Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware issues


  • This topic is locked This topic is locked

#1
arclight

arclight

    Member

  • Member
  • PipPipPip
  • 176 posts
Hi

I had some Malware appear on my PC yesterday. Fake antivirus programs as well as pop up ads appeared. I used Malwarebytes and TFC cleaner which seem to have gotten hid of most of the malware however i think there are still some remnants lying around in the system as problems have occurred since the malware surfaced.

For instance i can use Firebox to browse the web but not ie explorer or opera as i get a 'cannot connect to server error'. If i try to update Avira antivirus it cannot connect to the server whereas malwarebytes can be updated with no problems.I feel there are problems with the registry or permissions the malware may have set.

Here are OTL and malwarebytes logs. I ran GMER but it froze and crashed my PC and i was unable to obtain the log or even take a screen shot.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4367

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

29/07/2010 20:28:23
mbam-log-2010-07-29 (20-28-23).txt

Scan type: Quick scan
Objects scanned: 159174
Time elapsed: 14 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\SolutionAV (Trojan.FakeAV) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\jgyo0w (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 29/07/2010 03:11:08 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 225.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.33 Gb Total Space | 14.30 Gb Free Space | 37.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 74.53 Gb Total Space | 9.26 Gb Free Space | 12.42% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-2A1DED054E
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/29 03:07:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/05/14 00:53:28 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/03/27 04:15:26 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark Z2300 Series\ezprint.exe
PRC - [2008/03/27 04:15:24 | 000,656,040 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe
PRC - [2008/02/27 12:06:28 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdpcoms.exe
PRC - [2007/09/21 03:05:24 | 001,611,776 | ---- | M] () -- C:\Program Files\SMPlayer\smplayer.exe
PRC - [2007/07/25 07:51:40 | 011,671,552 | ---- | M] () -- C:\Program Files\SMPlayer\mplayer\mplayer.exe
PRC - [2007/06/15 15:17:44 | 000,789,232 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/10/14 11:51:45 | 028,768,528 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [1998/07/07 17:04:24 | 000,037,376 | ---- | M] () -- C:\Program Files\TextBridge Classic 2.0\Bin\InstantAccess.exe


========== Modules (SafeList) ==========

MOD - [2010/07/29 03:07:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
MOD - [2007/03/08 16:36:28 | 000,194,048 | ---- | M] () -- C:\WINDOWS\odahujojulo.dll
MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/02/28 13:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [1998/07/07 16:47:16 | 000,119,808 | ---- | M] () -- C:\Program Files\TextBridge Classic 2.0\Bin\Tbmhook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\adsmsexth.exe -- (McAfeeAntiVirSchedulerService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/12/01 00:57:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/04/06 15:25:37 | 000,423,576 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\DOWNLO~1\DMService.exe -- (DMService)
SRV - [2008/02/27 12:06:28 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdpcoms.exe -- (lxdp_device)
SRV - [2007/12/01 08:16:47 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe -- (lxdpCATSCustConnectService)
SRV - [2007/06/15 15:17:44 | 000,789,232 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe -- (SBCSSvc)
SRV - [2005/10/14 11:51:45 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2005/10/14 11:51:12 | 000,239,320 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005/10/14 11:50:19 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/09/23 08:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2003/11/09 11:34:12 | 000,045,056 | ---- | M] (International Software Systems Solutions) [Disabled | Stopped] -- C:\Program Files\STOPzilla!\szntsvc.exe -- (STOPzilla Local Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\szkg.sys -- (szkg)
DRV - File not found [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\sbapifs.sys -- (SBAPIFS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2009/12/09 18:14:44 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/03/12 23:09:36 | 002,870,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/09/14 19:27:40 | 000,015,544 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sbhr.sys -- (SBHR)
DRV - [2007/09/13 19:53:09 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2004/08/04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/02/23 04:07:34 | 000,003,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\aida32.sys -- (AIDA32Driver)
DRV - [2003/08/15 08:53:12 | 000,462,684 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/08/14 16:16:38 | 000,404,736 | R--- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2002/04/11 15:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {1CE11043-9A15-4207-A565-0C94C42D590D}:11.3.7.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {3205B348-523A-4fac-9BC4-9939CBF583B0}:2.1.1
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4
FF - prefs.js..extensions.enabledItems: {24D3CE2B-235A-48A8-9004-24A2046A6732}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{24D3CE2B-235A-48A8-9004-24A2046A6732}: C:\Documents and Settings\user\Local Settings\Application Data\{24D3CE2B-235A-48A8-9004-24A2046A6732} [2010/07/27 22:26:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/07/28 01:08:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/14 00:53:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/14 00:53:46 | 000,000,000 | ---D | M]

[2009/09/30 18:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/07/29 03:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions
[2009/12/21 04:37:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/21 04:37:52 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2010/05/14 00:54:16 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/07/29 03:06:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/27 22:24:38 | 000,000,000 | ---D | M] (Adobe Flash Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}
[2010/07/29 03:06:37 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/07/27 22:25:02 | 000,000,029 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Bzaligowel] C:\WINDOWS\odahujojulo.DLL ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Z2300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [InstantAccess] C:\Program Files\TextBridge Classic 2.0\Bin\InstantAccess.exe ()
O4 - HKLM..\Run: [lxdpmon.exe] C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe ()
O4 - HKLM..\Run: [RegisterDropHandler] C:\Program Files\TextBridge Classic 2.0\Bin\RegisterDropHandler.exe ()
O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (Microsoft® Corporation)
O4 - HKCU..\Run: [Nrekogiseyitegig] C:\WINDOWS\SDOCoc.DLL (MaresWEB)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: jgyo0w = C:\DOCUME~1\user\LOCALS~1\Temp\19aqp.exe File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: New Value #1 = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download using LeechGet - C:\Program Files\LeechGet 2009\AddUrl.html ()
O8 - Extra context menu item: Download using LeechGet Wizard - C:\Program Files\LeechGet 2009\Wizard.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Parse with LeechGet - C:\Program Files\LeechGet 2009\Parser.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} http://asp.mathxl.co...ntingPlayer.cab (Pearson Accounting Player)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.co...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://portal.belfa.../WhlCompMgr.cab (Whale Client Components)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/04 22:00:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/02/23 22:47:18 | 000,000,019 | ---- | M] () - F:\AutoCrop.log -- [ NTFS ]
O32 - AutoRun File - [2009/02/23 06:19:55 | 012,341,641 | ---- | M] () - F:\AutoGordianKnot.2.55.Setup.exe -- [ NTFS ]
O33 - MountPoints2\{8ce83ad6-3de3-11de-a031-000fea18e8a6}\Shell - "" = AutoRun
O33 - MountPoints2\{8ce83ad6-3de3-11de-a031-000fea18e8a6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8ce83ad6-3de3-11de-a031-000fea18e8a6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/29 03:06:57 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2010/07/27 22:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\{24D3CE2B-235A-48A8-9004-24A2046A6732}
[2010/07/27 22:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\wgoakhese
[2010/07/08 14:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\998BBD2E40E10AC64314E9FB78BCA3CB
[2010/05/14 00:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Tor
[2010/05/14 00:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Vidalia
[2010/05/14 00:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\Vidalia Bundle
[2010/05/12 23:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\KnowledgeWright 4-3-2
[2008/11/05 20:22:44 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDPhcp.dll
[2007/11/20 07:13:21 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdppmui.dll
[2007/11/20 07:09:43 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpserv.dll
[2007/11/20 07:06:32 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdplmpm.dll
[2007/11/20 07:06:32 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpiesc.dll
[2007/11/20 07:06:17 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomm.dll
[2007/11/20 07:05:08 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdphbn3.dll
[2007/11/20 07:04:49 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpusb1.dll
[2007/11/20 07:04:28 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomc.dll
[2007/11/20 07:03:22 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpprox.dll
[2007/11/20 07:01:20 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpinpa.dll

========== Files - Modified Within 90 Days ==========

[2010/07/29 03:07:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2010/07/29 03:00:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Hxocoxubac.bin
[2010/07/29 02:59:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/29 02:59:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/29 02:59:37 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/29 02:58:43 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\user\ntuser.dat
[2010/07/29 02:58:34 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/07/29 02:56:31 | 223,107,072 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Rurouni Kenshin - 06 - Wandering Samurai.avi
[2010/07/28 20:31:56 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\user\Desktop\gmer.zip
[2010/07/28 19:37:48 | 177,324,032 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Rurouni Kenshin 05.avi
[2010/07/28 00:00:23 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 22:27:28 | 000,000,019 | ---- | M] () -- C:\WINDOWS\truy5rhr.rew
[2010/07/27 22:26:42 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Qkuvak.dat
[2010/07/27 18:45:05 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/27 18:32:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/27 18:28:51 | 000,487,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/27 18:28:51 | 000,088,760 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/27 18:28:50 | 000,566,976 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/27 17:49:43 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/03 03:29:54 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/07/03 03:29:53 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/05/12 23:10:31 | 000,002,075 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\KnowledgeWright 4.3.2.lnk
[2010/05/09 18:48:15 | 000,055,631 | ---- | M] () -- C:\Documents and Settings\user\Desktop\ishida.jpg

========== Files Created - No Company Name ==========

[2010/07/29 02:59:37 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/29 02:50:01 | 223,107,072 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Rurouni Kenshin - 06 - Wandering Samurai.avi
[2010/07/28 20:32:31 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\user\Desktop\gmer.exe
[2010/07/28 20:31:58 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\user\Desktop\gmer.zip
[2010/07/28 19:35:08 | 177,324,032 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Rurouni Kenshin 05.avi
[2010/07/27 22:26:49 | 000,000,019 | ---- | C] () -- C:\WINDOWS\truy5rhr.rew
[2010/07/27 22:26:42 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Qkuvak.dat
[2010/07/27 22:26:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hxocoxubac.bin
[2010/05/12 23:10:31 | 000,002,075 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\KnowledgeWright 4.3.2.lnk
[2010/05/09 18:48:13 | 000,055,631 | ---- | C] () -- C:\Documents and Settings\user\Desktop\ishida.jpg
[2010/04/08 18:47:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\activedse.sys
[2010/04/08 14:00:31 | 044,525,661 | -HS- | C] () -- C:\WINDOWS\System32\adsntx.sys
[2008/12/31 23:58:09 | 000,001,728 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/08 03:45:38 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\12kUBusd.dll
[2008/12/08 03:40:18 | 000,000,095 | ---- | C] () -- C:\WINDOWS\tb96.ini
[2008/12/08 03:35:46 | 000,000,100 | ---- | C] () -- C:\WINDOWS\Tb98.ini
[2008/12/08 03:35:31 | 000,046,512 | ---- | C] () -- C:\WINDOWS\System32\EPSN.DLL
[2008/12/08 03:35:31 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL
[2008/12/08 03:35:31 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL
[2008/12/08 03:35:31 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2008/11/15 01:18:40 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/11/15 01:18:40 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/11/15 01:18:40 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/11/15 01:18:39 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/11/05 21:59:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdprwrd.ini
[2008/11/05 20:22:44 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDPinst.dll
[2008/11/05 20:11:43 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdpcoin.dll
[2008/07/06 00:43:46 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/07/06 00:43:45 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/11/28 18:51:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdpvs.dll
[2007/11/16 17:12:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdpgrd.dll
[2007/11/08 00:46:37 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/11/08 00:46:37 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/10/31 09:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/10/15 21:32:41 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/03 01:31:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2007/09/24 22:48:40 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/09/14 19:27:40 | 000,015,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sbhr.sys
[2007/09/13 19:53:09 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2007/09/08 18:23:56 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/04 22:51:11 | 000,000,541 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/03/27 10:45:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2006/10/30 11:30:30 | 000,010,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBTEDrv.sys
[2006/03/18 14:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006/02/28 13:00:00 | 000,194,048 | ---- | C] () -- C:\WINDOWS\odahujojulo.dll
[2005/11/02 11:39:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2005/11/02 11:39:16 | 000,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll
[2005/01/19 05:18:52 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2004/10/05 23:37:20 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2004/05/20 16:50:14 | 001,537,536 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-hi.dll
[2004/02/01 20:21:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2003/11/08 22:31:34 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\SZFrame.dll
[2003/08/07 20:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/11/24 13:40:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\ac3encode.dll
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== LOP Check ==========

[2008/06/30 14:02:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ActiveSMART
[2008/01/28 18:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/10/25 20:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JCreator
[2009/03/18 22:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/08/10 19:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2007/09/12 22:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/05/10 19:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/18 18:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4C2CB1B6-C45E-4307-ACEE-27BE65138599}
[2010/07/27 22:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\998BBD2E40E10AC64314E9FB78BCA3CB
[2009/01/15 04:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\avidemux
[2008/11/15 01:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AviDvdBurner
[2010/03/21 03:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Azureus
[2008/03/27 18:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BIFHE
[2007/10/31 21:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BSplayer
[2007/10/31 21:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BSplayer Pro
[2007/09/13 02:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GetRightToGo
[2009/01/15 05:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\gtk-2.0
[2009/10/25 20:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\JCreator
[2009/09/30 22:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera
[2008/06/18 18:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Seven Zip
[2007/09/12 22:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\STOPzilla!
[2007/10/03 01:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Template
[2007/09/13 02:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\WinPatrol

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/09/04 22:00:53 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/11/15 01:22:45 | 000,007,691 | ---- | M] () -- C:\avi_log.txt
[2007/09/06 20:00:30 | 007,746,154 | ---- | M] () -- C:\back_up.reg
[2008/12/23 20:37:28 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2009/08/10 16:32:58 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/12/13 18:13:33 | 000,009,935 | ---- | M] () -- C:\ComboFix.txt
[2007/09/04 22:00:53 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/29 02:59:37 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2007/09/13 02:12:51 | 000,000,164 | ---- | M] () -- C:\install.dat
[2007/09/04 22:00:53 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/14 16:28:39 | 000,006,776 | ---- | M] () -- C:\JavaRa.log
[2008/11/05 20:22:38 | 000,000,189 | ---- | M] () -- C:\lxdp.log
[2010/06/01 21:58:06 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2007/09/04 22:00:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2006/02/28 13:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/07/29 02:59:35 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2010/03/15 05:38:41 | 000,007,891 | ---- | M] () -- C:\Rescued document.txt
[2009/08/11 20:15:14 | 000,002,514 | ---- | M] () -- C:\RootRepeal report 08-11-09 (20-15-14).txt
[2009/12/04 15:45:38 | 000,002,514 | ---- | M] () -- C:\RootRepeal report 12-04-09 (14-45-38).txt
[2009/12/04 15:46:11 | 000,002,514 | ---- | M] () -- C:\RootRepeal report 12-04-09 (14-46-11).txt
[2008/11/03 01:19:58 | 000,000,323 | ---- | M] () -- C:\xinstall.log

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/09/04 22:00:21 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/02/27 00:05:40 | 000,115,200 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdpdrpp.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/09/04 22:37:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/09/04 22:37:23 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/09/04 22:37:23 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-27 17:32:35

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1
< End of report >
  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message to me on here. :)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

Did you attempt to run GMER in safe mode? If not, can you please try to do so, after running this fix below:

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
    :OTL
    MOD - [2007/03/08 16:36:28 | 000,194,048 | ---- | M] () -- C:\WINDOWS\odahujojulo.dll
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
    O4 - HKLM..\Run: [Bzaligowel] C:\WINDOWS\odahujojulo.DLL ()
    O4 - HKCU..\Run: [Nrekogiseyitegig] C:\WINDOWS\SDOCoc.DLL (MaresWEB)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: jgyo0w = C:\DOCUME~1\user\LOCALS~1\Temp\19aqp.exe File not found
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
    O33 - MountPoints2\{8ce83ad6-3de3-11de-a031-000fea18e8a6}\Shell - "" = AutoRun
    O33 - MountPoints2\{8ce83ad6-3de3-11de-a031-000fea18e8a6}\Shell\AutoRun - "" = Auto&Play
    [2010/07/27 22:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\{24D3CE2B-235A-48A8-9004-24A2046A6732}
    [2010/07/27 22:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\wgoakhese
    [2010/07/08 14:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\998BBD2E40E10AC64314E9FB78BCA3CB
    [2010/07/29 03:00:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Hxocoxubac.bin
    [2010/07/27 22:27:28 | 000,000,019 | ---- | M] () -- C:\WINDOWS\truy5rhr.rew
    [2010/07/27 22:26:42 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Qkuvak.dat
    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1
    
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



The log that is produced after running the OTL fix, the GMER log (if you were able to run it successfully), and an update on the status of how your computer is currently operating.
  • 0

#3
arclight

arclight

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
Hi SweetTech

Thank you for the help, i ran the OTL fix and here is the log

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bzaligowel deleted successfully.
C:\WINDOWS\odahujojulo.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Nrekogiseyitegig deleted successfully.
C:\WINDOWS\SDOCoc.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\jgyo0w not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ce83ad6-3de3-11de-a031-000fea18e8a6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ce83ad6-3de3-11de-a031-000fea18e8a6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ce83ad6-3de3-11de-a031-000fea18e8a6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ce83ad6-3de3-11de-a031-000fea18e8a6}\ not found.
C:\Documents and Settings\user\Local Settings\Application Data\{24D3CE2B-235A-48A8-9004-24A2046A6732}\chrome\content folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\{24D3CE2B-235A-48A8-9004-24A2046A6732}\chrome folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\{24D3CE2B-235A-48A8-9004-24A2046A6732} folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\wgoakhese folder moved successfully.
C:\Documents and Settings\user\Application Data\998BBD2E40E10AC64314E9FB78BCA3CB folder moved successfully.
C:\WINDOWS\Hxocoxubac.bin moved successfully.
C:\WINDOWS\truy5rhr.rew moved successfully.
C:\WINDOWS\Qkuvak.dat moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1 deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 708 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 57862 bytes

User: HelpAssistant.USER-2A1DED054E
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 1181787121 bytes
->Flash cache emptied: 66800 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: user
->Temp folder emptied: 20764 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 10680337 bytes
->FireFox cache emptied: 90804925 bytes
->Opera cache emptied: 17445172 bytes
->Flash cache emptied: 68072 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 40781116 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,280.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: HelpAssistant
->Flash cache emptied: 0 bytes

User: HelpAssistant.USER-2A1DED054E
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 07292010_220100

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_730.dat moved successfully.

Registry entries deleted on Reboot...



I also received an error message after reboot.

RUNDLL

"Error loading C:\Windows\SDOCoc.dll

The specified module could not be found

I have a screenshot and can post it if needed.

I have tried to run GMER in safemode however the screen is much smaller and as a result i cannot see or access the 'copy' or 'save' buttons below the 'scan' button.I tried expanding the program but no no avail.I will go into safe mode and try again and provide a screen shot shortly in around 15 mins in this thread.
  • 0

#4
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay. If possible try and keep any eye out for any entries that say: Suspicious Modification, and/or Rootkit. If you see these then please make note of them.
  • 0

#5
arclight

arclight

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
GmerSafeMode.JPG

Here is what i mean with Gmer.

It will probably take around 7 or 8 hours to run. I tried running it yesterday and after 5 hours in safe mode i had to go to sleep to wake up for work.I think today that the computer ran out of virtual memory and crashed(not 100% though).

I can leave the PC on tomorrow and run Gmer in safe mode while i'm at work although I'll only be able to post what the Gmer log has recorded when its finished.Although as the screenshot shows whether i'll be able to save the log i'm not sure.
  • 0

#6
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Do me a favor and run this scanner instead. Please attempt to run it in Normal mode, if that doesn't work try safe mode.

Please download this file, and save it to your Desktop. Once you have downloaded it, save and close all other programs and run it by double-clicking on the file named "RootRepeal.exe".

Once the main window shows up, please click on the "Report" button on the bottom of the window. Next, please click the "Scan" button.

Another window will pop up asking you to select what to include in the scan. Please uncheck everything except for the "Stealth Code" checkbox, and then click OK.

Once the program has finished scanning, the results will appear. Click on the "Save Report" button, and save the report to your desktop.

Finally, please open this report with Notepad, and post it here.
  • 0

#7
arclight

arclight

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
Here is the log , the scan didn't take long

ROOTREPEAL © AD, 2007-2010
==================================================
Report Save Time: 2010/07/29 23:20
Program Version: Version 2.0.0.0
Windows Version: Windows XP SP2
==================================================

STEALTH CODE
-------------------



On a separate note i managed to re size the resolution in safe mode and i can now access all of the Gmer buttons in safe mode.I can run the scan tomorrow while at work if you like and post the log when i get home (6pm UK time)
  • 0

#8
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Yes, please do that, and if it is still giving you issues tomorrow, we will move on to something else.
  • 0

#9
arclight

arclight

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
OK will do.
  • 0

#10
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
:)
  • 0

Advertisements


#11
arclight

arclight

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-30 17:47:53
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\fxnoiaod.sys


---- System - GMER 1.0.15 ----

SSDT sbhr.sys ZwClose [0xF8B0A514]
SSDT sbhr.sys ZwCreateKey [0xF8B0A552]
SSDT sbhr.sys ZwOpenKey [0xF8B0A4D0]
SSDT sbhr.sys ZwSetValueKey [0xF8B0A5A2]

---- EOF - GMER 1.0.15 ----


I am not 1005 sure the GMER program ran right but here is what was in the log.
  • 0

#12
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Please do the following:


Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#13
arclight

arclight

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
Here is the Combo-fix log,i disabled avira but it combo-fix it sensed it. I tried ending the process but an error message came up saying it could not be closed from the Task manager.


ComboFix 10-07-30.01 - user 30/07/2010 20:07:25.15.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.106 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\1718797295.dat

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.

2010-07-29 21:01 . 2010-07-29 21:01 -------- d-----w- C:\_OTL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 00:09 . 2009-08-14 14:52 -------- d-----w- c:\program files\McAfee
2010-07-27 17:45 . 2009-07-12 00:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-27 17:19 . 2007-10-23 23:42 -------- d-----w- c:\program files\Microsoft SQL Server
2010-07-24 18:27 . 2008-06-18 17:06 -------- d-----w- c:\program files\Blaze Media Pro
2010-07-03 02:29 . 2009-09-30 21:37 -------- d-----w- c:\program files\Opera
2010-06-14 14:30 . 2007-09-04 20:56 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-01 20:58 . 2009-01-02 02:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-02 05:56 . 2006-02-28 12:00 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-08 18:29 . 2010-04-08 13:00 44525661 --sha-w- c:\windows\system32\adsntx.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-10 28739]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-14 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"lxdpmon.exe"="c:\program files\Lexmark Z2300 Series\lxdpmon.exe" [2008-03-27 656040]
"EzPrint"="c:\program files\Lexmark Z2300 Series\ezprint.exe" [2008-03-27 107176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-08 68856]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\user\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= firefox.exe
"2"= opera.exe
"3"= chrome.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Alarm Master.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Alarm Master.lnk
backup=c:\windows\pss\Alarm Master.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2007-08-31 11:01 1037736 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
2007-06-15 14:17 699120 ----a-w- c:\program files\Sunbelt Software\CounterSpy\SBCSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 12:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Program Files\\Azureusvuze\\Azureus.exe"=
"c:\\Program Files\\Azureus2\\Azureus.exe"=
"c:\\Program Files\\Lexmark Z2300 Series\\lxdpmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdppswx.exe"=
"c:\\WINDOWS\\system32\\lxdpcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdptime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdpjswx.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Abyss Web Server\\abyssws.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop

R0 SBHR;SBHR;c:\windows\system32\drivers\sbhr.sys [14/09/2007 19:27 15544]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [04/12/2009 21:19 108289]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [14/08/2009 15:53 88176]
R3 SBAPIFS;SBAPIFS;\??\c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdpserv.exe [01/12/2007 08:16 98984]
S2 McAfeeAntiVirSchedulerService;McAfee SiteAdvisor Service McAfeeAntiVirSchedulerService;c:\windows\system32\adsmsexth.exe srv --> c:\windows\system32\adsmsexth.exe srv [?]
S3 AIDA32Driver;AIDA32Driver;F:\aida32.sys [11/05/2008 20:25 3584]
S3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [06/04/2008 15:25 423576]
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [08/12/2008 02:54 15104]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 08:01 2799808]
S4 STOPzilla Local Service;STOPzilla Local Service;c:\program files\STOPzilla!\SZNTSvc.exe [09/11/2003 11:34 45056]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SBAPIFS
*Deregistered* - fxnoiaod
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: Download using LeechGet - file://c:\program files\LeechGet 2009\\AddUrl.html
IE: Download using LeechGet Wizard - file://c:\program files\LeechGet 2009\\Wizard.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Parse with LeechGet - file://c:\program files\LeechGet 2009\\Parser.html
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Nrekogiseyitegig - c:\windows\SDOCoc.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-30 20:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-30 20:31:19
ComboFix-quarantined-files.txt 2010-07-30 19:31
ComboFix2.txt 2009-12-13 17:13
ComboFix3.txt 2009-12-13 16:04
ComboFix4.txt 2009-12-06 01:28
ComboFix5.txt 2010-07-30 19:01

Pre-Run: 16,747,323,392 bytes free
Post-Run: 16,718,761,984 bytes free

- - End Of File - - BF92406F3345D1406DCE0A7CB391AF02
  • 0

#14
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Locating ComboFix Log
  • Right click on START on the left end of your Windows toolbar (lower left corner of your screen)
  • Click on Explore
  • Click on Local Disk (C:) in the left-hand window pane
  • Click on Qoobox in the left-hand window pane
  • Look for ComboFix5.txt in the right-hand window pane and right click on it
  • Put your cursor (arrow) on Open With
  • Move your cursor to the new menu that opens and click on Choose Program...
  • Click on Notepad

When file opens, Copy/Paste text here.


Also, did you open up this port: "3389:TCP"= 3389:TCP:Remote Desktop ?

Edited by SweetTech, 30 July 2010 - 02:12 PM.

  • 0

#15
arclight

arclight

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 176 posts
ComboFix 09-12-04.02 - user 05/12/2009 1:41.5.1 - x86
Running from: F:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HelpAssistant.USER-2A1DED054E\Cookies\fuxafaby.dll
c:\documents and settings\HelpAssistant.USER-2A1DED054E\Cookies\kuhila.dat
c:\documents and settings\HelpAssistant.USER-2A1DED054E\Cookies\okabuxa.bat
c:\documents and settings\HelpAssistant.USER-2A1DED054E\Cookies\reco.db
c:\documents and settings\HelpAssistant.USER-2A1DED054E\Cookies\rohugago.dat
c:\documents and settings\HelpAssistant.USER-2A1DED054E\Cookies\uqoxycyle.ban
c:\documents and settings\HelpAssistant.USER-2A1DED054E\Cookies\uvydug.bat
c:\documents and settings\user\Cookies\fuxafaby.dll
c:\documents and settings\user\Cookies\kuhila.dat
c:\documents and settings\user\Cookies\okabuxa.bat
c:\documents and settings\user\Cookies\reco.db
c:\documents and settings\user\Cookies\rohugago.dat
c:\documents and settings\user\Cookies\uqoxycyle.ban
c:\documents and settings\user\Cookies\uvydug.bat
c:\program files\ATI Technologies\ATI.ACE\Core-Static\atIAcmxx.dll

c:\windows\system32\userinit.exe . . . is infected!!

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-11-05 to 2009-12-05 )))))))))))))))))))))))))))))))
.

2009-12-04 20:20 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 20:20 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-04 20:20 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-04 20:20 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-04 20:19 . 2009-12-04 20:19 -------- d-----w- c:\program files\Avira
2009-12-04 20:19 . 2009-12-04 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-04 14:07 . 2009-01-02 02:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 14:07 . 2009-01-10 02:30 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 16:14 . 2009-01-02 02:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-01-02 02:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 12:33 . 2009-08-14 14:52 -------- d-----w- c:\program files\McAfee
2009-11-03 04:17 . 2009-09-30 21:37 -------- d-----w- c:\program files\Opera
2009-10-25 19:46 . 2009-10-25 19:46 -------- d-----w- c:\program files\Sun
2009-10-25 19:44 . 2008-10-08 23:41 -------- d-----w- c:\program files\Java
2009-10-25 19:27 . 2009-10-25 19:27 -------- d-----w- c:\documents and settings\user\Application Data\JCreator
2009-10-25 19:27 . 2009-10-25 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\JCreator
2009-10-25 19:00 . 2009-10-25 19:00 -------- d-----w- c:\program files\Xinox Software
2009-10-14 16:42 . 2009-02-23 02:07 -------- d-----w- c:\program files\mkv2vob
2009-10-11 21:27 . 2007-09-07 00:16 -------- d-----w- c:\documents and settings\user\Application Data\Azureus
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-10 28739]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-14 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"lxdpmon.exe"="c:\program files\Lexmark Z2300 Series\lxdpmon.exe" [2008-03-27 656040]
"EzPrint"="c:\program files\Lexmark Z2300 Series\ezprint.exe" [2008-03-27 107176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-08 68856]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\user\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Alarm Master.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Alarm Master.lnk
backup=c:\windows\pss\Alarm Master.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Program Files\\Azureusvuze\\Azureus.exe"=
"c:\\Program Files\\Azureus2\\Azureus.exe"=
"c:\\Program Files\\Lexmark Z2300 Series\\lxdpmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdppswx.exe"=
"c:\\WINDOWS\\system32\\lxdpcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdptime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdpjswx.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop

R0 SBHR;SBHR;c:\windows\system32\drivers\sbhr.sys [14/09/2007 18:27 15544]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [04/12/2009 20:19 108289]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [14/08/2009 14:53 93320]
R3 SBAPIFS;SBAPIFS;\??\c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdpserv.exe [01/12/2007 07:16 98984]
S3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [06/04/2008 14:25 423576]
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [08/12/2008 01:54 15104]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 07:01 2799808]
S4 STOPzilla Local Service;STOPzilla Local Service;c:\program files\STOPzilla!\SZNTSvc.exe [09/11/2003 10:34 45056]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SBAPIFS
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: Download using LeechGet - file://c:\program files\LeechGet 2009\\AddUrl.html
IE: Download using LeechGet Wizard - file://c:\program files\LeechGet 2009\\Wizard.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Parse with LeechGet - file://c:\program files\LeechGet 2009\\Parser.html
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-LeechGet - (no file)
AddRemove-Blaze Media Pro - c:\documents and settings\All Users\Application Data\{4C2CB1B6-C45E-4307-ACEE-27BE65138599}\setup_blazemp.exe REMOVE=TRUE MODIFY=FALSE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 02:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys hal.dll >>UNKNOWN [0x82645E40]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf873afc3
\Driver\ACPI -> 0x82645e40
\Driver\atapi -> atapi.sys @ 0xf86657b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> 0x82682800
PacketIndicateHandler -> NDIS.sys @ 0xf857eb21
SendHandler -> NDIS.sys @ 0xf8572d33
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x04CAA48C
malicious code @ sector 0x04CAA48F !
PE file found in sector at 0x04CAA4A5 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6808)
c:\program files\Microsoft Office\Office10\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdpcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Sunbelt Software\CounterSpy\SBCSSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-12-05 03:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-05 03:17

Pre-Run: 15,805,865,984 bytes free
Post-Run: 15,716,782,080 bytes free

- - End Of File - - 98E1BCA04DF6B055A84C467FE5267C9F
ComboFix 09-12-04.02 - user 05/12/2009 14:30.6.1 - x86
Running from: F:\ComboFix.exe
Command switches used :: F:\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\proquota.exe . . . is missing!!

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-11-05 to 2009-12-05 )))))))))))))))))))))))))))))))
.

2009-12-05 13:25 . 2009-12-05 13:25 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PCHealth
2009-12-05 05:13 . 2009-12-05 05:13 160912 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-05 05:12 . 2009-12-05 05:12 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-05 05:11 . 2009-12-05 05:11 -------- d-----w- c:\program files\Reference Assemblies
2009-12-05 05:10 . 2009-12-05 05:11 -------- d-----w- C:\e7241e681a8d2d600575b3588f74ab5f
2009-12-05 04:52 . 2009-12-05 04:52 -------- d-----w- c:\windows\ServicePackFiles
2009-12-04 20:20 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 20:20 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-04 20:20 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-04 20:20 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-04 20:19 . 2009-12-04 20:19 -------- d-----w- c:\program files\Avira
2009-12-04 20:19 . 2009-12-04 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 13:20 . 2009-07-12 00:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-05 04:58 . 2007-10-23 23:42 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-04 14:07 . 2009-01-02 02:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 14:07 . 2009-01-10 02:30 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 16:14 . 2009-01-02 02:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-01-02 02:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 12:33 . 2009-08-14 14:52 -------- d-----w- c:\program files\McAfee
2009-11-03 04:17 . 2009-09-30 21:37 -------- d-----w- c:\program files\Opera
2009-10-25 19:46 . 2009-10-25 19:46 -------- d-----w- c:\program files\Sun
2009-10-25 19:44 . 2008-10-08 23:41 -------- d-----w- c:\program files\Java
2009-10-25 19:27 . 2009-10-25 19:27 -------- d-----w- c:\documents and settings\user\Application Data\JCreator
2009-10-25 19:27 . 2009-10-25 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\JCreator
2009-10-25 19:00 . 2009-10-25 19:00 -------- d-----w- c:\program files\Xinox Software
2009-10-14 16:42 . 2009-02-23 02:07 -------- d-----w- c:\program files\mkv2vob
2009-10-11 21:27 . 2007-09-07 00:16 -------- d-----w- c:\documents and settings\user\Application Data\Azureus
.

((((((((((((((((((((((((((((( [email protected]_02.45.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 19:41 . 2009-07-11 19:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-12-05 15:28 . 2009-12-05 15:28 16384 c:\windows\Temp\Perflib_Perfdata_6c8.dat
+ 2006-02-28 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\wdigest.dll
+ 2008-07-29 21:10 . 2008-07-29 21:10 26112 c:\windows\system32\TsWpfWrp.exe
+ 2006-02-28 12:00 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe
+ 2008-04-23 00:55 . 2008-07-06 12:06 89088 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\secur32.dll
+ 2008-07-29 19:59 . 2008-07-29 19:59 43544 c:\windows\system32\PresentationHostProxy.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 39424 c:\windows\system32\pngfilt.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 39424 c:\windows\system32\pngfilt.dll
+ 2006-02-28 12:00 . 2009-12-05 05:19 88760 c:\windows\system32\perfc009.dat
+ 2008-07-25 11:17 . 2008-07-25 11:17 15360 c:\windows\system32\mui\0409\mscorees.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 83968 c:\windows\system32\mscories.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 16384 c:\windows\system32\jsproxy.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 16384 c:\windows\system32\jsproxy.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 96256 c:\windows\system32\inseng.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 96256 c:\windows\system32\inseng.dll
+ 2008-07-29 19:24 . 2008-07-29 19:24 97800 c:\windows\system32\infocardapi.dll
- 2008-10-08 22:45 . 2009-04-29 04:52 81920 c:\windows\system32\ieencode.dll
+ 2008-10-08 22:45 . 2009-06-26 16:18 81920 c:\windows\system32\ieencode.dll
+ 2008-07-29 19:24 . 2008-07-29 19:24 11264 c:\windows\system32\icardres.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 55808 c:\windows\system32\extmgr.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 55808 c:\windows\system32\extmgr.dll
+ 2008-07-29 21:10 . 2008-07-29 21:10 73720 c:\windows\system32\dxva2.dll
+ 2006-02-28 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys
+ 2006-02-28 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2006-02-28 12:00 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
+ 2006-02-28 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\dllcache\secur32.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 39424 c:\windows\system32\dllcache\pngfilt.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-02-28 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys
+ 2006-02-28 12:00 . 2009-06-26 16:18 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 96256 c:\windows\system32\dllcache\inseng.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 96256 c:\windows\system32\dllcache\inseng.dll
+ 2008-10-08 22:45 . 2009-06-26 16:18 81920 c:\windows\system32\dllcache\ieencode.dll
- 2008-10-08 22:45 . 2009-04-29 04:52 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2007-09-04 20:55 . 2009-06-22 11:38 18432 c:\windows\system32\dllcache\iedw.exe
- 2007-09-04 20:55 . 2009-04-27 09:17 18432 c:\windows\system32\dllcache\iedw.exe
+ 2007-03-22 19:24 . 2008-07-06 12:06 89088 c:\windows\system32\dllcache\filterpipelineprintproc.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 55808 c:\windows\system32\dllcache\extmgr.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2006-02-28 12:00 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 84992 c:\windows\system32\dllcache\avifil32.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 58880 c:\windows\system32\dllcache\atl.dll
+ 2006-02-28 12:00 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 96760 c:\windows\system32\dfshim.dll
+ 2006-02-28 12:00 . 2009-06-10 14:21 84992 c:\windows\system32\avifil32.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 84992 c:\windows\system32\avifil32.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 58880 c:\windows\system32\atl.dll
+ 2006-02-28 12:00 . 2009-07-17 18:55 58880 c:\windows\system32\atl.dll
+ 2008-07-29 23:40 . 2008-07-29 23:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-29 23:40 . 2008-07-29 23:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-29 23:40 . 2008-07-29 23:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-29 21:10 . 2008-07-29 21:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-29 19:59 . 2008-07-29 19:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-29 21:10 . 2008-07-29 21:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-29 19:32 . 2008-07-29 19:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-29 19:16 . 2008-07-29 19:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 11:17 . 2008-07-25 11:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-11-25 04:59 . 2008-11-25 04:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-07-29 21:07 . 2008-07-29 21:07 23040 c:\windows\Installer\8ac237.msp
+ 2009-12-05 05:07 . 2009-12-05 05:07 88576 c:\windows\Installer\832495.msi
+ 2009-12-05 05:10 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2009-12-05 15:00 . 2009-12-05 15:00 98816 c:\windows\assembly\NativeImages_v2.0.50727_32\VSLangProj\80665505e0ef175bd8b287325123b7c8\VSLangProj.ni.dll
+ 2009-12-05 13:43 . 2009-12-05 13:43 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll
+ 2009-12-05 14:58 . 2009-12-05 14:58 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f7af0aaadb179432bcdea05fa942261f\System.Windows.Presentation.ni.dll
+ 2009-12-05 14:58 . 2009-12-05 14:58 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a88497839ef16fad00d3767e03ac380e\System.Web.DynamicData.Design.ni.dll
+ 2009-12-05 14:48 . 2009-12-05 14:48 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-12-05 14:48 . 2009-12-05 14:48 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
+ 2009-12-05 13:22 . 2009-12-05 13:22 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe
+ 2009-12-05 05:21 . 2009-12-05 05:21 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll
+ 2009-12-05 14:43 . 2009-12-05 14:43 22016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\662721fa02be6885737a05d1f808ff09\Microsoft.VisualStudio.Designer.Interfaces.ni.dll
+ 2009-12-05 14:40 . 2009-12-05 14:40 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\ec83ec80653eb20ccc6ed42075c90aee\Microsoft.VisualC.ni.dll
+ 2009-12-05 14:42 . 2009-12-05 14:42 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5f191a0a1898e6a24c126ae4a7110472\Microsoft.SqlServer.CustomControls.ni.dll
+ 2009-12-05 14:41 . 2009-12-05 14:41 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
+ 2009-12-05 14:40 . 2009-12-05 14:40 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll
+ 2009-12-05 14:40 . 2009-12-05 14:40 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
+ 2009-12-05 14:39 . 2009-12-05 14:39 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2009-12-05 05:11 . 2009-12-05 05:11 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2009-12-05 05:11 . 2009-12-05 05:11 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2009-12-05 05:11 . 2009-12-05 05:11 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-02-23 20:05 . 2009-02-23 20:05 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-12-05 04:52 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973815\update\spcustom.dll
+ 2009-12-05 04:52 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973815\spmsg.dll
+ 2009-12-05 05:01 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973507\update\spcustom.dll
+ 2009-12-05 05:01 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973507\spmsg.dll
+ 2009-07-17 19:25 . 2009-07-17 19:25 58880 c:\windows\$hf_mig$\KB973507\SP3QFE\atl.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\$hf_mig$\KB973507\SP3GDR\atl.dll
+ 2009-07-17 18:43 . 2009-07-17 18:43 58880 c:\windows\$hf_mig$\KB973507\SP2QFE\atl.dll
+ 2009-12-05 05:22 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB972260\update\spcustom.dll
+ 2009-12-05 05:22 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB972260\spmsg.dll
+ 2009-06-26 16:42 . 2009-06-26 16:42 81920 c:\windows\$hf_mig$\KB972260\SP3QFE\ieencode.dll
+ 2009-06-26 16:50 . 2009-06-26 16:50 81920 c:\windows\$hf_mig$\KB972260\SP3GDR\ieencode.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 39424 c:\windows\$hf_mig$\KB972260\SP2QFE\pngfilt.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 16384 c:\windows\$hf_mig$\KB972260\SP2QFE\jsproxy.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 96256 c:\windows\$hf_mig$\KB972260\SP2QFE\inseng.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 81920 c:\windows\$hf_mig$\KB972260\SP2QFE\ieencode.dll
+ 2009-06-22 11:40 . 2009-06-22 11:40 18432 c:\windows\$hf_mig$\KB972260\SP2QFE\iedw.exe
+ 2009-06-26 15:59 . 2009-06-26 15:59 55808 c:\windows\$hf_mig$\KB972260\SP2QFE\extmgr.dll
+ 2009-12-05 05:22 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971657\update\spcustom.dll
+ 2009-12-05 05:22 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971657\spmsg.dll
+ 2009-12-05 05:22 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971557\update\spcustom.dll
+ 2009-12-05 05:22 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971557\spmsg.dll
+ 2009-06-10 14:01 . 2009-06-10 14:01 84992 c:\windows\$hf_mig$\KB971557\SP3QFE\avifil32.dll
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\$hf_mig$\KB971557\SP3GDR\avifil32.dll
+ 2009-06-10 14:52 . 2009-06-10 14:52 84992 c:\windows\$hf_mig$\KB971557\SP2QFE\avifil32.dll
+ 2009-12-05 05:23 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB960859\update\spcustom.dll
+ 2009-12-05 05:23 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB960859\spmsg.dll
+ 2009-06-12 12:03 . 2009-06-12 12:03 80896 c:\windows\$hf_mig$\KB960859\SP3QFE\tlntsess.exe
+ 2009-06-12 12:03 . 2009-06-12 12:03 76288 c:\windows\$hf_mig$\KB960859\SP3QFE\telnet.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\$hf_mig$\KB960859\SP3GDR\tlntsess.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\$hf_mig$\KB960859\SP3GDR\telnet.exe
+ 2009-06-12 11:49 . 2009-06-12 11:49 80896 c:\windows\$hf_mig$\KB960859\SP2QFE\tlntsess.exe
+ 2009-06-12 11:49 . 2009-06-12 11:49 76288 c:\windows\$hf_mig$\KB960859\SP2QFE\telnet.exe
+ 2009-12-05 05:18 . 2009-12-05 05:18 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-12-05 01:41 . 2009-12-05 14:01 3004 c:\windows\SoftwareDistribution\EventCache\{10E9E802-0028-4A1B-941F-40611C327E23}.bin
+ 2008-07-29 23:40 . 2008-07-29 23:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2009-12-05 05:14 . 2009-12-05 05:14 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-02-23 20:05 . 2009-02-23 20:05 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-11-07 02:19 . 2007-11-07 02:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 02:19 . 2007-11-07 02:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-06 21:23 . 2007-11-06 21:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2008-07-29 21:26 . 2008-07-29 21:26 301568 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2007-03-23 05:07 . 2008-07-06 12:06 575488 c:\windows\system32\xpsshhdr.dll
+ 2007-09-04 21:01 . 2009-06-22 11:26 352768 c:\windows\system32\xpsp3res.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 233472 c:\windows\system32\wmpdxm.dll
+ 2006-02-28 12:00 . 2009-07-13 01:18 233472 c:\windows\system32\wmpdxm.dll
- 2006-02-28 12:00 . 2006-08-17 12:28 132096 c:\windows\system32\wkssvc.dll
+ 2006-02-28 12:00 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 659456 c:\windows\system32\wininet.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 659456 c:\windows\system32\wininet.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 616448 c:\windows\system32\urlmon.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 616448 c:\windows\system32\urlmon.dll
+ 2008-07-29 19:59 . 2008-07-29 19:59 161296 c:\windows\system32\UIAutomationCore.dll
+ 2008-04-23 00:55 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2008-04-23 00:55 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2008-04-23 00:55 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2008-04-23 00:55 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2008-04-23 00:55 . 2008-07-06 12:06 147456 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2007-03-22 19:25 . 2008-07-06 10:50 597504 c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
+ 2007-03-22 20:03 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
- 2007-03-22 20:03 . 2007-03-22 20:03 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2007-03-22 20:03 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2007-03-22 19:24 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2007-03-22 19:24 . 2008-07-06 12:06 198656 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2007-03-22 19:24 . 2008-07-06 12:06 765440 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 474112 c:\windows\system32\shlwapi.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 474112 c:\windows\system32\shlwapi.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\schannel.dll
+ 2007-03-22 19:25 . 2008-07-06 12:06 117760 c:\windows\system32\prntvpt.dll
+ 2008-07-29 19:59 . 2008-07-29 19:59 781344 c:\windows\system32\PresentationNative_v0300.dll
+ 2008-07-29 20:35 . 2008-07-29 20:35 326160 c:\windows\system32\PresentationHost.exe
+ 2008-07-29 19:59 . 2008-07-29 19:59 105016 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2006-02-28 12:00 . 2009-12-05 05:19 487700 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2009-08-05 09:11 204800 c:\windows\system32\mswebdvd.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 133632 c:\windows\system32\msv1_0.dll
+ 2007-09-04 20:53 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 532480 c:\windows\system32\mstime.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 532480 c:\windows\system32\mstime.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 146432 c:\windows\system32\msrating.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 146432 c:\windows\system32\msrating.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 449024 c:\windows\system32\mshtmled.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 449024 c:\windows\system32\mshtmled.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 158720 c:\windows\system32\mscorier.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 282112 c:\windows\system32\mscoree.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 724480 c:\windows\system32\lsasrv.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 298496 c:\windows\system32\kerberos.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 251392 c:\windows\system32\iepeers.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 251392 c:\windows\system32\iepeers.dll
+ 2008-07-29 19:24 . 2008-07-29 19:24 622080 c:\windows\system32\icardagt.exe
+ 2007-09-04 21:38 . 2009-12-05 13:20 269392 c:\windows\system32\FNTCACHE.DAT
+ 2008-07-29 21:10 . 2008-07-29 21:10 493048 c:\windows\system32\evr.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 205312 c:\windows\system32\dxtrans.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 205312 c:\windows\system32\dxtrans.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 357888 c:\windows\system32\dxtmsft.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 357888 c:\windows\system32\dxtmsft.dll
+ 2007-03-23 05:07 . 2008-07-06 12:06 575488 c:\windows\system32\dllcache\xpsshhdr.dll
+ 2006-02-28 12:00 . 2009-07-13 01:18 233472 c:\windows\system32\dllcache\wmpdxm.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2006-02-28 12:00 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2006-02-28 12:00 . 2006-08-17 12:28 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 659456 c:\windows\system32\dllcache\wininet.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 659456 c:\windows\system32\dllcache\wininet.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 616448 c:\windows\system32\dllcache\urlmon.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 616448 c:\windows\system32\dllcache\urlmon.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\dllcache\schannel.dll
+ 2007-03-22 19:25 . 2008-07-06 10:50 597504 c:\windows\system32\dllcache\printfilterpipelinesvc.exe
+ 2006-02-28 12:00 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 133632 c:\windows\system32\dllcache\msv1_0.dll
+ 2007-09-04 20:53 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 532480 c:\windows\system32\dllcache\mstime.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 532480 c:\windows\system32\dllcache\mstime.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 146432 c:\windows\system32\dllcache\msrating.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 146432 c:\windows\system32\dllcache\msrating.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 449024 c:\windows\system32\dllcache\mshtmled.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 724480 c:\windows\system32\dllcache\lsasrv.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 298496 c:\windows\system32\dllcache\kerberos.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 251392 c:\windows\system32\dllcache\iepeers.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 251392 c:\windows\system32\dllcache\iepeers.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 151040 c:\windows\system32\dllcache\cdfview.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 151040 c:\windows\system32\cdfview.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 151040 c:\windows\system32\cdfview.dll
+ 2008-07-29 23:40 . 2008-07-29 23:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-29 23:40 . 2008-07-29 23:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2009-12-05 05:13 . 2009-12-05 05:13 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-29 18:47 . 2008-07-29 18:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 18:47 . 2008-07-29 18:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-29 23:15 . 2008-07-29 23:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-29 23:40 . 2008-07-29 23:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-29 23:40 . 2008-07-29 23:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-29 20:35 . 2008-07-29 20:35 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-29 19:59 . 2008-07-29 19:59 132120 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-29 21:10 . 2008-07-29 21:10 806928 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-29 19:16 . 2008-07-29 19:16 966656 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-29 19:16 . 2008-07-29 19:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-29 19:16 . 2008-07-29 19:16 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-29 19:24 . 2008-07-29 19:24 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-29 19:16 . 2008-07-29 19:16 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-11-25 04:59 . 2008-11-25 04:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-11-25 04:59 . 2008-11-25 04:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 07:28 . 2005-09-23 07:28 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 392184 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-11-25 04:59 . 2008-11-25 04:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-11-25 04:59 . 2008-11-25 04:59 990032 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2005-09-23 07:29 . 2005-09-23 07:29 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 11:16 . 2008-07-25 11:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2005-09-23 07:28 . 2005-09-23 07:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 11:17 . 2008-07-25 11:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 648192 c:\windows\Installer\8d0c1c.msi
+ 2008-07-29 21:23 . 2008-07-29 21:23 250880 c:\windows\Installer\8ac240.msp
+ 2008-07-29 21:28 . 2008-07-29 21:28 278016 c:\windows\Installer\8ac23e.msp
+ 2008-07-29 19:40 . 2008-07-29 19:40 291840 c:\windows\Installer\8ac23c.msp
+ 2009-12-05 05:12 . 2009-12-05 05:12 137728 c:\windows\Installer\8ac236.msi
+ 2008-07-29 17:35 . 2008-07-29 17:35 553472 c:\windows\Installer\83249a.msp
+ 2008-07-29 17:33 . 2008-07-29 17:33 506368 c:\windows\Installer\832498.msp
+ 2008-07-29 17:37 . 2008-07-29 17:37 911360 c:\windows\Installer\832497.msp
+ 2009-12-05 05:00 . 2009-12-05 05:00 817152 c:\windows\Installer\78cc29.msi
+ 2009-12-05 04:52 . 2009-12-05 04:52 248832 c:\windows\Installer\78cc07.msi
+ 2009-12-05 05:10 . 2008-03-13 04:52 761344 c:\windows\Driver Cache\i386\unires.dll
+ 2009-12-05 05:10 . 2008-07-06 12:06 744960 c:\windows\Driver Cache\i386\unidrvui.dll
+ 2009-12-05 05:10 . 2008-07-06 12:06 373248 c:\windows\Driver Cache\i386\unidrv.dll
+ 2009-12-05 05:10 . 2008-07-06 12:06 198656 c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2009-12-05 05:10 . 2008-07-06 12:06 765440 c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2009-12-05 14:37 . 2009-12-05 14:37 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
+ 2009-12-05 13:45 . 2009-12-05 13:45 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a83372e5cbc4042b620166dd5350d85f\WindowsFormsIntegration.ni.dll
+ 2009-12-05 13:43 . 2009-12-05 13:43 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll
+ 2009-12-05 13:42 . 2009-12-05 13:42 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll
+ 2009-12-05 15:00 . 2009-12-05 15:00 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
+ 2009-12-05 14:57 . 2009-12-05 14:57 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
+ 2009-12-05 14:58 . 2009-12-05 14:58 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
+ 2009-12-05 14:58 . 2009-12-05 14:58 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f65fb8be2e362734f53fbb9dc35f26e2\System.Web.Extensions.Design.ni.dll
+ 2009-12-05 14:58 . 2009-12-05 14:58 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4dae0afee576eae5e2d581da2a9796c7\System.Web.Entity.ni.dll
+ 2009-12-05 14:58 . 2009-12-05 14:58 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\4c80451cab9ed54fe57833031f1dd839\System.Web.Entity.Design.ni.dll
+ 2009-12-05 14:58 . 2009-12-05 14:58 543232 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\eeaf56aa1bd6d24e36030b39a5c47548\System.Web.DynamicData.ni.dll
+ 2009-12-05 14:57 . 2009-12-05 14:57 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
+ 2009-12-05 14:56 . 2009-12-05 14:56 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
+ 2009-12-05 14:56 . 2009-12-05 14:56 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
+ 2009-12-05 14:41 . 2009-12-05 14:41 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
+ 2009-12-05 14:33 . 2009-12-05 14:33 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll
+ 2009-12-05 14:32 . 2009-12-05 14:32 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll
+ 2009-12-05 13:39 . 2009-12-05 13:39 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-12-05 14:53 . 2009-12-05 14:53 940032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bd901a9bae6a3da584d7967a671a9ebc\System.Data.Services.Client.ni.dll
+ 2009-12-05 14:54 . 2009-12-05 14:54 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\256b00658cc130c386896268a71b620c\System.Data.Services.Design.ni.dll
+ 2009-12-05 14:50 . 2009-12-05 14:50 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
+ 2009-12-05 14:48 . 2009-12-05 14:48 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2009-12-05 14:40 . 2009-12-05 14:40 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll
+ 2009-12-05 14:48 . 2009-12-05 14:48 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2009-12-05 14:37 . 2009-12-05 14:37 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2009-12-05 14:37 . 2009-12-05 14:37 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
+ 2009-12-05 14:37 . 2009-12-05 14:37 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2009-12-05 13:33 . 2009-12-05 13:33 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\92748439cdac6ddf0f44ea37c80f86e6\PresentationFramework.Luna.ni.dll
+ 2009-12-05 13:33 . 2009-12-05 13:33 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\64e2cac1a876e4a95db852f4bd7745b0\PresentationFramework.Aero.ni.dll
+ 2009-12-05 13:33 . 2009-12-05 13:33 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\46a14da1535de3ee3408f5595770ceb6\PresentationFramework.Royale.ni.dll
+ 2009-12-05 13:33 . 2009-12-05 13:33 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1d02316b59717479d61ce0ddba9af4b1\PresentationFramework.Classic.ni.dll
+ 2009-12-05 14:40 . 2009-12-05 14:40 895488 c:\windows\assembly\NativeImages_v2.0.50727_32\msvcm80\1ccc0a3f78a0244fd409e393b07a50bb\msvcm80.ni.dll
+ 2009-12-05 14:40 . 2009-12-05 14:40 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
+ 2009-12-05 14:48 . 2009-12-05 14:48 821760 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f4cd2f329f679b71075b16cbaa2f8b33\Microsoft.VisualStudio.Windows.Forms.ni.dll
+ 2009-12-05 14:44 . 2009-12-05 14:44 996352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e59f198d4fc72e477fbc898c8afda703\Microsoft.VisualStudio.VirtualTreeGrid.ni.dll
+ 2009-12-05 14:45 . 2009-12-05 14:45 823808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e1cfcf7696c8d8bc8932bf904f96f6b1\Microsoft.VisualStudio.Shell.ni.dll
+ 2009-12-05 14:47 . 2009-12-05 14:47 369664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ce16c16ffe3e5854a1991a4cf5286a7d\Microsoft.VisualStudio.Shell.Interop.8.0.ni.dll
+ 2009-12-05 14:42 . 2009-12-05 14:42 666112 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\baf6cf9238c30b5b3895f49dbeca148b\Microsoft.VisualStudio.ni.dll
+ 2009-12-05 14:47 . 2009-12-05 14:47 595968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b9e89d784d8d93fde507e55f3d738d1a\Microsoft.VisualStudio.Shell.Design.ni.dll
+ 2009-12-05 14:45 . 2009-12-05 14:45 773632 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8614f9f033f630956c2e924ba8edfa8e\Microsoft.VisualStudio.Modeling.ArtifactMapper.ni.dll
+ 2009-12-05 14:47 . 2009-12-05 14:47 306176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\472373a9478ff5e8f55a04439da6366d\Microsoft.VisualStudio.OLE.Interop.ni.dll
+ 2009-12-05 14:43 . 2009-12-05 14:43 220160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\27ac14de9a5086cdfeeda114af2abac3\Microsoft.VisualStudio.Configuration.ni.dll
+ 2009-12-05 14:45 . 2009-12-05 14:45 176128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\17d09a3622beafbbdafef82ebc49daab\Microsoft.VisualStudio.EnterpriseTools.ni.dll
+ 2009-12-05 14:37 . 2009-12-05 14:37 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-12-05 14:42 . 2009-12-05 14:42 530432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ed8ccc800ee6aebaaa48658a069f8bd5\Microsoft.SqlServer.GridControl.ni.dll
+ 2009-12-05 14:42 . 2009-12-05 14:42 989184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a0ede67a0c21b491d0cfe8dc4a343243\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
+ 2009-12-05 14:42 . 2009-12-05 14:42 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3ce0561b625697388a542557ef967253\Microsoft.SqlServer.Setup.ni.dll
+ 2009-12-05 14:42 . 2009-12-05 14:42 231936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\ab0fa478df45e38225090c1deff0e6fd\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2009-12-05 14:40 . 2009-12-05 14:40 369664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\9a6da6a62d18cf09b80d7312e891dfea\Microsoft.CompactFramework.Design.SmartPhone.ni.dll
+ 2009-12-05 14:42 . 2009-12-05 14:42 461824 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\5bdbdaee64f4ae7092568da893991efe\Microsoft.CompactFramework.Design.WindowsCE.ni.dll
+ 2009-12-05 14:42 . 2009-12-05 14:42 483840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\29a51e0d755cb925201d7815cb3d7532\Microsoft.CompactFramework.Design.PocketPC.ni.dll
+ 2009-12-05 14:41 . 2009-12-05 14:41 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
+ 2009-12-05 14:41 . 2009-12-05 14:41 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-12-05 14:41 . 2009-12-05 14:41 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2009-12-05 14:41 . 2009-12-05 14:41 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-12-05 14:41 . 2009-12-05 14:41 276480 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE80\159ec4b66221775e0d2adfb40f4cc031\EnvDTE80.ni.dll
+ 2009-12-05 14:39 . 2009-12-05 14:39 573440 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE\8eadb955cd57140f56d66ed4b84705a6\EnvDTE.ni.dll
+ 2009-12-05 14:41 . 2009-12-05 14:41 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2009-12-05 14:36 . 2009-12-05 14:36 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
+ 2009-12-05 14:39 . 2009-12-05 14:39 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-02-23 20:05 . 2009-02-23 20:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 225280 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-12-05 05:11 . 2009-12-05 05:11 966656 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-02-23 20:05 . 2009-02-23 20:05 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2009-02-23 20:05 . 2009-02-23 20:05 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2009-12-05 05:11 . 2009-12-05 05:11 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2009-12-05 05:11 . 2009-12-05 05:11 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2009-02-23 20:05 . 2009-02-23 20:05 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-12-05 05:11 . 2009-12-05 05:11 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-02-23 20:05 . 2009-02-23 20:05 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-02-23 20:05 . 2009-02-23 20:05 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-12-05 05:11 . 2009-12-05 05:11 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-02-23 20:04 . 2009-02-23 20:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-12-05 05:11 . 2009-12-05 05:11 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-12-05 04:52 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973815\update\updspapi.dll
+ 2009-12-05 04:52 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973815\update\update.exe
+ 2009-12-05 04:52 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973815\spuninst.exe
+ 2009-08-05 08:52 . 2009-08-05 08:52 204800 c:\windows\$hf_mig$\KB973815\SP3QFE\mswebdvd.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\$hf_mig$\KB973815\SP3GDR\mswebdvd.dll
+ 2009-08-05 08:42 . 2009-08-05 08:42 204800 c:\windows\$hf_mig$\KB973815\SP2QFE\mswebdvd.dll
+ 2009-12-05 05:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973507\update\updspapi.dll
+ 2009-12-05 05:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973507\update\update.exe
+ 2009-12-05 05:01 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973507\spuninst.exe
+ 2009-12-05 05:22 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB972260\update\updspapi.dll
+ 2009-12-05 05:22 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB972260\update\update.exe
+ 2009-12-05 05:22 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB972260\spuninst.exe
+ 2009-06-26 16:42 . 2009-06-26 16:42 668160 c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll
+ 2009-06-26 16:42 . 2009-06-26 16:42 620544 c:\windows\$hf_mig$\KB972260\SP3QFE\urlmon.dll
+ 2009-06-26 16:50 . 2009-06-26 16:50 666624 c:\windows\$hf_mig$\KB972260\SP3GDR\wininet.dll
+ 2009-06-26 16:50 . 2009-06-26 16:50 620032 c:\windows\$hf_mig$\KB972260\SP3GDR\urlmon.dll
+ 2009-06-22 11:26 . 2009-06-22 11:26 352768 c:\windows\$hf_mig$\KB972260\SP2QFE\xpsp3res.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 668160 c:\windows\$hf_mig$\KB972260\SP2QFE\wininet.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 620032 c:\windows\$hf_mig$\KB972260\SP2QFE\urlmon.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 474112 c:\windows\$hf_mig$\KB972260\SP2QFE\shlwapi.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 532480 c:\windows\$hf_mig$\KB972260\SP2QFE\mstime.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 146432 c:\windows\$hf_mig$\KB972260\SP2QFE\msrating.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 449024 c:\windows\$hf_mig$\KB972260\SP2QFE\mshtmled.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 251904 c:\windows\$hf_mig$\KB972260\SP2QFE\iepeers.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 205312 c:\windows\$hf_mig$\KB972260\SP2QFE\dxtrans.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 357888 c:\windows\$hf_mig$\KB972260\SP2QFE\dxtmsft.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 151040 c:\windows\$hf_mig$\KB972260\SP2QFE\cdfview.dll
+ 2009-12-05 05:22 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971657\update\updspapi.dll
+ 2009-12-05 05:22 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971657\update\update.exe
+ 2009-12-05 05:22 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971657\spuninst.exe
+ 2009-06-10 06:17 . 2009-06-10 06:17 134144 c:\windows\$hf_mig$\KB971657\SP3QFE\wkssvc.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\$hf_mig$\KB971657\SP3GDR\wkssvc.dll
+ 2009-06-10 06:26 . 2009-06-10 06:26 134144 c:\windows\$hf_mig$\KB971657\SP2QFE\wkssvc.dll
+ 2009-12-05 05:22 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971557\update\updspapi.dll
+ 2009-12-05 05:22 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971557\update\update.exe
+ 2009-12-05 05:22 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971557\spuninst.exe
+ 2009-12-05 05:23 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB960859\update\updspapi.dll
+ 2009-12-05 05:23 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB960859\update\update.exe
+ 2009-12-05 05:23 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB960859\spuninst.exe
+ 2007-03-23 05:07 . 2008-07-06 12:06 1676288 c:\windows\system32\xpssvcs.dll
+ 2006-02-28 12:00 . 2009-07-13 01:18 4960256 c:\windows\system32\wmp.dll
+ 2008-04-23 00:55 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2008-04-23 00:55 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2008-04-23 00:55 . 2008-07-06 17:36 2936832 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2008-04-23 00:55 . 2008-07-06 17:36 2936832 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2007-03-23 05:07 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2006-02-28 12:00 . 2009-07-18 16:20 1506304 c:\windows\system32\shdocvw.dll
+ 2006-02-28 12:00 . 2009-07-18 16:20 3062272 c:\windows\system32\mshtml.dll
+ 2007-03-23 05:07 . 2008-07-06 12:06 1676288 c:\windows\system32\dllcache\xpssvcs.dll
+ 2006-02-28 12:00 . 2009-07-18 16:20 1506304 c:\windows\system32\dllcache\shdocvw.dll
+ 2007-09-04 20:55 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2006-02-28 12:00 . 2009-07-18 16:20 3062272 c:\windows\system32\dllcache\mshtml.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 1054208 c:\windows\system32\dllcache\danim.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 1054208 c:\windows\system32\dllcache\danim.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 1054208 c:\windows\system32\danim.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 1054208 c:\windows\system32\danim.dll
+ 2006-02-28 12:00 . 2009-06-26 16:18 1023488 c:\windows\system32\browseui.dll
- 2006-02-28 12:00 . 2009-04-29 04:52 1023488 c:\windows\system32\browseui.dll
+ 2008-07-29 23:40 . 2008-07-29 23:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 18:47 . 2008-07-29 18:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 18:47 . 2008-07-29 18:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-29 23:40 . 2008-07-29 23:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-07-29 19:59 . 2008-07-29 19:59 1738760 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-29 21:10 . 2008-07-29 21:10 2637840 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-29 21:10 . 2008-07-29 21:10 4883464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-07-29 19:16 . 2008-07-29 19:16 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-11-25 04:59 . 2008-11-25 04:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-11-25 04:59 . 2008-11-25 04:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 3149824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 11:17 . 2008-07-25 11:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2008-11-25 04:59 . 2008-11-25 04:59 5813576 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2008-11-25 04:59 . 2008-11-25 04:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 11:16 . 2008-07-25 11:16 1163768 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2008-12-13 09:57 . 2008-12-13 09:57 8397824 c:\windows\Installer\8d0c2b.msp
+ 2008-07-29 19:26 . 2008-07-29 19:26 1043456 c:\windows\Installer\8ac23f.msp
+ 2008-07-29 20:37 . 2008-07-29 20:37 2679808 c:\windows\Installer\8ac23d.msp
+ 2008-07-29 21:15 . 2008-07-29 21:15 3697664 c:\windows\Installer\8ac23b.msp
+ 2008-07-29 19:34 . 2008-07-29 19:34 1448448 c:\windows\Installer\8ac23a.msp
+ 2008-07-29 20:22 . 2008-07-29 20:22 4137984 c:\windows\Installer\8ac239.msp
+ 2008-07-29 19:18 . 2008-07-29 19:18 3376640 c:\windows\Installer\8ac238.msp
+ 2008-07-29 17:45 . 2008-07-29 17:45 2543616 c:\windows\Installer\83249e.msp
+ 2008-07-29 17:29 . 2008-07-29 17:29 2926080 c:\windows\Installer\83249d.msp
+ 2008-07-29 17:41 . 2008-07-29 17:41 6487040 c:\windows\Installer\83249c.msp
+ 2008-07-29 17:39 . 2008-07-29 17:39 3403264 c:\windows\Installer\83249b.msp
+ 2008-07-29 17:43 . 2008-07-29 17:43 1013248 c:\windows\Installer\832499.msp
+ 2008-07-29 17:31 . 2008-07-29 17:31 6083072 c:\windows\Installer\832496.msp
+ 2009-12-05 05:22 . 2009-12-05 05:22 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
+ 2009-12-05 13:43 . 2009-12-05 13:43 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll
+ 2009-12-05 05:21 . 2009-12-05 05:21 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
+ 2009-12-05 13:42 . 2009-12-05 13:42 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
+ 2009-12-05 14:59 . 2009-12-05 14:59 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
+ 2009-12-05 14:59 . 2009-12-05 14:59 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
+ 2009-12-05 14:59 . 2009-12-05 14:59 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
+ 2009-12-05 14:59 . 2009-12-05 14:59 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
+ 2009-12-05 14:58 . 2009-12-05 14:58 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll
+ 2009-12-05 14:58 . 2009-12-05 14:58 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
+ 2009-12-05 14:57 . 2009-12-05 14:58 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\bc076f401df782e99d3d497ca2f49f3b\System.Web.Extensions.ni.dll
+ 2009-12-05 13:40 . 2009-12-05 13:40 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll
+ 2009-12-05 14:56 . 2009-12-05 14:56 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\5c3b03c2d75ecdbac4d1fc5fd5ea792e\System.ServiceModel.Web.ni.dll
+ 2009-12-05 14:33 . 2009-12-05 14:33 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
+ 2009-12-05 13:40 . 2009-12-05 13:40 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\f5cba80c080c5a234c638e4459daf1a2\System.Printing.ni.dll
+ 2009-12-05 14:29 . 2009-12-05 14:29 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll
+ 2009-12-05 13:39 . 2009-12-05 13:39 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
+ 2009-12-05 14:54 . 2009-12-05 14:54 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll
+ 2009-12-05 14:54 . 2009-12-05 14:54 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll
+ 2009-12-05 13:37 . 2009-12-05 13:37 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll
+ 2009-12-05 14:40 . 2009-12-05 14:40 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll
+ 2009-12-05 14:53 . 2009-12-05 14:53 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e3b0718d54013a32ae657209cc191bc8\System.Data.Services.ni.dll
+ 2009-12-05 13:38 . 2009-12-05 13:38 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\0bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll
+ 2009-12-05 14:50 . 2009-12-05 14:50 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll
+ 2009-12-05 13:35 . 2009-12-05 13:35 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
+ 2009-12-05 13:35 . 2009-12-05 13:35 2128384 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\c9ea0609aeb74eec2c5fd52a512398e3\ReachFramework.ni.dll
+ 2009-12-05 05:21 . 2009-12-05 05:21 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll
+ 2009-12-05 14:45 . 2009-12-05 14:45 1725952 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f56b9d5c7e31635053aca97edda4cd98\Microsoft.VisualStudio.Modeling.Diagrams.ni.dll
+ 2009-12-05 14:43 . 2009-12-05 14:43 1120256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d08af234888fe80e136793008f1fda98\Microsoft.VisualStudio.Design.ni.dll
+ 2009-12-05 14:44 . 2009-12-05 14:44 3940864 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c05a596d86a0c53f69e7c0408aaa8fc1\Microsoft.VisualStudio.Editors.ni.dll
+ 2009-12-05 14:46 . 2009-12-05 14:46 2805248 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\96008a0431880a4c003d5efe95cec7b3\Microsoft.VisualStudio.EnterpriseTools.TypeSystem.ni.dll
+ 2009-12-05 14:43 . 2009-12-05 14:43 1916416 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\7afdcb2246751ad97c2d13ea5b194059\Microsoft.VisualStudio.CommonIDE.ni.dll
+ 2009-12-05 14:44 . 2009-12-05 14:44 2139648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\61e42d25eaa0e9914351016ef401af2e\Microsoft.VisualStudio.Modeling.ni.dll
+ 2009-12-05 14:46 . 2009-12-05 14:46 2155008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\2c8fef459dc8da442d8788926999e88e\Microsoft.VisualStudio.EnterpriseTools.ClassDesigner.ni.dll
+ 2009-12-05 14:46 . 2009-12-05 14:46 1046528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\29e65fc333ded81d740e92caa0812e68\Microsoft.VisualStudio.EnterpriseTools.Shell.ni.dll
+ 2009-12-05 14:45 . 2009-12-05 14:45 1714688 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\13f4e5abdeeba27e3f167a9c61d8cb8e\Microsoft.VisualStudio.Modeling.Diagrams.GraphObject.ni.dll
+ 2009-12-05 14:47 . 2009-12-05 14:47 3863552 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0e9c93a6d830c6d3079f3008352cddd8\Microsoft.VisualStudio.Modeling.ArtifactMapper.VSHost.ni.dll
+ 2009-12-05 14:42 . 2009-12-05 14:42 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
+ 2009-12-05 14:36 . 2009-12-05 14:36 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2009-12-05 14:55 . 2009-12-05 14:55 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
+ 2009-12-05 14:40 . 2009-12-05 14:40 1863680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.CompactFr#\078b55882acbd6384241908649113223\Microsoft.CompactFramework.Design.ni.dll
+ 2009-12-05 14:41 . 2009-12-05 14:41 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
+ 2009-12-05 14:41 . 2009-12-05 14:41 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-12-05 14:40 . 2009-12-05 14:40 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 1245184 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-12-05 05:20 . 2009-12-05 05:20 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-12-05 05:14 . 2009-12-05 05:14 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2009-12-05 05:12 . 2009-12-05 05:12 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-12-05 05:11 . 2009-12-05 05:11 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2009-12-05 05:18 . 2009-12-05 05:18 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-07-18 15:31 . 2009-07-18 15:31 1509888 c:\windows\$hf_mig$\KB972260\SP3QFE\shdocvw.dll
+ 2009-07-18 15:31 . 2009-07-18 15:31 3069952 c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll
+ 2009-07-18 16:05 . 2009-07-18 16:05 1509888 c:\windows\$hf_mig$\KB972260\SP3GDR\shdocvw.dll
+ 2009-07-18 16:05 . 2009-07-18 16:05 3069440 c:\windows\$hf_mig$\KB972260\SP3GDR\mshtml.dll
+ 2009-07-18 16:00 . 2009-07-18 16:00 1509888 c:\windows\$hf_mig$\KB972260\SP2QFE\shdocvw.dll
+ 2009-07-18 16:00 . 2009-07-18 16:00 3069440 c:\windows\$hf_mig$\KB972260\SP2QFE\mshtml.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 1054208 c:\windows\$hf_mig$\KB972260\SP2QFE\danim.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 1024000 c:\windows\$hf_mig$\KB972260\SP2QFE\browseui.dll
+ 2008-12-13 10:21 . 2008-12-13 10:21 10473472 c:\windows\Installer\8d0c2d.msp
+ 2009-12-05 05:00 . 2009-12-05 05:00 15705600 c:\windows\Installer\78cc32.msp
+ 2009-12-05 13:31 . 2009-12-05 13:31 14325760 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3.tmp\PresentationFramework.dll
+ 2009-12-05 05:17 . 2009-12-05 05:17 11485184 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP294.tmp\mscorlib.dll
+ 2009-12-05 13:39 . 2009-12-05 13:39 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11.tmp\System.Design.dll
+ 2009-12-05 13:41 . 2009-12-05 13:41 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
+ 2009-12-05 14:57 . 2009-12-05 14:57 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll
+ 2009-12-05 14:35 . 2009-12-05 14:35 17316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d158ccb0c46f29a4a8d6de8074b1196d\System.ServiceModel.ni.dll
+ 2009-12-05 14:38 . 2009-12-05 14:38 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll
+ 2009-12-05 05:23 . 2009-12-05 05:23 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
+ 2009-12-05 05:20 . 2009-12-05 05:20 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-10 28739]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-14 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"lxdpmon.exe"="c:\program files\Lexmark Z2300 Series\lxdpmon.exe" [2008-03-27 656040]
"EzPrint"="c:\program files\Lexmark Z2300 Series\ezprint.exe" [2008-03-27 107176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-08 68856]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\user\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Alarm Master.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Alarm Master.lnk
backup=c:\windows\pss\Alarm Master.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Program Files\\Azureusvuze\\Azureus.exe"=
"c:\\Program Files\\Azureus2\\Azureus.exe"=
"c:\\Program Files\\Lexmark Z2300 Series\\lxdpmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdppswx.exe"=
"c:\\WINDOWS\\system32\\lxdpcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdptime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdpjswx.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop

R0 SBHR;SBHR;c:\windows\system32\drivers\sbhr.sys [14/09/2007 18:27 15544]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [04/12/2009 20:19 108289]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [14/08/2009 14:53 93320]
R3 SBAPIFS;SBAPIFS;\??\c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdpserv.exe [01/12/2007 07:16 98984]
S3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [06/04/2008 14:25 423576]
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [08/12/2008 01:54 15104]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 07:01 2799808]
S4 STOPzilla Local Service;STOPzilla Local Service;c:\program files\STOPzilla!\SZNTSvc.exe [09/11/2003 10:34 45056]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SBAPIFS
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: Download using LeechGet - file://c:\program files\LeechGet 2009\\AddUrl.html
IE: Download using LeechGet Wizard - file://c:\program files\LeechGet 2009\\Wizard.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Parse with LeechGet - file://c:\program files\LeechGet 2009\\Parser.html
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 15:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6284)
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdpcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Sunbelt Software\CounterSpy\SBCSSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-12-05 15:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-05 15:48
ComboFix2.txt 2009-12-05 03:17

Pre-Run: 15,447,838,720 bytes free
Post-Run: 15,280,009,216 bytes free

- - End Of File - - 20A412DD28DC578AFF266817BC1331E7
ComboFix 09-12-05.01 - user 05/12/2009 22:05.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.235 [GMT 0:00]
Running from: F:\ComboFix.exe
Command switches used :: F:\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\atapi.sys

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-11-05 to 2009-12-05 )))))))))))))))))))))))))))))))
.

2009-12-05 13:25 . 2009-12-05 13:25 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PCHealth
2009-12-05 05:13 . 2009-12-05 05:13 160912 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-05 05:12 . 2009-12-05 05:12 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-05 05:11 . 2009-12-05 05:11 -------- d-----w- c:\program files\Reference Assemblies
2009-12-05 05:10 . 2009-12-05 05:11 -------- d-----w- C:\e7241e681a8d2d600575b3588f74ab5f
2009-12-05 04:52 . 2009-12-05 04:52 -------- d-----w- c:\windows\ServicePackFiles
2009-12-04 20:20 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 20:20 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-04 20:20 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-04 20:20 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-04 20:19 . 2009-12-04 20:19 -------- d-----w- c:\program files\Avira
2009-12-04 20:19 . 2009-12-04 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 13:20 . 2009-07-12 00:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-05 04:58 . 2007-10-23 23:42 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-04 14:07 . 2009-01-02 02:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 14:07 . 2009-01-10 02:30 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 16:14 . 2009-01-02 02:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-01-02 02:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 12:33 . 2009-08-14 14:52 -------- d-----w- c:\program files\McAfee
2009-11-03 04:17 . 2009-09-30 21:37 -------- d-----w- c:\program files\Opera
2009-10-25 19:46 . 2009-10-25 19:46 -------- d-----w- c:\program files\Sun
2009-10-25 19:44 . 2008-10-08 23:41 -------- d-----w- c:\program files\Java
2009-10-25 19:27 . 2009-10-25 19:27 -------- d-----w- c:\documents and settings\user\Application Data\JCreator
2009-10-25 19:27 . 2009-10-25 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\JCreator
2009-10-25 19:00 . 2009-10-25 19:00 -------- d-----w- c:\program files\Xinox Software
2009-10-14 16:42 . 2009-02-23 02:07 -------- d-----w- c:\program files\mkv2vob
2009-10-11 21:27 . 2007-09-07 00:16 -------- d-----w- c:\documents and settings\user\Application Data\Azureus
.

((((((((((((((((((((((((((((( SnapShot_2009-12-05_15.31.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-05 22:42 . 2009-12-05 22:42 16384 c:\windows\Temp\Perflib_Perfdata_5e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-10 28739]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-14 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"lxdpmon.exe"="c:\program files\Lexmark Z2300 Series\lxdpmon.exe" [2008-03-27 656040]
"EzPrint"="c:\program files\Lexmark Z2300 Series\ezprint.exe" [2008-03-27 107176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-08 68856]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\user\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Alarm Master.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Alarm Master.lnk
backup=c:\windows\pss\Alarm Master.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Program Files\\Azureusvuze\\Azureus.exe"=
"c:\\Program Files\\Azureus2\\Azureus.exe"=
"c:\\Program Files\\Lexmark Z2300 Series\\lxdpmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdppswx.exe"=
"c:\\WINDOWS\\system32\\lxdpcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdptime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdpjswx.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop

R0 SBHR;SBHR;c:\windows\system32\drivers\sbhr.sys [14/09/2007 18:27 15544]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [04/12/2009 20:19 108289]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [14/08/2009 14:53 93320]
R3 SBAPIFS;SBAPIFS;\??\c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdpserv.exe [01/12/2007 07:16 98984]
S3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [06/04/2008 14:25 423576]
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [08/12/2008 01:54 15104]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 07:01 2799808]
S4 STOPzilla Local Service;STOPzilla Local Service;c:\program files\STOPzilla!\SZNTSvc.exe [09/11/2003 10:34 45056]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SBAPIFS
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: Download using LeechGet - file://c:\program files\LeechGet 2009\\AddUrl.html
IE: Download using LeechGet Wizard - file://c:\program files\LeechGet 2009\\Wizard.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Parse with LeechGet - file://c:\program files\LeechGet 2009\\Parser.html
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 22:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdpcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Sunbelt Software\CounterSpy\SBCSSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-12-05 23:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-05 23:03
ComboFix2.txt 2009-12-05 15:48
ComboFix3.txt 2009-12-05 03:17

Pre-Run: 15,152,246,784 bytes free
Post-Run: 15,117,508,608 bytes free

- - End Of File - - 420275B407D8F4D9C8C8C4ED284D4198
ComboFix 09-12-05.01 - user 05/12/2009 23:16.8.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.192 [GMT 0:00]
Running from: F:\ComboFix.exe
Command switches used :: F:\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))
.

2009-12-05 13:25 . 2009-12-05 13:25 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PCHealth
2009-12-05 05:13 . 2009-12-05 05:13 160912 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-05 05:12 . 2009-12-05 05:12 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-05 05:11 . 2009-12-05 05:11 -------- d-----w- c:\program files\Reference Assemblies
2009-12-05 05:10 . 2009-12-05 05:11 -------- d-----w- C:\e7241e681a8d2d600575b3588f74ab5f
2009-12-05 04:52 . 2009-12-05 04:52 -------- d-----w- c:\windows\ServicePackFiles
2009-12-04 20:20 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 20:20 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-04 20:20 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-04 20:20 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-04 20:19 . 2009-12-04 20:19 -------- d-----w- c:\program files\Avira
2009-12-04 20:19 . 2009-12-04 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 13:20 . 2009-07-12 00:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-05 04:58 . 2007-10-23 23:42 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-04 14:07 . 2009-01-02 02:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 14:07 . 2009-01-10 02:30 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 16:14 . 2009-01-02 02:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-01-02 02:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 12:33 . 2009-08-14 14:52 -------- d-----w- c:\program files\McAfee
2009-11-03 04:17 . 2009-09-30 21:37 -------- d-----w- c:\program files\Opera
2009-10-25 19:46 . 2009-10-25 19:46 -------- d-----w- c:\program files\Sun
2009-10-25 19:44 . 2008-10-08 23:41 -------- d-----w- c:\program files\Java
2009-10-25 19:27 . 2009-10-25 19:27 -------- d-----w- c:\documents and settings\user\Application Data\JCreator
2009-10-25 19:27 . 2009-10-25 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\JCreator
2009-10-25 19:00 . 2009-10-25 19:00 -------- d-----w- c:\program files\Xinox Software
2009-10-14 16:42 . 2009-02-23 02:07 -------- d-----w- c:\program files\mkv2vob
2009-10-11 21:27 . 2007-09-07 00:16 -------- d-----w- c:\documents and settings\user\Application Data\Azureus
.

((((((((((((((((((((((((((((( SnapShot_2009-12-05_15.31.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-05 23:57 . 2009-12-05 23:57 16384 c:\windows\Temp\Perflib_Perfdata_5dc.dat
+ 2009-12-06 00:04 . 2009-12-06 00:04 245760 c:\windows\ERDNT\AutoBackup\06-12-2009\Users\00000002\UsrClass.dat
+ 2009-12-06 00:04 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\06-12-2009\ERDNT.EXE
+ 2009-12-06 00:04 . 2009-12-06 00:04 9506816 c:\windows\ERDNT\AutoBackup\06-12-2009\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-10 28739]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-14 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"lxdpmon.exe"="c:\program files\Lexmark Z2300 Series\lxdpmon.exe" [2008-03-27 656040]
"EzPrint"="c:\program files\Lexmark Z2300 Series\ezprint.exe" [2008-03-27 107176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-08 68856]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\user\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Alarm Master.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Alarm Master.lnk
backup=c:\windows\pss\Alarm Master.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Program Files\\Azureusvuze\\Azureus.exe"=
"c:\\Program Files\\Azureus2\\Azureus.exe"=
"c:\\Program Files\\Lexmark Z2300 Series\\lxdpmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdppswx.exe"=
"c:\\WINDOWS\\system32\\lxdpcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdptime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdpjswx.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop

R0 SBHR;SBHR;c:\windows\system32\drivers\sbhr.sys [14/09/2007 18:27 15544]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [04/12/2009 20:19 108289]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [14/08/2009 14:53 93320]
R3 SBAPIFS;SBAPIFS;\??\c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdpserv.exe [01/12/2007 07:16 98984]
S3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [06/04/2008 14:25 423576]
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [08/12/2008 01:54 15104]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 07:01 2799808]
S4 STOPzilla Local Service;STOPzilla Local Service;c:\program files\STOPzilla!\SZNTSvc.exe [09/11/2003 10:34 45056]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SBAPIFS
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: Download using LeechGet - file://c:\program files\LeechGet 2009\\AddUrl.html
IE: Download using LeechGet Wizard - file://c:\program files\LeechGet 2009\\Wizard.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Parse with LeechGet - file://c:\program files\LeechGet 2009\\Parser.html
DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\x36qtul5.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 00:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6860)
c:\progra~1\TEXTBR~1.0\Bin\TBMHOOK.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Microsoft Office\Office10\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdpcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Sunbelt Software\CounterSpy\SBCSSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-12-06 00:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-06 00:17
ComboFix2.txt 2009-12-05 23:03
ComboFix3.txt 2009-12-05 15:48
ComboFix4.txt 2009-12-05 03:17

Pre-Run: 15,290,736,640 bytes free
Post-Run: 15,254,859,776 bytes free

- - End Of File - - 0CEEAEF1004F4BF6A2A647280132D3F8


Here is the log. I don't believe i have opened this port. I have never used remote desktop on my PC. I think that was the result of Malware as the firewall was turned off(windows firewall) after the initial malware was found before i posted here.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP