Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Suspected Trojan

Started by Anderwolf , May 10 2011 03:20 PM

Page 4 of 7
2
3
4
5
6

Please log in to reply

#46
Cold Titanium

Posted 03 August 2011 - 11:40 PM

Trusted Helper

Malware Removal
1,735 posts

Sorry for the delay. Did you manage to find your install disc?

Also, what are your current problems?

#47
Anderwolf

Posted 04 August 2011 - 07:11 AM

Member

Topic Starter
Member
89 posts

Well, I still have not went ahead with the last step in your directions because of the weird drive it was listing. (1: H:\MiniNT)
Do you want me to forget about that step? The biggest problem I am noticing now is that the computer takes a very long time to boot up. Normally when you boot up, you get that constant loading sound from the hard drive, now it is broken up and only loads for a second at a time. Also, every time it starts up, I get an error about "wamndy.dll" being missing or not found.
Still haven't found the install disk, but I will keep looking. Hopefully I can find it today.
Thanks again

#48
Cold Titanium

Posted 04 August 2011 - 03:05 PM

Trusted Helper

Malware Removal
1,735 posts

Hold off, let's try this instead.

Please visit HERE

Click Browse and upload the MBR.dat file of your desktop and post the results of the scanner.

#49
Anderwolf

Posted 04 August 2011 - 04:27 PM

Member

Topic Starter
Member
89 posts

I couldn't really tell what the results were. Not sure if this is what you wanted or not:

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
MBR.dat
Submission date:
2011-08-04 22:11:44 (UTC)
Current status:
finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.08.04.01 2011.08.04 -
AntiVir 7.11.12.218 2011.08.04 -
Antiy-AVL 2.0.3.7 2011.08.04 -
Avast 4.8.1351.0 2011.08.04 -
Avast5 5.0.677.0 2011.08.04 -
AVG 10.0.0.1190 2011.08.04 -
BitDefender 7.2 2011.08.05 -
CAT-QuickHeal 11.00 2011.08.04 -
ClamAV 0.97.0.0 2011.08.04 -
Commtouch 5.3.2.6 2011.08.04 -
Comodo 9630 2011.08.04 -
DrWeb 5.0.2.03300 2011.08.04 -
Emsisoft 5.1.0.8 2011.08.04 -
eSafe 7.0.17.0 2011.08.04 -
eTrust-Vet 36.1.8484 2011.08.04 -
F-Prot 4.6.2.117 2011.08.04 -
F-Secure 9.0.16440.0 2011.08.04 -
Fortinet 4.2.257.0 2011.08.04 -
GData 22 2011.08.05 -
Ikarus T3.1.1.104.0 2011.08.04 -
Jiangmin 13.0.900 2011.08.04 -
K7AntiVirus 9.109.4973 2011.08.02 -
Kaspersky 9.0.0.837 2011.08.04 -
McAfee 5.400.0.1158 2011.08.04 -
McAfee-GW-Edition 2010.1D 2011.08.04 -
Microsoft 1.7104 2011.08.04 -
NOD32 6351 2011.08.05 -
Norman 6.07.10 2011.08.04 -
nProtect 2011-08-04.01 2011.08.04 -
Panda 10.0.3.5 2011.08.04 -
PCTools 8.0.0.5 2011.08.05 -
Prevx 3.0 2011.08.05 -
Rising 23.69.03.03 2011.08.04 -
Sophos 4.67.0 2011.08.05 -
SUPERAntiSpyware 4.40.0.1006 2011.08.04 -
Symantec 20111.2.0.82 2011.08.05 -
TheHacker 6.7.0.1.270 2011.08.04 -
TrendMicro 9.200.0.1012 2011.08.04 -
TrendMicro-HouseCall 9.200.0.1012 2011.08.05 -
VBA32 3.12.16.4 2011.08.04 -
VIPRE 10067 2011.08.05 -
ViRobot 2011.8.4.4605 2011.08.04 -
VirusBuster 14.0.152.1 2011.08.04 -

#50
Cold Titanium

Posted 05 August 2011 - 12:33 PM

Trusted Helper

Malware Removal
1,735 posts

Let's try to run CF again

Delete your current copy of ComboFix

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\Combofix.txt in your next reply.

#51
Anderwolf

Posted 05 August 2011 - 04:39 PM

Member

Topic Starter
Member
89 posts

Ok so this time combofix successfully installed the recovery console and then continued on its business. It actually completed successfully and appeared to have gotten rid of a lot of stuff, however since I rebooted my computer seems to be running EXTRA sluggish. Other than that everything seems fine though. Here is the combofix log:

ComboFix 11-08-05.02 - Owner 08/05/2011 17:00:35.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1321 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h5m39eue.default\extensions\{4fd3df60-a3e7-4857-905e-9457a577c1f8}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h5m39eue.default\extensions\{4fd3df60-a3e7-4857-905e-9457a577c1f8}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h5m39eue.default\extensions\{4fd3df60-a3e7-4857-905e-9457a577c1f8}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h5m39eue.default\extensions\{4fd3df60-a3e7-4857-905e-9457a577c1f8}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h5m39eue.default\extensions\{4fd3df60-a3e7-4857-905e-9457a577c1f8}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h5m39eue.default\extensions\{96c14409-ea4f-49a6-8962-06f091b5c569}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h5m39eue.default\extensions\{96c14409-ea4f-49a6-8962-06f091b5c569}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h5m39eue.default\extensions\{96c14409-ea4f-49a6-8962-06f091b5c569}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h5m39eue.default\extensions\{96c14409-ea4f-49a6-8962-06f091b5c569}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h5m39eue.default\extensions\{96c14409-ea4f-49a6-8962-06f091b5c569}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h5m39eue.default\extensions\{9b48f8c5-e8a2-4150-bbee-d70407cf130b}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h5m39eue.default\extensions\{9b48f8c5-e8a2-4150-bbee-d70407cf130b}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h5m39eue.default\extensions\{9b48f8c5-e8a2-4150-bbee-d70407cf130b}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h5m39eue.default\extensions\{9b48f8c5-e8a2-4150-bbee-d70407cf130b}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h5m39eue.default\extensions\{9b48f8c5-e8a2-4150-bbee-d70407cf130b}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h5m39eue.default\extensions\{bbe0a261-f055-47e2-824b-f29157842ec2}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h5m39eue.default\extensions\{bbe0a261-f055-47e2-824b-f29157842ec2}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h5m39eue.default\extensions\{bbe0a261-f055-47e2-824b-f29157842ec2}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h5m39eue.default\extensions\{bbe0a261-f055-47e2-824b-f29157842ec2}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h5m39eue.default\extensions\{bbe0a261-f055-47e2-824b-f29157842ec2}\install.rdf
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7j3xj79.default\extensions\{4fd3df60-a3e7-4857-905e-9457a577c1f8}
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7j3xj79.default\extensions\{4fd3df60-a3e7-4857-905e-9457a577c1f8}\chrome.manifest
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7j3xj79.default\extensions\{4fd3df60-a3e7-4857-905e-9457a577c1f8}\chrome\xulcache.jar
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7j3xj79.default\extensions\{4fd3df60-a3e7-4857-905e-9457a577c1f8}\defaults\preferences\xulcache.js
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7j3xj79.default\extensions\{4fd3df60-a3e7-4857-905e-9457a577c1f8}\install.rdf
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7j3xj79.default\extensions\{96c14409-ea4f-49a6-8962-06f091b5c569}
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7j3xj79.default\extensions\{96c14409-ea4f-49a6-8962-06f091b5c569}\chrome.manifest
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7j3xj79.default\extensions\{96c14409-ea4f-49a6-8962-06f091b5c569}\chrome\xulcache.jar
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7j3xj79.default\extensions\{96c14409-ea4f-49a6-8962-06f091b5c569}\defaults\preferences\xulcache.js
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7j3xj79.default\extensions\{96c14409-ea4f-49a6-8962-06f091b5c569}\install.rdf
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7j3xj79.default\extensions\{9b48f8c5-e8a2-4150-bbee-d70407cf130b}
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7j3xj79.default\extensions\{9b48f8c5-e8a2-4150-bbee-d70407cf130b}\chrome.manifest
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7j3xj79.default\extensions\{9b48f8c5-e8a2-4150-bbee-d70407cf130b}\chrome\xulcache.jar
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7j3xj79.default\extensions\{9b48f8c5-e8a2-4150-bbee-d70407cf130b}\defaults\preferences\xulcache.js
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7j3xj79.default\extensions\{9b48f8c5-e8a2-4150-bbee-d70407cf130b}\install.rdf
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7j3xj79.default\extensions\{bbe0a261-f055-47e2-824b-f29157842ec2}
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7j3xj79.default\extensions\{bbe0a261-f055-47e2-824b-f29157842ec2}\chrome.manifest
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7j3xj79.default\extensions\{bbe0a261-f055-47e2-824b-f29157842ec2}\chrome\xulcache.jar
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7j3xj79.default\extensions\{bbe0a261-f055-47e2-824b-f29157842ec2}\defaults\preferences\xulcache.js
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c7j3xj79.default\extensions\{bbe0a261-f055-47e2-824b-f29157842ec2}\install.rdf
c:\documents and settings\Owner\Application Data\inst.exe
c:\documents and settings\Owner\Application Data\Sun\ddee.dat
c:\documents and settings\Owner\Application Data\Sun\mnj.dat
c:\documents and settings\Owner\Application Data\Sun\mxd1.txt
c:\documents and settings\Owner\Application Data\Sun\ppkk.dat
c:\documents and settings\Owner\Application Data\Sun\uuoo.dat
c:\documents and settings\Owner\ordcppxwpn.tmp
c:\documents and settings\Owner\WINDOWS
c:\windows\IA
c:\windows\iun6002.exe
c:\windows\system\olepro32.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\tmp.reg
c:\windows\Update.bat
c:\windows\wiaserviv.log
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
.
.
2011-08-04 23:23 . 2011-08-04 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Linksys
2011-08-04 23:22 . 2011-08-04 23:22 -------- d-----w- c:\program files\Linksys
2011-08-04 15:19 . 2011-08-04 15:19 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{99170BEF-9FA7-4752-B888-6B86E336C2F8}\MpKsl986a9f86.sys
2011-08-04 15:19 . 2011-07-20 14:44 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{99170BEF-9FA7-4752-B888-6B86E336C2F8}\mpengine.dll
2011-08-04 15:18 . 2011-05-25 00:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-04 15:07 . 2011-08-04 15:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2011-08-04 15:06 . 2011-08-04 15:07 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-04 02:00 . 2011-08-04 02:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-04 02:00 . 2011-08-04 02:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-02 01:31 . 2011-08-02 01:31 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-02 01:30 . 2011-08-02 01:30 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-08-01 23:41 . 2011-08-02 01:30 -------- d-----w- C:\32788R22FWJFW(2)
2011-07-29 23:38 . 2011-07-29 23:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Identities
2011-07-29 20:30 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-29 20:30 . 2011-07-29 20:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-29 20:30 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-29 16:22 . 2011-07-29 16:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 07:11 . 2009-08-09 07:11 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-08-09 07:30 . 2009-08-09 07:30 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2011-08-04 02:00 . 2011-03-26 01:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2008-12-04 77824]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" [2009-08-22 2781184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 04:34 24576 ----a-w- c:\progra~1\ALIENG~1\fastload.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave8"=Digi32.dll
"Midi1"=KORGUMDD.DRV
"Midi3"=diomidi.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk
backup=c:\windows\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Alienware Dock.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Alienware Dock.lnk
backup=c:\windows\pss\Alienware Dock.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Neverwinter Nights_ Platinum Edition Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Neverwinter Nights_ Platinum Edition Registration.lnk
backup=c:\windows\pss\Neverwinter Nights_ Platinum Edition Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Pro Tools 8 Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Pro Tools 8 Registration.lnk
backup=c:\windows\pss\Pro Tools 8 Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Registration .LNK]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Registration .LNK
backup=c:\windows\pss\Registration .LNKStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2008-10-21 17:09 50472 ----a-w- c:\program files\AIM6\aim6.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
2004-04-26 21:21 270336 ----a-w- c:\progra~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
2005-01-19 22:34 128000 ----a-w- c:\program files\CursorXP\CursorXP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer]
2004-12-14 16:19 188416 ----a-w- c:\program files\Windows Plus\Dancer\Dancer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-02-15 01:32 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
2002-09-03 23:38 987187 ----a-w- c:\program files\WinCustomize\LogonStudio\LogonStudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 21:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 04:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-09-18 16:32 1519616 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-01-20 07:09 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
2005-08-27 13:09 139264 ----a-w- c:\program files\Digital Media Reader\readericon45G.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 01:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoniqueQuickStart]
2009-02-17 03:11 44832 ----a-w- c:\program files\Sonique\SQStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 18:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-11 05:15 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\EA GAMES\\American McGee's Alice\\alice.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\test drive unlimited 2\\UpLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\magic the gathering - duels of the planeswalkers\\DotP.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16881:TCP"= 16881:TCP:= Bittorrent
"24528:TCP"= 24528:TCP:spport
"24138:TCP"= 24138:TCP:spport
"13890:TCP"= 13890:TCP:spport
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/31/2006 01:13 PM 685816]
R1 MpKsl986a9f86;MpKsl986a9f86;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{99170BEF-9FA7-4752-B888-6B86E336C2F8}\MpKsl986a9f86.sys [8/4/2011 10:19 AM 28752]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [3/15/2010 07:30 PM 16400]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [1/8/2010 08:48 PM 66048]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 10:28 AM 204800]
S2 UPS32;Uninterruptible Power Supply ;c:\windows\system32\msltus4032.exe --> c:\windows\system32\msltus4032.exe [?]
S3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [5/12/2011 11:49 AM 20328]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [3/15/2010 07:30 PM 97808]
S3 iLokDrvr;Usb Driver;c:\windows\system32\drivers\iLokDrvr.sys [12/23/2009 11:36 AM 54328]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [6/29/2007 04:18 PM 12544]
S3 MA763010;M-Audio Fast Track;c:\windows\system32\drivers\MA763010.sys --> c:\windows\system32\drivers\MA763010.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/29/2011 03:30 PM 41272]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [3/15/2010 07:30 PM 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [3/15/2010 07:30 PM 21904]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [1/8/2010 08:48 PM 167808]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LINKSYSUPDATER
*NewlyCreated* - MPKSL986A9F86
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-08-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2011-08-05 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2007-07-14 c:\windows\Tasks\shutdown.job
- C:\shutdown.bat [2007-07-14 18:27]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5056
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - google.com
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
MSConfigStartUp-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1157781736\ee\AOLSoftware.exe
MSConfigStartUp-Htaxakejupecej - c:\windows\wamndy.dll
MSConfigStartUp-IPHSend - c:\program files\Common Files\AOL\IPHSend\IPHSend.exe
MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\McUpdate.exe
MSConfigStartUp-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-mscfgx_rnd - c:\windows\system32\hkfglurs.exe
MSConfigStartUp-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe
MSConfigStartUp-Pando Media Booster - c:\program files\Pando Networks\Media Booster\PMB.exe
MSConfigStartUp-ReCycle Patch - c:\docume~1\Owner\LOCALS~1\Temp\Rar$EX00.875\ReCyclePatch.exe
MSConfigStartUp-SkinClock - c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe
MSConfigStartUp-smss32 - c:\windows\system32\smss32.exe
MSConfigStartUp-SoundMan - SOUNDMAN.EXE
MSConfigStartUp-Steam - c:\program files\Valve\Steam\\Steam.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_01\bin\jusched.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-VirusScan Online - c:\program files\McAfee.com\VSO\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe
HKLM_ActiveSetup-ccc-core-static - msiexec
AddRemove-HijackThis - c:\documents and settings\Owner\Desktop\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-05 17:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-701297180-1265488218-3417530303-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
[HKEY_USERS\S-1-5-21-701297180-1265488218-3417530303-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1B8C62C1-8A4B-AED8-C751-912A26E92366}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-701297180-1265488218-3417530303-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E325944E-42CC-FA90-2274-DEB16F4B95C1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabfhapocchoehmlbn"=hex:6a,61,6c,68,65,61,6e,63,62,61,6b,61,68,6a,63,61,6b,6c,
70,66,00,00
"hahenaofjigboinn"=hex:6b,61,67,69,6c,65,67,70,6a,6b,6c,6b,65,6b,65,63,64,69,
6d,64,6f,6c,00,00
.
[HKEY_USERS\S-1-5-21-701297180-1265488218-3417530303-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:36,25,24,89,a4,06,ed,31,85,fe,99,02,af,78,5c,87,da,d6,f6,6f,fa,38,dd,
b7,ec,d5,5f,20,c9,53,e1,09,32,58,34,dc,64,87,1f,ed,dd,b8,04,51,bb,1e,78,a8,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-701297180-1265488218-3417530303-1006\Software\SecuROM\License information*]
"datasecu"=hex:14,c7,3a,d2,84,ec,8c,5c,ca,d6,5e,ad,96,8b,3b,c5,c2,e8,12,86,40,
12,79,63,ca,58,d9,c1,fb,f1,b7,a6,43,98,c3,48,28,6b,02,18,bd,97,8a,f1,31,68,\
"rkeysecu"=hex:fa,66,dc,79,13,a3,ce,ec,20,88,37,a7,4f,1e,4d,17
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
c:\windows\SYSTEM32\Ati2evxx.dll
c:\progra~1\ALIENG~1\fastload.dll
.
Completion time: 2011-08-05 17:20:27
ComboFix-quarantined-files.txt 2011-08-05 22:20
.
Pre-Run: 9,909,051,392 bytes free
Post-Run: 9,842,872,320 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - FC2987F999692D5D6599C607F4F6F152

#52
Cold Titanium

Posted 06 August 2011 - 10:57 AM

Trusted Helper

Malware Removal
1,735 posts

After running this, tell me how your computer is running.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

DDS::
S2 UPS32;Uninterruptible Power Supply ;c:\windows\system32\msltus4032.exe --> c:\windows\system32\msltus4032.exe [?]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]

RegLock::
[HKEY_USERS\S-1-5-21-701297180-1265488218-3417530303-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1B8C62C1-8A4B-AED8-C751-912A26E92366}*]
[HKEY_USERS\S-1-5-21-701297180-1265488218-3417530303-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E325944E-42CC-FA90-2274-DEB16F4B95C1}*]

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

#53
Anderwolf

Posted 07 August 2011 - 10:38 AM

Member

Topic Starter
Member
89 posts

Seems to be running better now as far as sluggyness. The last time I ran combofix it told me that there was a new version available and asked if I wanted to download it. I clicked yes. Now this last time we ran it, it asked me again to update. And since we didn't delete combofix first this time, I thought it was weird that it asked to update again so I chose no this time. Then it ran and appeared to do the same thing it did last time. There were about 50 "stages" that it went through. Seems to be running better but I am still noticing that my "loading windows" screen takes substantially longer than it used to. Then after the loading screen, there is a good 20 seconds of just black screen before the windows log-in screen comes up. That is something I have never noticed before either so I'm not sure if it is because of a virus/spyware still present, or what is causing it. Any thoughts? Here is the new combofix log:

ComboFix 11-08-05.02 - Owner 08/06/2011 17:36:41.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1364 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-06 to 2011-08-06 )))))))))))))))))))))))))))))))
.
.
2011-08-06 17:46 . 2011-08-06 17:46 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5712A1D-03D4-4A75-9105-7314B29B3FFD}\MpKslb2acade2.sys
2011-08-05 22:51 . 2011-07-20 14:44 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-05 22:48 . 2011-07-20 14:44 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5712A1D-03D4-4A75-9105-7314B29B3FFD}\mpengine.dll
2011-08-05 22:44 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-08-04 23:23 . 2011-08-04 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Linksys
2011-08-04 23:22 . 2011-08-04 23:22 -------- d-----w- c:\program files\Linksys
2011-08-04 15:18 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-04 15:07 . 2011-08-04 15:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2011-08-04 15:06 . 2011-08-04 15:07 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-04 02:00 . 2011-08-04 02:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-04 02:00 . 2011-08-04 02:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-02 01:31 . 2011-08-02 01:31 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-02 01:30 . 2011-08-02 01:30 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-08-01 23:41 . 2011-08-02 01:30 -------- d-----w- C:\32788R22FWJFW(2)
2011-07-29 23:38 . 2011-07-29 23:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Identities
2011-07-29 20:30 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-29 20:30 . 2011-07-29 20:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-29 20:30 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-29 16:22 . 2011-07-29 16:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 2005-01-09 23:48 1858944 ----a-w- c:\windows\system32\win32k.sys
2009-08-09 07:11 . 2009-08-09 07:11 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-08-09 07:30 . 2009-08-09 07:30 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2011-08-04 02:00 . 2011-03-26 01:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-05_22.15.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 03:51 . 2011-04-19 03:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2011-05-14 01:17 . 2011-05-14 01:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 06:06 . 2011-05-14 06:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 06:23 . 2011-05-14 06:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 23:37 . 2011-05-13 23:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2011-08-06 17:46 . 2011-08-06 17:46 16384 c:\windows\Temp\Perflib_Perfdata_4d4.dat
+ 2011-08-06 17:46 . 2011-08-06 17:46 16384 c:\windows\Temp\Perflib_Perfdata_214.dat
- 2005-01-09 23:48 . 2011-02-17 19:00 44544 c:\windows\system32\pngfilt.dll
+ 2005-01-09 23:48 . 2011-04-25 15:51 44544 c:\windows\system32\pngfilt.dll
- 2005-01-09 23:48 . 2011-04-15 14:45 80266 c:\windows\system32\perfc009.dat
+ 2005-01-09 23:48 . 2011-08-06 17:27 80266 c:\windows\system32\perfc009.dat
- 2007-08-14 00:54 . 2011-02-17 19:00 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-14 00:54 . 2011-04-25 15:51 52224 c:\windows\system32\msfeedsbs.dll
+ 2005-01-09 23:48 . 2011-04-25 15:51 27648 c:\windows\system32\jsproxy.dll
- 2005-01-09 23:48 . 2011-02-17 19:00 27648 c:\windows\system32\jsproxy.dll
+ 2006-11-07 09:26 . 2011-04-25 12:00 13824 c:\windows\system32\ieudinit.exe
- 2006-11-07 09:26 . 2011-02-17 11:43 13824 c:\windows\system32\ieudinit.exe
+ 2005-01-09 23:48 . 2011-04-25 15:51 44544 c:\windows\system32\iernonce.dll
- 2005-01-09 23:48 . 2011-02-17 19:00 44544 c:\windows\system32\iernonce.dll
- 2005-01-09 23:48 . 2011-02-17 19:00 78336 c:\windows\system32\ieencode.dll
+ 2005-01-09 23:48 . 2011-04-25 15:51 78336 c:\windows\system32\ieencode.dll
+ 2005-01-09 23:48 . 2011-04-25 12:00 70656 c:\windows\system32\ie4uinit.exe
- 2005-01-09 23:48 . 2011-02-17 11:43 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-14 00:36 . 2011-02-17 19:00 63488 c:\windows\system32\icardie.dll
+ 2007-08-14 00:36 . 2011-04-25 15:51 63488 c:\windows\system32\icardie.dll
+ 2006-06-23 11:25 . 2011-04-25 15:51 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2006-06-23 11:25 . 2011-02-17 19:00 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-11-28 09:07 . 2011-02-17 19:00 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-11-28 09:07 . 2011-04-25 15:51 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2006-06-23 11:25 . 2011-02-17 19:00 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-06-23 11:25 . 2011-04-25 15:51 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-11-28 09:07 . 2011-02-17 11:43 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-11-28 09:07 . 2011-04-25 12:00 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-08-14 00:39 . 2011-04-25 15:51 44544 c:\windows\system32\dllcache\iernonce.dll
- 2007-08-14 00:39 . 2011-02-17 19:00 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-20 18:09 . 2011-04-25 15:51 78336 c:\windows\system32\dllcache\ieencode.dll
- 2009-02-20 18:09 . 2011-02-17 19:00 78336 c:\windows\system32\dllcache\ieencode.dll
- 2007-08-14 00:39 . 2011-02-17 11:43 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-14 00:39 . 2011-04-25 12:00 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-11-28 09:07 . 2011-02-17 19:00 63488 c:\windows\system32\dllcache\icardie.dll
+ 2007-11-28 09:07 . 2011-04-25 15:51 63488 c:\windows\system32\dllcache\icardie.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-06-29 16:12 . 2011-04-25 15:51 17408 c:\windows\system32\dllcache\corpol.dll
- 2009-06-29 16:12 . 2011-02-17 19:00 17408 c:\windows\system32\dllcache\corpol.dll
- 2005-01-09 23:47 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2005-01-09 23:47 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll
- 2005-01-09 23:47 . 2011-02-17 19:00 17408 c:\windows\system32\corpol.dll
+ 2005-01-09 23:47 . 2011-04-25 15:51 17408 c:\windows\system32\corpol.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 44544 c:\windows\ie7updates\KB2530548-IE7\pngfilt.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 52224 c:\windows\ie7updates\KB2530548-IE7\msfeedsbs.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 27648 c:\windows\ie7updates\KB2530548-IE7\jsproxy.dll
+ 2011-08-06 17:31 . 2011-02-17 11:43 13824 c:\windows\ie7updates\KB2530548-IE7\ieudinit.exe
+ 2011-08-06 17:31 . 2011-02-17 19:00 44544 c:\windows\ie7updates\KB2530548-IE7\iernonce.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 78336 c:\windows\ie7updates\KB2530548-IE7\ieencode.dll
+ 2011-08-06 17:31 . 2011-02-17 11:43 70656 c:\windows\ie7updates\KB2530548-IE7\ie4uinit.exe
+ 2011-08-06 17:31 . 2011-02-17 19:00 63488 c:\windows\ie7updates\KB2530548-IE7\icardie.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 17408 c:\windows\ie7updates\KB2530548-IE7\corpol.dll
+ 2011-08-06 17:37 . 2011-08-06 17:37 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll
+ 2011-08-06 18:04 . 2011-08-06 18:04 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\61c3b1e170de97a8d418b610bd9b0c77\System.Windows.Presentation.ni.dll
+ 2011-08-06 18:03 . 2011-08-06 18:03 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a4173f12a0fea30f95bc56ab04f64cae\System.Web.DynamicData.Design.ni.dll
+ 2011-08-06 17:51 . 2011-08-06 17:51 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ab5802527ce15dbcc25e301dbbb4d666\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-08-06 17:51 . 2011-08-06 17:51 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\177a17af98d803ab79006d6785706462\System.AddIn.Contract.ni.dll
+ 2011-08-06 17:31 . 2011-08-06 17:31 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e9bb32c656a2f80b629f129d738c392b\PresentationFontCache.ni.exe
+ 2011-08-06 17:30 . 2011-08-06 17:30 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\d54d318ae1eb0667badea576d0534f9d\PresentationCFFRasterizer.ni.dll
+ 2011-08-06 18:02 . 2011-08-06 18:02 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\87fe1d01b568b3bc9c750b7cf7802516\Microsoft.Vsa.ni.dll
+ 2011-08-06 17:50 . 2011-08-06 17:50 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f5057c30d89ad8d99e38c946a68def9e\Microsoft.Build.Framework.ni.dll
+ 2011-08-06 17:49 . 2011-08-06 17:49 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll
+ 2011-08-06 17:41 . 2011-08-06 17:41 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c40d3caad8bff3c52db7e7562286406a\dfsvc.ni.exe
+ 2011-08-06 17:38 . 2011-08-06 17:38 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-04-15 14:45 . 2011-04-15 14:45 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-04-15 14:45 . 2011-04-15 14:45 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-15 14:44 . 2011-04-15 14:44 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2011-05-14 06:17 . 2011-05-14 06:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 06:12 . 2011-05-14 06:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 06:11 . 2011-05-14 06:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
- 2005-01-09 23:48 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
+ 2005-01-09 23:48 . 2011-04-26 11:07 293376 c:\windows\system32\winsrv.dll
- 2005-01-09 23:48 . 2011-02-17 19:00 832512 c:\windows\system32\wininet.dll
+ 2005-01-09 23:48 . 2011-04-25 15:51 832512 c:\windows\system32\wininet.dll
- 2005-01-09 23:48 . 2011-02-17 19:00 233472 c:\windows\system32\webcheck.dll
+ 2005-01-09 23:48 . 2011-04-25 15:51 233472 c:\windows\system32\webcheck.dll
- 2005-01-09 23:48 . 2011-02-17 19:00 105984 c:\windows\system32\url.dll
+ 2005-01-09 23:48 . 2011-04-25 15:51 105984 c:\windows\system32\url.dll
+ 2005-01-09 23:48 . 2011-04-29 17:25 151552 c:\windows\system32\schannel.dll
- 2005-01-09 23:48 . 2011-04-15 14:45 462662 c:\windows\system32\perfh009.dat
+ 2005-01-09 23:48 . 2011-08-06 17:27 462662 c:\windows\system32\perfh009.dat
- 2005-01-09 23:48 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll
+ 2005-01-09 23:48 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
- 2005-01-09 23:48 . 2011-02-17 19:00 102912 c:\windows\system32\occache.dll
+ 2005-01-09 23:48 . 2011-04-25 15:51 102912 c:\windows\system32\occache.dll
- 2005-01-09 23:48 . 2011-02-17 19:00 671232 c:\windows\system32\mstime.dll
+ 2005-01-09 23:48 . 2011-04-25 15:51 671232 c:\windows\system32\mstime.dll
+ 2005-01-09 23:48 . 2011-04-25 15:51 193024 c:\windows\system32\msrating.dll
- 2005-01-09 23:48 . 2011-02-17 19:00 193024 c:\windows\system32\msrating.dll
+ 2005-01-09 23:48 . 2011-04-25 15:51 478208 c:\windows\system32\mshtmled.dll
- 2005-01-09 23:48 . 2011-02-17 19:00 478208 c:\windows\system32\mshtmled.dll
- 2007-08-14 00:54 . 2011-02-17 19:00 468480 c:\windows\system32\msfeeds.dll
+ 2007-08-14 00:54 . 2011-04-25 15:51 468480 c:\windows\system32\msfeeds.dll
+ 2005-01-10 01:09 . 2011-05-02 15:31 692736 c:\windows\system32\inetcomm.dll
- 2005-01-10 01:09 . 2011-03-07 05:33 692736 c:\windows\system32\inetcomm.dll
+ 2007-08-14 00:34 . 2011-04-25 15:51 268288 c:\windows\system32\iertutil.dll
- 2007-08-14 00:34 . 2011-02-17 19:00 268288 c:\windows\system32\iertutil.dll
+ 2005-01-09 23:48 . 2011-04-25 15:51 192512 c:\windows\system32\iepeers.dll
- 2005-01-09 23:48 . 2011-02-17 19:00 192512 c:\windows\system32\iepeers.dll
- 2005-01-09 23:48 . 2011-02-17 19:00 384512 c:\windows\system32\iedkcs32.dll
+ 2005-01-09 23:48 . 2011-04-25 15:51 384512 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 18:27 . 2011-04-25 15:51 380928 c:\windows\system32\ieapfltr.dll
- 2007-07-11 18:27 . 2011-02-17 19:00 380928 c:\windows\system32\ieapfltr.dll
- 2005-01-09 23:48 . 2011-02-14 12:15 161792 c:\windows\system32\ieakui.dll
+ 2005-01-09 23:48 . 2011-04-21 10:56 161792 c:\windows\system32\ieakui.dll
- 2005-01-09 23:48 . 2011-02-17 19:00 230400 c:\windows\system32\ieaksie.dll
+ 2005-01-09 23:48 . 2011-04-25 15:51 230400 c:\windows\system32\ieaksie.dll
+ 2005-01-09 23:48 . 2011-04-25 15:51 153088 c:\windows\system32\ieakeng.dll
- 2005-01-09 23:48 . 2011-02-17 19:00 153088 c:\windows\system32\ieakeng.dll
+ 2005-01-09 23:48 . 2011-04-25 15:51 133120 c:\windows\system32\extmgr.dll
- 2005-01-09 23:48 . 2011-02-17 19:00 133120 c:\windows\system32\extmgr.dll
+ 2005-01-09 23:48 . 2011-04-25 15:51 214528 c:\windows\system32\dxtrans.dll
- 2005-01-09 23:48 . 2011-02-17 19:00 214528 c:\windows\system32\dxtrans.dll
+ 2005-01-09 23:48 . 2011-04-25 15:51 347136 c:\windows\system32\dxtmsft.dll
- 2005-01-09 23:48 . 2011-02-17 19:00 347136 c:\windows\system32\dxtmsft.dll
+ 2005-01-09 23:48 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys
+ 2005-01-09 23:48 . 2011-04-29 16:19 456320 c:\windows\system32\drivers\mrxsmb.sys
- 2005-01-09 23:47 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
+ 2005-01-09 23:47 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys
+ 2010-06-18 17:45 . 2011-04-26 11:07 293376 c:\windows\system32\dllcache\winsrv.dll
- 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2005-01-09 23:48 . 2011-04-25 15:51 832512 c:\windows\system32\dllcache\wininet.dll
- 2005-01-09 23:48 . 2011-02-17 19:00 832512 c:\windows\system32\dllcache\wininet.dll
- 2007-08-14 00:54 . 2011-02-17 19:00 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-14 00:54 . 2011-04-25 15:51 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2006-09-18 14:15 . 2011-04-30 08:50 766464 c:\windows\system32\dllcache\vgx.dll
- 2007-08-14 00:44 . 2011-02-17 19:00 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-14 00:44 . 2011-04-25 15:51 105984 c:\windows\system32\dllcache\url.dll
+ 2008-12-05 06:54 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
+ 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
- 2007-08-14 00:44 . 2011-02-17 19:00 102912 c:\windows\system32\dllcache\occache.dll
+ 2007-08-14 00:44 . 2011-04-25 15:51 102912 c:\windows\system32\dllcache\occache.dll
+ 2006-06-23 11:25 . 2011-04-25 15:51 671232 c:\windows\system32\dllcache\mstime.dll
- 2006-06-23 11:25 . 2011-02-17 19:00 671232 c:\windows\system32\dllcache\mstime.dll
- 2006-06-23 11:25 . 2011-02-17 19:00 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-06-23 11:25 . 2011-04-25 15:51 193024 c:\windows\system32\dllcache\msrating.dll
- 2006-06-23 11:25 . 2011-02-17 19:00 478208 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-06-23 11:25 . 2011-04-25 15:51 478208 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-11-28 09:07 . 2011-04-25 15:51 468480 c:\windows\system32\dllcache\msfeeds.dll
- 2007-11-28 09:07 . 2011-02-17 19:00 468480 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-11-12 16:53 . 2011-04-29 16:19 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-08-14 23:01 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2008-08-14 23:01 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2007-08-14 00:43 . 2011-02-14 12:17 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2007-08-14 00:43 . 2011-04-21 10:58 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2007-11-28 09:07 . 2011-04-25 15:51 268288 c:\windows\system32\dllcache\iertutil.dll
- 2007-11-28 09:07 . 2011-02-17 19:00 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2006-06-23 11:25 . 2011-04-25 15:51 192512 c:\windows\system32\dllcache\iepeers.dll
- 2006-06-23 11:25 . 2011-02-17 19:00 192512 c:\windows\system32\dllcache\iepeers.dll
- 2007-08-14 00:39 . 2011-02-17 19:00 384512 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-14 00:39 . 2011-04-25 15:51 384512 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-11-28 09:07 . 2011-04-25 15:51 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2007-11-28 09:07 . 2011-02-17 19:00 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2007-08-13 23:56 . 2011-02-14 12:15 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 23:56 . 2011-04-21 10:56 161792 c:\windows\system32\dllcache\ieakui.dll
- 2007-08-14 00:39 . 2011-02-17 19:00 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-14 00:39 . 2011-04-25 15:51 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-14 00:39 . 2011-04-25 15:51 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2007-08-14 00:39 . 2011-02-17 19:00 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-06-23 11:25 . 2011-04-25 15:51 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-06-23 11:25 . 2011-02-17 19:00 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-06-23 11:25 . 2011-02-17 19:00 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-06-23 11:25 . 2011-04-25 15:51 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-06-23 11:25 . 2011-04-25 15:51 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-06-23 11:25 . 2011-02-17 19:00 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
+ 2008-06-20 11:40 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys
+ 2007-08-14 00:39 . 2011-04-25 15:51 124928 c:\windows\system32\dllcache\advpack.dll
- 2007-08-14 00:39 . 2011-02-17 19:00 124928 c:\windows\system32\dllcache\advpack.dll
- 2005-01-09 23:47 . 2011-02-17 19:00 124928 c:\windows\system32\advpack.dll
+ 2005-01-09 23:47 . 2011-04-25 15:51 124928 c:\windows\system32\advpack.dll
- 2011-01-18 09:39 . 2011-01-18 09:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 09:39 . 2011-01-18 09:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2011-01-18 09:39 . 2011-01-18 09:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-08-06 17:18 . 2011-08-06 17:18 223744 c:\windows\Installer\40cbc80.msi
+ 2011-08-06 16:33 . 2011-08-06 16:33 467456 c:\windows\Installer\3df26eb.msi
+ 2011-08-06 17:18 . 2007-07-12 23:31 765952 c:\windows\ie7updates\KB2544521-IE7\vgx.dll
+ 2011-08-06 17:18 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2544521-IE7\spuninst\updspapi.dll
+ 2011-08-06 17:18 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2544521-IE7\spuninst\spuninst.exe
+ 2011-08-06 17:31 . 2011-02-17 19:00 832512 c:\windows\ie7updates\KB2530548-IE7\wininet.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 233472 c:\windows\ie7updates\KB2530548-IE7\webcheck.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 105984 c:\windows\ie7updates\KB2530548-IE7\url.dll
+ 2011-08-06 17:31 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2530548-IE7\spuninst\updspapi.dll
+ 2011-08-06 17:31 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2530548-IE7\spuninst\spuninst.exe
+ 2011-08-06 17:31 . 2011-02-17 19:00 102912 c:\windows\ie7updates\KB2530548-IE7\occache.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 671232 c:\windows\ie7updates\KB2530548-IE7\mstime.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 193024 c:\windows\ie7updates\KB2530548-IE7\msrating.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 478208 c:\windows\ie7updates\KB2530548-IE7\mshtmled.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 468480 c:\windows\ie7updates\KB2530548-IE7\msfeeds.dll
+ 2011-08-06 17:31 . 2011-02-14 12:17 634648 c:\windows\ie7updates\KB2530548-IE7\iexplore.exe
+ 2011-08-06 17:31 . 2011-02-17 19:00 268288 c:\windows\ie7updates\KB2530548-IE7\iertutil.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 192512 c:\windows\ie7updates\KB2530548-IE7\iepeers.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 384512 c:\windows\ie7updates\KB2530548-IE7\iedkcs32.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 380928 c:\windows\ie7updates\KB2530548-IE7\ieapfltr.dll
+ 2011-08-06 17:31 . 2011-02-14 12:15 161792 c:\windows\ie7updates\KB2530548-IE7\ieakui.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 230400 c:\windows\ie7updates\KB2530548-IE7\ieaksie.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 153088 c:\windows\ie7updates\KB2530548-IE7\ieakeng.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 133120 c:\windows\ie7updates\KB2530548-IE7\extmgr.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 214528 c:\windows\ie7updates\KB2530548-IE7\dxtrans.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 347136 c:\windows\ie7updates\KB2530548-IE7\dxtmsft.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 124928 c:\windows\ie7updates\KB2530548-IE7\advpack.dll
+ 2008-11-12 16:53 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-08-06 17:49 . 2011-08-06 17:49 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\8ba27eaa0f7d987f92319c64aefd2e98\WsatConfig.ni.exe
+ 2011-08-06 17:37 . 2011-08-06 17:37 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\431d5dc1cfcc0c0530e813f370931670\WindowsFormsIntegration.ni.dll
+ 2011-08-06 17:37 . 2011-08-06 17:37 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\3740d6db28af31a6523a79fcdd71fbeb\UIAutomationTypes.ni.dll
+ 2011-08-06 17:36 . 2011-08-06 17:36 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\00dfe5563886a1f69c96b3acb839107b\UIAutomationClient.ni.dll
+ 2011-08-06 18:05 . 2011-08-06 18:05 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\80187a9cfed4fd0ec82746495be76764\System.Xml.Linq.ni.dll
+ 2011-08-06 18:03 . 2011-08-06 18:03 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\58c421c537b1c3f3878458ad306b2a42\System.Web.Routing.ni.dll
+ 2011-08-06 18:03 . 2011-08-06 18:03 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\dc26fff00ce95d24fd190f38904bb2b3\System.Web.RegularExpressions.ni.dll
+ 2011-08-06 18:03 . 2011-08-06 18:03 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4e3dd4d7f9aeda74a2fcefee036e5070\System.Web.Extensions.Design.ni.dll
+ 2011-08-06 18:03 . 2011-08-06 18:03 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4fb1c0c07f40248b463f2e33444b9477\System.Web.Entity.ni.dll
+ 2011-08-06 18:03 . 2011-08-06 18:03 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\4dfcffc6e6d02bdcdc185d5527a8097e\System.Web.Entity.Design.ni.dll
+ 2011-08-06 18:03 . 2011-08-06 18:03 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b921d1cffcd5e80ea14c51db967edd6\System.Web.DynamicData.ni.dll
+ 2011-08-06 18:03 . 2011-08-06 18:03 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\702b506e56d3a7051aea7822cd915c7f\System.Web.Abstractions.ni.dll
+ 2011-08-06 18:02 . 2011-08-06 18:02 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll
+ 2011-08-06 18:02 . 2011-08-06 18:02 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
+ 2011-08-06 17:50 . 2011-08-06 17:50 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\e4bcb14e8e53c8dcaff3d2c20daf746e\System.Security.ni.dll
+ 2011-08-06 18:02 . 2011-08-06 18:02 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\503ccbb50e9c06c2f0b02ad8c3f2d100\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-08-06 18:02 . 2011-08-06 18:02 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\ac53723e41898bc0e8a591c2e4f6f39b\System.Net.ni.dll
+ 2011-08-06 18:02 . 2011-08-06 18:02 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll
+ 2011-08-06 18:02 . 2011-08-06 18:02 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\4a3a674008d8102c1aa5b3fc18251ef7\System.Management.Instrumentation.ni.dll
+ 2011-08-06 17:39 . 2011-08-06 17:39 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7f5f5bfd5f8d6587c96870751a6eb44d\System.IO.Log.ni.dll
+ 2011-08-06 17:38 . 2011-08-06 17:38 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\de1bf796614ca11afd9fab95edb1b4e2\System.IdentityModel.Selectors.ni.dll
+ 2011-08-06 18:01 . 2011-08-06 18:01 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.Wrapper.dll
+ 2011-08-06 18:01 . 2011-08-06 18:01 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.ni.dll
+ 2011-08-06 17:35 . 2011-08-06 17:35 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\1af8683e05c42eb32f46578fe5a8f83f\System.Drawing.Design.ni.dll
+ 2011-08-06 18:01 . 2011-08-06 18:01 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\791a6643b70542b148d977ff42f2f2ef\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-06 18:01 . 2011-08-06 18:01 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\31759ad8be21735f0a369c37514c2efc\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-06 18:01 . 2011-08-06 18:01 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\df507a4500e73fa4cfc13f65a1c9055e\System.Data.Services.Client.ni.dll
+ 2011-08-06 18:01 . 2011-08-06 18:01 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d1778fffc09d783bc90512b65d35be66\System.Data.Services.Design.ni.dll
+ 2011-08-06 18:01 . 2011-08-06 18:01 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\5a47a8bf16370c93b3c6a471e48cc67a\System.Data.Entity.Design.ni.dll
+ 2011-08-06 17:51 . 2011-08-06 17:51 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\50492d147392c238edc5a614beccb91b\System.Data.DataSetExtensions.ni.dll
+ 2011-08-06 17:49 . 2011-08-06 17:49 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll
+ 2011-08-06 18:02 . 2011-08-06 18:02 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\fa21b6c9badcf916bb254b4b823c2463\System.Configuration.Install.ni.dll
+ 2011-08-06 17:51 . 2011-08-06 17:51 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\77015cc1e6d9e7d20e63903777afd6df\System.AddIn.ni.dll
+ 2011-08-06 17:41 . 2011-08-06 17:41 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6ca41c7917119c3a9de0bcdca525001d\SMSvcHost.ni.exe
+ 2011-08-06 17:41 . 2011-08-06 17:41 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8ff6d395f8861384bc9bfbe34cafb64e\SMDiagnostics.ni.dll
+ 2011-08-06 17:41 . 2011-08-06 17:41 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\67dc00c24e551003f6dacb73fe9cf881\ServiceModelReg.ni.exe
+ 2011-08-06 17:33 . 2011-08-06 17:33 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e468e9265c844f74577530e4df71f120\PresentationFramework.Aero.ni.dll
+ 2011-08-06 17:33 . 2011-08-06 17:33 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\959709491c71caef88fb41b0eb159714\PresentationFramework.Classic.ni.dll
+ 2011-08-06 17:33 . 2011-08-06 17:33 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\807b62468c2893ee943dffff63a34d8d\PresentationFramework.Royale.ni.dll
+ 2011-08-06 17:33 . 2011-08-06 17:33 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6cf82f370413a2cd1e6bc54060334753\PresentationFramework.Luna.ni.dll
+ 2011-08-06 17:49 . 2011-08-06 17:49 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\0add35a0fbe0c381c998b651c5979902\MSBuild.ni.exe
+ 2011-08-06 17:41 . 2011-08-06 17:41 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\667dc256d9eb3577f2514c89c5974aff\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-06 17:50 . 2011-08-06 17:50 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d5561a4ad04c22f0eb5acf4736c7936e\Microsoft.Build.Utilities.ni.dll
+ 2011-08-06 17:50 . 2011-08-06 17:50 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1a0623063225521aa43044314cc5e721\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-08-06 17:50 . 2011-08-06 17:50 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\530f98922474a31636c34fa3db9a63ba\Microsoft.Build.Engine.ni.dll
+ 2011-08-06 17:50 . 2011-08-06 17:50 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\7e75fca3ca1f36df8ac624190d9cd283\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-08-06 17:50 . 2011-08-06 17:50 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\80bd17388778c90f301746ad88700758\CustomMarshalers.ni.dll
+ 2011-08-06 17:41 . 2011-08-06 17:41 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\c0f5f3c318a92212bbe3b413eeb2b374\ComSvcConfig.ni.exe
+ 2011-08-06 17:38 . 2011-08-06 17:38 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\0524928cbd0a686db3960ef688d0d37e\AspNetMMCExt.ni.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-04-15 14:45 . 2011-04-15 14:45 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-04-15 14:45 . 2011-04-15 14:45 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-04-15 14:45 . 2011-04-15 14:45 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-04-15 14:45 . 2011-04-15 14:45 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-04-15 14:45 . 2011-04-15 14:45 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2011-05-14 01:04 . 2011-05-14 01:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 01:04 . 2011-05-14 01:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2005-01-09 23:48 . 2011-04-25 15:51 1168896 c:\windows\system32\urlmon.dll
+ 2005-01-09 23:48 . 2011-04-25 15:51 3608576 c:\windows\system32\mshtml.dll
+ 2007-08-14 00:54 . 2011-04-25 15:51 6076416 c:\windows\system32\ieframe.dll
+ 2005-01-09 16:59 . 2011-08-06 17:49 1564640 c:\windows\system32\FNTCACHE.DAT
- 2005-01-09 16:59 . 2011-04-19 01:37 1564640 c:\windows\system32\FNTCACHE.DAT
+ 2008-10-14 21:36 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys
+ 2006-07-25 20:42 . 2011-04-25 15:51 1168896 c:\windows\system32\dllcache\urlmon.dll
+ 2006-07-28 11:30 . 2011-04-25 15:51 3608576 c:\windows\system32\dllcache\mshtml.dll
+ 2007-11-28 09:07 . 2011-04-25 15:51 6076416 c:\windows\system32\dllcache\ieframe.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2010-03-23 10:32 . 2010-03-23 10:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-01-18 09:39 . 2011-01-18 09:39 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-01-18 09:39 . 2011-01-18 09:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-01-19 04:36 . 2011-01-19 04:36 2687488 c:\windows\Installer\3df26f2.msp
+ 2011-08-06 17:31 . 2011-02-17 19:00 1168384 c:\windows\ie7updates\KB2530548-IE7\urlmon.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 3607040 c:\windows\ie7updates\KB2530548-IE7\mshtml.dll
+ 2011-08-06 17:31 . 2011-02-17 19:00 6075904 c:\windows\ie7updates\KB2530548-IE7\ieframe.dll
+ 2011-08-06 17:30 . 2011-08-06 17:30 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\11526c1635b97a7d49e25e72ed6e9662\WindowsBase.ni.dll
+ 2011-08-06 17:36 . 2011-08-06 17:36 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\901c3796073853746fecd8979c679494\UIAutomationClientsideProviders.ni.dll
+ 2011-08-06 17:30 . 2011-08-06 17:30 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
+ 2011-08-06 17:36 . 2011-08-06 17:36 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll
+ 2011-08-06 18:05 . 2011-08-06 18:05 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\2877dda3e0f0faeba527b4bf1efe9cb5\System.WorkflowServices.ni.dll
+ 2011-08-06 18:05 . 2011-08-06 18:05 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d7cb3697989fe6fa3a08d2821d38aa5e\System.Workflow.Runtime.ni.dll
+ 2011-08-06 18:04 . 2011-08-06 18:04 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\4ac04107c35485d415f9e1bebfd155dd\System.Workflow.ComponentModel.ni.dll
+ 2011-08-06 18:04 . 2011-08-06 18:04 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\2169feb8bd57d96e621fa26d9391d463\System.Workflow.Activities.ni.dll
+ 2011-08-06 18:04 . 2011-08-06 18:04 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f31f1579160d87470cba918f06276e0d\System.Web.Services.ni.dll
+ 2011-08-06 18:03 . 2011-08-06 18:03 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\bdad1c0f4eb846543b234353fd2b926f\System.Web.Mobile.ni.dll
+ 2011-08-06 18:03 . 2011-08-06 18:03 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\647bfe6da40e8160b967c41424901dc8\System.Web.Extensions.ni.dll
+ 2011-08-06 17:35 . 2011-08-06 17:35 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2047e63293e067b351b8f0e038253f33\System.Speech.ni.dll
+ 2011-08-06 18:02 . 2011-08-06 18:02 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ead07662976fb7094811461c568643d5\System.ServiceModel.Web.ni.dll
+ 2011-08-06 17:39 . 2011-08-06 17:39 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c889a45c82004537f1620dd3b211af66\System.Runtime.Serialization.ni.dll
+ 2011-08-06 17:35 . 2011-08-06 17:35 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\c64aa916251a45206a805ab6488b9255\System.Printing.ni.dll
+ 2011-08-06 17:38 . 2011-08-06 17:38 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a8039af85f459c19c041313f9fe0d7e8\System.IdentityModel.ni.dll
+ 2011-08-06 17:35 . 2011-08-06 17:35 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a59b17e6040e3f6286a2227dfdb17096\System.Drawing.ni.dll
+ 2011-08-06 18:01 . 2011-08-06 18:01 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\55211bc8f4fcff47c05bfc3020d97148\System.DirectoryServices.ni.dll
+ 2011-08-06 18:01 . 2011-08-06 18:01 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f9ff2fb342cd5102e2d95883b3433a5d\System.Deployment.ni.dll
+ 2011-08-06 17:34 . 2011-08-06 17:34 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll
+ 2011-08-06 17:49 . 2011-08-06 17:49 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef31ab37b0d7c3c1a6d72646966c8911\System.Data.SqlXml.ni.dll
+ 2011-08-06 18:01 . 2011-08-06 18:01 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f945e9c32c775bb604ab83d8933f1b2c\System.Data.Services.ni.dll
+ 2011-08-06 17:34 . 2011-08-06 17:34 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\283e9bf48e17bdb34acdc93bd5721be0\System.Data.Linq.ni.dll
+ 2011-08-06 18:01 . 2011-08-06 18:01 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\368c85cccea8a1206be5c849fd6614e3\System.Data.Entity.ni.dll
+ 2011-08-06 17:33 . 2011-08-06 17:33 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\bd2e04dfab2993479ae17ea3fa4f6222\System.Core.ni.dll
+ 2011-08-06 17:33 . 2011-08-06 17:33 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4f82a0a1b4405ef61dfa088d11161e35\ReachFramework.ni.dll
+ 2011-08-06 17:33 . 2011-08-06 17:33 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\148505f5b0307230de5d355f10d30a20\PresentationUI.ni.dll
+ 2011-08-06 17:30 . 2011-08-06 17:30 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\1fab86af683c04bdb0aaf65ce7fcd9e5\PresentationBuildTasks.ni.dll
+ 2011-08-06 17:51 . 2011-08-06 17:51 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7292ca9d793cb71cf3d41ae663e7139b\Microsoft.VisualBasic.ni.dll
+ 2011-08-06 17:41 . 2011-08-06 17:41 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\abaf7a180354ed5ec099fb69339b538a\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-06 18:02 . 2011-08-06 18:02 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b41db9f2897f538203911026bb0abd5d\Microsoft.JScript.ni.dll
+ 2011-08-06 17:50 . 2011-08-06 17:50 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a91940f9033c7910f3f64c061571cec9\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-08-06 17:50 . 2011-08-06 17:50 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\5195a94327ccef45d202776e932e847b\Microsoft.Build.Tasks.ni.dll
+ 2011-08-06 17:49 . 2011-08-06 17:49 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3efbca53acdd34586bd7f6f87e71ed62\Microsoft.Build.Engine.ni.dll
- 2011-04-15 14:45 . 2011-04-15 14:45 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-08-06 17:25 . 2011-08-06 17:25 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-04-15 14:45 . 2011-04-15 14:45 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-04-15 14:44 . 2011-04-15 14:44 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-08-06 17:26 . 2011-08-06 17:26 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2006-08-20 07:52 . 2011-07-01 14:54 49089992 c:\windows\system32\MRT.exe
+ 2011-03-28 08:27 . 2011-03-28 08:27 15456256 c:\windows\Installer\40cbc8c.msp
+ 2011-08-06 17:36 . 2011-08-06 17:36 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\29d16d2f164fe2263539789ecd0d9d4f\System.Windows.Forms.ni.dll
+ 2011-08-06 18:03 . 2011-08-06 18:03 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1fb5d8788c9a9a7f44e2d0fa19c62729\System.Web.ni.dll
+ 2011-08-06 17:40 . 2011-08-06 17:40 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\23abc8e4b535b9cd9c5560266c655ac2\System.ServiceModel.ni.dll
+ 2011-08-06 17:35 . 2011-08-06 17:35 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\ee914f59ad8211e0b6734dccffd9986e\System.Design.ni.dll
+ 2011-08-06 17:32 . 2011-08-06 17:32 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\999df2b262da53356dda514512bb7bb8\PresentationFramework.ni.dll
+ 2011-08-06 17:31 . 2011-08-06 17:31 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\caafa254739e326b0cf55eed815b4333\PresentationCore.ni.dll
+ 2011-08-06 17:29 . 2011-08-06 17:29 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2008-12-04 77824]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" [2009-08-22 2781184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 04:34 24576 ----a-w- c:\progra~1\ALIENG~1\fastload.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave8"=Digi32.dll
"Midi1"=KORGUMDD.DRV
"Midi3"=diomidi.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk
backup=c:\windows\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Alienware Dock.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Alienware Dock.lnk
backup=c:\windows\pss\Alienware Dock.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Neverwinter Nights_ Platinum Edition Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Neverwinter Nights_ Platinum Edition Registration.lnk
backup=c:\windows\pss\Neverwinter Nights_ Platinum Edition Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Pro Tools 8 Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Pro Tools 8 Registration.lnk
backup=c:\windows\pss\Pro Tools 8 Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Registration .LNK]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Registration .LNK
backup=c:\windows\pss\Registration .LNKStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2008-10-21 17:09 50472 ----a-w- c:\program files\AIM6\aim6.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
2004-04-26 21:21 270336 ----a-w- c:\progra~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
2005-01-19 22:34 128000 ----a-w- c:\program files\CursorXP\CursorXP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer]
2004-12-14 16:19 188416 ----a-w- c:\program files\Windows Plus\Dancer\Dancer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-02-15 01:32 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
2002-09-03 23:38 987187 ----a-w- c:\program files\WinCustomize\LogonStudio\LogonStudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 21:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 04:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-09-18 16:32 1519616 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-01-20 07:09 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
2005-08-27 13:09 139264 ----a-w- c:\program files\Digital Media Reader\readericon45G.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 01:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoniqueQuickStart]
2009-02-17 03:11 44832 ----a-w- c:\program files\Sonique\SQStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 18:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-11 05:15 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\EA GAMES\\American McGee's Alice\\alice.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\test drive unlimited 2\\UpLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\magic the gathering - duels of the planeswalkers\\DotP.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16881:TCP"= 16881:TCP:= Bittorrent
"24528:TCP"= 24528:TCP:spport
"24138:TCP"= 24138:TCP:spport
"13890:TCP"= 13890:TCP:spport
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/31/2006 01:13 PM 685816]
R1 MpKslb2acade2;MpKslb2acade2;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5712A1D-03D4-4A75-9105-7314B29B3FFD}\MpKslb2acade2.sys [8/6/2011 12:46 PM 28752]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [3/15/2010 07:30 PM 16400]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [1/8/2010 08:48 PM 66048]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 10:28 AM 204800]
S2 UPS32;Uninterruptible Power Supply ;c:\windows\system32\msltus4032.exe --> c:\windows\system32\msltus4032.exe [?]
S3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [5/12/2011 11:49 AM 20328]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [3/15/2010 07:30 PM 97808]
S3 iLokDrvr;Usb Driver;c:\windows\system32\drivers\iLokDrvr.sys [12/23/2009 11:36 AM 54328]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [6/29/2007 04:18 PM 12544]
S3 MA763010;M-Audio Fast Track;c:\windows\system32\drivers\MA763010.sys --> c:\windows\system32\drivers\MA763010.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/29/2011 03:30 PM 41272]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [3/15/2010 07:30 PM 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [3/15/2010 07:30 PM 21904]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [1/8/2010 08:48 PM 167808]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLB2ACADE2
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-08-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2011-08-06 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2007-07-14 c:\windows\Tasks\shutdown.job
- C:\shutdown.bat [2007-07-14 18:27]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5056
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - google.com
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-06 17:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-701297180-1265488218-3417530303-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
[HKEY_USERS\S-1-5-21-701297180-1265488218-3417530303-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1B8C62C1-8A4B-AED8-C751-912A26E92366}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-701297180-1265488218-3417530303-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E325944E-42CC-FA90-2274-DEB16F4B95C1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabfhapocchoehmlbn"=hex:6a,61,6c,68,65,61,6e,63,62,61,6b,61,68,6a,63,61,6b,6c,
70,66,00,00
"hahenaofjigboinn"=hex:6b,61,67,69,6c,65,67,70,6a,6b,6c,6b,65,6b,65,63,64,69,
6d,64,6f,6c,00,00
.
[HKEY_USERS\S-1-5-21-701297180-1265488218-3417530303-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:36,25,24,89,a4,06,ed,31,85,fe,99,02,af,78,5c,87,da,d6,f6,6f,fa,38,dd,
b7,ec,d5,5f,20,c9,53,e1,09,32,58,34,dc,64,87,1f,ed,dd,b8,04,51,bb,1e,78,a8,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-701297180-1265488218-3417530303-1006\Software\SecuROM\License information*]
"datasecu"=hex:14,c7,3a,d2,84,ec,8c,5c,ca,d6,5e,ad,96,8b,3b,c5,c2,e8,12,86,40,
12,79,63,ca,58,d9,c1,fb,f1,b7,a6,43,98,c3,48,28,6b,02,18,bd,97,8a,f1,31,68,\
"rkeysecu"=hex:fa,66,dc,79,13,a3,ce,ec,20,88,37,a7,4f,1e,4d,17
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\Ati2evxx.dll
c:\progra~1\ALIENG~1\fastload.dll
.
- - - - - - - > 'explorer.exe'(224)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-06 17:58:58
ComboFix-quarantined-files.txt 2011-08-06 22:58
ComboFix2.txt 2011-08-05 22:20
.
Pre-Run: 9,188,474,880 bytes free
Post-Run: 9,175,175,168 bytes free
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - BC87CFAF05CDC52ECBAC940848FC39A3

#54
Cold Titanium

Posted 08 August 2011 - 04:50 PM

Trusted Helper

Malware Removal
1,735 posts

I apologize for the delay, I've been struggling to get to these logs...(still unacceptable delay though

)

Hmmm... Something doesn't seem right

Step #1

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Automatic Scan report from the left and press Save button
Save it to your desktop and attach to your next post

Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step #2

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.

Save it to the desktop.
Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
You will receive a prompt:
- Do you want to skip supplementary searches?
  click NO
If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please post the AVZ log and attach the second scan from it, then give me the Silent Runners log please.... :unsure:

#55
Anderwolf

Posted 10 August 2011 - 06:50 PM

Member

Topic Starter
Member
89 posts

OK. So the first 2 steps went pretty good. The Kaspersky virus scan found a crap load of trojans. It only took 25 hours LOL. No seriously though it took 25 hours. And the second step went ok too. But when I tried to download the SilentRunner it only downloaded a text document called SilentRunner.vbs I double clicked on it and it just opened like any other text document. Nothing happened after that, so I'm not sure what to do next?

#56
Cold Titanium

Posted 11 August 2011 - 09:08 AM

Trusted Helper

Malware Removal
1,735 posts

When you right click and save the script you have to save as file type all, and make sure it has a .vbs extension. Did you save the AVP reports?

#57
Anderwolf

Posted 11 August 2011 - 09:10 AM

Member

Topic Starter
Member
89 posts

Yes I have them, and thats the step that I didn't do before. I'll run silent runner now and post all the logs back.

#58
Anderwolf

Posted 11 August 2011 - 09:14 AM

Member

Topic Starter
Member
89 posts

OK I just tried that while saving it as "All Files" but the same thing happened. Just a text document that opens with a bunch of stuff in it starting with a warning about "run this script at your own risk" and all that.
Is there some other way of running it?

Edited by Anderwolf, 11 August 2011 - 09:20 AM.

#59
Cold Titanium

Posted 11 August 2011 - 09:33 AM

Trusted Helper

Malware Removal
1,735 posts

skip it and give me the AVP files then please

#60
Anderwolf

Posted 12 August 2011 - 09:35 AM

Member

Topic Starter
Member
89 posts

I can not believe this. I have tried everything I can possibly think of and I can not get this Kaspersky log to copy and paste. First, when opening the log it takes FOREVER, and the memory usage skyrockets. Then when the text finally shows up and I select all and copy, there was no option for past. Like it somehow cleared it off as soon as I copy it. Then I rebooted the computer and even tried it in safe mode. That time my option for paste was there but when I click paste it freezes for a couple minutes and then firefox crashes. I checked the task manager after pressing paste and firefox's memory usage jumps to like 875,000 K. GRRRR. I even tried opening it in word pad instead of notepad. The other part of the results that I have is in zip file format. I haven't tried to do anything with it yet because I wasn't sure if you wanted me to try to attach the file? I assume that would be dangerous, so let me know how you want me to do it and how I should proceed with this other log. Thanks again.

Edited by Anderwolf, 12 August 2011 - 09:37 AM.