253,952 -c----w C:\WINDOWS\system32\dllcache\es.dll - 2008-04-23 04:22:22 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-06-23 16:57:26 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll - 2008-04-23 04:22:22 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll + 2008-06-23 16:57:26 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll - 2008-04-22 07:43:26 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe + 2008-06-23 09:22:59 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe - 2008-04-23 04:22:22 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2008-06-23 16:57:27 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll - 2008-04-23 04:22:22 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2008-06-23 16:57:27 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll + 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll - 2008-04-23 04:22:22 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll + 2008-06-23 16:57:27 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll - 2008-04-23 04:22:22 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2008-06-23 16:57:27 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2008-04-23 04:22:23 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll + 2008-06-23 16:57:31 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll - 2008-04-23 04:22:23 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll + 2008-06-23 16:57:31 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll - 2008-04-23 04:22:23 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll + 2008-06-23 16:57:31 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll - 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe + 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe - 2008-04-22 07:43:46 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe + 2008-06-23 09:23:15 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe - 2007-08-21 06:18:26 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll + 2008-04-11 18:52:25 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll - 2008-04-23 04:22:23 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-06-23 16:57:33 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2004-08-04 08:03:15 331,776 -c--a-w C:\WINDOWS\system32\dllcache\msadce.dll + 2008-05-01 14:34:30 331,776 -c----w C:\WINDOWS\system32\dllcache\msadce.dll + 2008-06-24 16:24:51 74,240 -c----w C:\WINDOWS\system32\dllcache\mscms.dll - 2008-04-23 04:22:23 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll + 2008-06-23 16:57:33 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll - 2008-04-23 04:22:23 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll + 2008-06-23 16:57:33 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll - 2008-04-23 20:22:24 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-06-24 08:57:38 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll - 2008-04-23 04:22:23 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-06-23 16:57:37 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2008-04-23 04:22:23 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-06-23 16:57:38 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll - 2008-04-23 04:22:23 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-06-23 16:57:38 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll - 2008-04-23 04:22:23 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll + 2008-06-23 16:57:39 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll - 2008-04-23 04:22:23 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-06-23 16:57:39 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2008-04-23 04:22:23 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll + 2008-06-23 16:57:39 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll - 2008-04-23 04:22:23 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-06-23 16:57:39 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll - 2008-04-23 04:22:23 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll + 2008-06-23 16:57:40 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll - 2008-04-23 04:22:23 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-06-23 16:57:40 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll - 2008-04-23 04:22:22 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-06-23 16:57:25 347,136 ------w C:\WINDOWS\system32\dxtmsft.dll - 2008-04-23 04:22:22 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-06-23 16:57:25 214,528 ------w C:\WINDOWS\system32\dxtrans.dll - 2005-07-26 04:43:11 243,200 ----a-w C:\WINDOWS\system32\es.dll + 2008-07-07 20:33:05 253,952 ------w C:\WINDOWS\system32\es.dll - 2008-04-23 04:22:22 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll + 2008-06-23 16:57:26 133,120 ------w C:\WINDOWS\system32\extmgr.dll - 2008-07-24 20:27:32 215,264 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-07-27 08:18:43 290,088 ------w C:\WINDOWS\system32\FNTCACHE.DAT - 2008-04-23 04:22:22 63,488 ----a-w C:\WINDOWS\system32\icardie.dll + 2008-06-23 16:57:26 63,488 ------w C:\WINDOWS\system32\icardie.dll - 2008-04-22 07:43:26 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe + 2008-06-23 09:22:59 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe - 2008-04-23 04:22:22 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll + 2008-06-23 16:57:27 153,088 ------w C:\WINDOWS\system32\ieakeng.dll - 2008-04-23 04:22:22 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll + 2008-06-23 16:57:27 230,400 ------w C:\WINDOWS\system32\ieaksie.dll - 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll + 2008-06-21 05:23:54 161,792 ------w C:\WINDOWS\system32\ieakui.dll - 2008-04-23 04:22:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll + 2008-06-23 16:57:27 383,488 ------w C:\WINDOWS\system32\ieapfltr.dll - 2008-04-23 04:22:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll + 2008-06-23 16:57:27 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll - 2008-04-23 04:22:23 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll + 2008-06-23 16:57:31 6,066,176 ------w C:\WINDOWS\system32\ieframe.dll - 2008-04-23 04:22:23 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll + 2008-06-23 16:57:31 44,544 ------w C:\WINDOWS\system32\iernonce.dll - 2008-04-23 04:22:23 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll + 2008-06-23 16:57:31 267,776 ------w C:\WINDOWS\system32\iertutil.dll - 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2008-06-23 09:20:26 13,824 ------w C:\WINDOWS\system32\ieudinit.exe - 2007-08-21 06:18:26 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll + 2008-04-11 18:52:25 683,520 ------w C:\WINDOWS\system32\inetcomm.dll - 2008-04-23 04:22:23 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2008-06-23 16:57:33 27,648 ------w C:\WINDOWS\system32\jsproxy.dll - 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-08-05 18:11:01 15,888,504 ------w C:\WINDOWS\system32\MRT.exe - 2005-06-29 01:53:12 74,240 ----a-w C:\WINDOWS\system32\mscms.dll + 2008-06-24 16:24:51 74,240 ------w C:\WINDOWS\system32\mscms.dll - 2008-04-23 04:22:23 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2008-06-23 16:57:33 459,264 ------w C:\WINDOWS\system32\msfeeds.dll - 2008-04-23 04:22:23 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2008-06-23 16:57:33 52,224 ------w C:\WINDOWS\system32\msfeedsbs.dll - 2008-04-23 20:22:24 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-06-24 08:57:38 3,592,192 ------w C:\WINDOWS\system32\mshtml.dll - 2008-04-23 04:22:23 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-06-23 16:57:37 477,696 ------w C:\WINDOWS\system32\mshtmled.dll - 2008-04-23 04:22:23 193,024 ----a-w C:\WINDOWS\system32\msrating.dll + 2008-06-23 16:57:38 193,024 ------w C:\WINDOWS\system32\msrating.dll - 2008-04-23 04:22:23 671,232 ----a-w C:\WINDOWS\system32\mstime.dll + 2008-06-23 16:57:38 671,232 ------w C:\WINDOWS\system32\mstime.dll - 2008-04-23 04:22:23 102,912 ----a-w C:\WINDOWS\system32\occache.dll + 2008-06-23 16:57:39 102,912 ------w C:\WINDOWS\system32\occache.dll - 2008-07-06 09:16:47 61,884 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-07-27 11:31:04 63,862 ------w C:\WINDOWS\system32\perfc009.dat - 2008-07-06 09:16:48 70,514 ----a-w C:\WINDOWS\system32\perfc014.dat + 2008-07-27 11:31:04 72,492 ------w C:\WINDOWS\system32\perfc014.dat - 2008-07-06 09:16:48 402,972 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-07-27 11:31:04 406,662 ------w C:\WINDOWS\system32\perfh009.dat - 2008-07-06 09:16:48 407,190 ----a-w C:\WINDOWS\system32\perfh014.dat + 2008-07-27 11:31:04 410,684 ------w C:\WINDOWS\system32\perfh014.dat - 2008-04-23 04:22:23 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-06-23 16:57:39 44,544 ------w C:\WINDOWS\system32\pngfilt.dll - 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe + 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe - 2008-04-23 04:22:23 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2008-06-23 16:57:39 105,984 ------w C:\WINDOWS\system32\url.dll - 2008-04-23 04:22:23 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-06-23 16:57:39 1,159,680 ------w C:\WINDOWS\system32\urlmon.dll - 2008-04-23 04:22:23 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll + 2008-06-23 16:57:40 233,472 ------w C:\WINDOWS\system32\webcheck.dll - 2008-04-23 04:22:23 826,368 ----a-w C:\WINDOWS\system32\wininet.dll + 2008-06-23 16:57:40 826,368 ------w C:\WINDOWS\system32\wininet.dll - 2008-04-11 21:11:09 8,192 -c--a-w C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2008-07-27 11:30:45 8,192 ----a-w C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2007-10-23 23:47:56 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll + 2007-10-23 23:47:56 558,080 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll + 2007-10-23 23:47:56 635,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll + 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll - 2008-04-11 21:11:18 258,048 -c--a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2008-07-27 11:30:54 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll - 2008-04-11 21:11:18 113,664 -c--a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll + 2008-07-27 11:30:54 113,664 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "C:\Programfiler\TorrentMan\tbTor1.dll" [2008-07-15 23:58 1569304] [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-07-17 17:20 279944 --a------ C:\Programfiler\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}] 2008-07-15 23:58 1569304 --a------ C:\Programfiler\TorrentMan\tbTor1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "C:\Programfiler\TorrentMan\tbTor1.dll" [2008-07-15 23:58 1569304] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Programfiler\AskBarDis\bar\bin\askBar.dll" [2008-07-17 17:20 279944] [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "C:\Programfiler\TorrentMan\tbTor1.dll" [2008-07-15 23:58 1569304] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Programfiler\AskBarDis\bar\bin\askBar.dll" [2008-07-17 17:20 279944] [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] "Creative Live! Cam Manager"="C:\Programfiler\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 14:01 155648] "CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [2006-10-06 08:17 53248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 13:54 253952] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-01-22 20:36 155648] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-01-22 20:31 126976] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-11-05 13:52 233534] "!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "V0350Mon.exe"="C:\WINDOWS\V0350Mon.exe" [2007-06-04 19:02 32768] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360] C:\Documents and Settings\Daniel lindter\Start-meny\Programmer\Oppstart\ MagicDisc.lnk - C:\Programfiler\MagicDisc\MagicDisc.exe [2008-04-03 22:55:05 546816] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^Daniel lindter^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk] path=C:\Documents and Settings\Daniel lindter\Start-meny\Programmer\Oppstart\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-09-18 16:16 171464 C:\Programfiler\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\Opera\\Opera.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\rtcshare.exe"= "C:\\Programfiler\\BitLord\\BitLord.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\SmartFTP Client\\SmartFTP.exe"= R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 21:12] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 20:30] S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-08-17 15:01] S3 VF0350Afx;VF0350 Audio FX;C:\WINDOWS\system32\Drivers\V0350Afx.sys [2007-06-10 19:01] S3 VF0350Vfx;VF0350 Video FX;C:\WINDOWS\system32\DRIVERS\V0350VFx.sys [2007-03-05 12:45] S3 VF0350Vid;Live! Cam Video IM (VF0350);C:\WINDOWS\system32\DRIVERS\V0350Vid.sys [2007-05-10 19:02] . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - Notify-__c00B8AAC - C:\WINDOWS\system32\__c00B8AAC.dat . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Daniel lindter\Programdata\Mozilla\Firefox\Profiles\n8j33tk5.default\ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-23 10:03:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????2?7?2?4??P???? ?,?B?????????????hLC???????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe C:\Programfiler\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\HPQ\shared\hpqwmi.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\dumprep.exe C:\WINDOWS\system32\dwwin.exe . ************************************************************************** . Completion time: 2008-08-23 10:10:57 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-23 08:10:23 ComboFix2.txt 2008-07-26 18:18:09 ComboFix3.txt 2008-07-05 22:35:15 Pre-Run: 59,986,624,512 byte ledig Post-Run: 60,087,623,680 byte ledig 690 --- E O F --- 2008-08-13 00:04:25 Sp, jeg trodde. Var litt å ta i her ja. Norbat: TAKK for at du er her og hjelper oss Lenke til kommentar
Urbanlapp Skrevet 23. august 2008 Del Skrevet 23. august 2008 Hijacker tråden litt.. Er det noe skummelt på min lille x60?? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:22:31, on 23.08.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\WINDOWS\system32\acs.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Programfiler\Lenovo\Client Security Solution\tvttcsd.exe C:\Programfiler\Lenovo\Rescue and Recovery\rrpservice.exe C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe C:\Programfiler\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe C:\Programfiler\Fellesfiler\Lenovo\Logger\logmon.exe c:\programfiler\lenovo\system update\suservice.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\TpShocks.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Programfiler\Tall Emu\Online Armor\oaui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\Messenger\MSMSGS.EXE C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox 3 Beta 5\firefox.exe C:\Documents and Settings\Dan\Skrivebord\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programfiler\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programfiler\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programfiler\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Programfiler\Tall Emu\Online Armor\oaui.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programfiler\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programfiler\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207729548343 O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programfiler\lenovo\system update\suservice.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Programfiler\Tall Emu\Online Armor\oasrv.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Programfiler\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programfiler\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Programfiler\Lenovo\Rescue and Recovery\ADM\IUService.exe -- End of file - 10865 bytes Lenke til kommentar
norbat Skrevet 23. august 2008 Del Skrevet 23. august 2008 (endret) FlowerEye: Kjør MBAM en gang til og følg veiledningen gitt over. Før du klikker 'Fjern valgte', sørger du for at alt som er funnet, er merket slik at de blir fjernet av programmet. Combofix skal ha fjernet filene knyttet til malwaren. Fortsatt problemer? Urbanlapp: Å hijacke tråden vil føre til at du ikke får svar på innlegget ditt. Opprett en egen tråd der du legger loggen Endret 23. august 2008 av norbat Lenke til kommentar
snippsat Skrevet 23. august 2008 Del Skrevet 23. august 2008 C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe Gyldig program? Havar14 dette er det mest kjente programmet for analyse for malware. Det har blitt postet 1000 vis av HijackThis her i denne delen av forumet. Du bør søke litt og ikke gi råd innen dette feltet. Lenke til kommentar
Havar14 Skrevet 23. august 2008 Del Skrevet 23. august 2008 C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe Gyldig program? Havar14 dette er det mest kjente programmet for analyse for malware. Det har blitt postet 1000 vis av HijackThis her i denne delen av forumet. Du bør søke litt og ikke gi råd innen dette feltet. Unskyld, men ga ikke råd... Lenke til kommentar
FlowerEye Skrevet 24. august 2008 Forfatter Del Skrevet 24. august 2008 Malwarebytes' Anti-Malware 1.25 Database versjon: 1078 Windows 5.1.2600 Service Pack 2 09:53:57 23.08.2008 mbam-log-08-23-2008 (09-53-54).txt Skanntype: Rask Skann Objekter skannet: 40283 Tid tilbakelagt: 5 minute(s), 46 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 1 Registernøkler infisert: 10 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 5 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: C:\WINDOWS\system32\__c00B8AAC.dat (Trojan.Agent) -> No action taken. Registernøkler infisert: HKEY_CLASSES_ROOT\dlp.dlpobj (Adware.WebDir) -> No action taken. HKEY_CLASSES_ROOT\dlp.dlpobj.1 (Adware.WebDir) -> No action taken. HKEY_CLASSES_ROOT\Interface\{b1e22eb8-2ae8-4e8e-96ae-74f2a1764533} (Adware.WebDir) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> No action taken. HKEY_CLASSES_ROOT\AppID\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> No action taken. HKEY_CLASSES_ROOT\AppID\DLP.DLL (Trojan.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00b8aac (Trojan.Vundo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f1a5a8b3.exe (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f1506ea5.exe (Trojan.Agent) -> No action taken. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Documents and Settings\Daniel lindter\Lokale innstillinger\Temp\_A00F1A5A8B3.exe (Trojan.Agent) -> No action taken. C:\Documents and Settings\Daniel lindter\Lokale innstillinger\Temp\_A00F1506EA5.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\__c00B8AAC.dat (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\__c005F501.dat (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> No action taken. Nå er det vel denne. Kjørte AVG før i dag, og den fant ikke noe. Merkelig. Lenke til kommentar
FlowerEye Skrevet 24. august 2008 Forfatter Del Skrevet 24. august 2008 Malwarebytes' Anti-Malware 1.25 Database versjon: 1078 Windows 5.1.2600 Service Pack 2 02:36:24 24.08.2008 mbam-log-08-24-2008 (02-36-24).txt Skanntype: Rask Skann Objekter skannet: 39325 Tid tilbakelagt: 4 minute(s), 7 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Wohoo, me fix. Lenke til kommentar
norbat Skrevet 24. august 2008 Del Skrevet 24. august 2008 Da skulle alt være i orden. Du kan fjerne combofix ved å skrive combofix /u i kjør-feltet (start->kjør). Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå