Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Gen.2 Infection


  • Please log in to reply

#1
beerman

beerman

    Member

  • Member
  • PipPipPip
  • 188 posts
Hello GTG! Need your help again.

We have a Windows XP user who is getting a Symantec message for a Trojan.Gen.2 infection. Hope you can help. Attached is the OTL log:

OTL logfile created on: 6/27/2011 12:17:45 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\ntaylor\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 81.66 Gb Free Space | 54.82% Space Free | Partition Type: NTFS
Drive D: | 533.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 255.99 Gb Total Space | 126.88 Gb Free Space | 49.56% Space Free | Partition Type: NTFS
Drive P: | 255.99 Gb Total Space | 176.33 Gb Free Space | 68.88% Space Free | Partition Type: NTFS
Drive Y: | 255.99 Gb Total Space | 176.33 Gb Free Space | 68.88% Space Free | Partition Type: NTFS

Computer Name: BD05KWC1 | User Name: Ntaylor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/13 10:04:49 | 000,788,992 | ---- | M] (Dmitry Streblechenko) -- C:\WINDOWS\system32\nv4_disp32.exe
PRC - [2011/06/13 10:04:49 | 000,788,992 | ---- | M] (Dmitry Streblechenko) -- C:\WINDOWS\system32\msnsspc32.exe
PRC - [2011/05/10 16:03:16 | 001,205,760 | ---- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/03/19 21:29:02 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2011/03/19 21:29:02 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/03/19 21:29:02 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/03/19 21:29:00 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2011/03/19 21:29:00 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/12/13 12:04:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ntaylor\My Documents\Downloads\OTL.exe
PRC - [2010/02/05 00:36:43 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/01/17 19:39:48 | 001,310,448 | ---- | M] (Starfield Technologies, Inc.) -- C:\Program Files\Starfield\offSyncService.exe
PRC - [2009/12/29 10:08:28 | 001,653,248 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2009/08/03 14:59:42 | 001,044,480 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2008/10/14 22:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/12/13 12:04:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ntaylor\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2011/06/13 10:04:49 | 000,788,992 | ---- | M] (Dmitry Streblechenko) [Auto | Running] -- C:\WINDOWS\system32\msnsspc32.exe -- (RasAuto32)
SRV - [2011/03/19 21:29:02 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2011/03/19 21:29:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/03/19 21:29:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/03/19 21:29:00 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/03/19 21:29:00 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/02/05 00:36:43 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/17 19:39:48 | 001,310,448 | ---- | M] (Starfield Technologies, Inc.) [Auto | Running] -- C:\Program Files\Starfield\offSyncService.exe -- (File Backup)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Senfilt.sys -- (SenFiltService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ntaylor\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/05/18 00:14:31 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110627.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/18 00:14:31 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110627.004\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/11 12:12:14 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/11 11:37:17 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/11 11:15:06 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/19 21:29:02 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011/03/19 21:29:02 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011/03/19 21:29:02 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2011/03/19 21:28:58 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2011/03/19 21:28:58 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/19 21:28:58 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2011/03/19 21:28:58 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/09/27 16:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/07/20 15:39:04 | 000,339,456 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/04/14 03:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/06/06 12:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://retaillink.w...pe=IIS1&redir=/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A 66 D5 80 68 A6 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 39 AF 62 06 77 8A 14 40 85 07 0B EE E0 DB 6C 26 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2010/12/16 17:42:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/15 17:09:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/06/14 10:34:01 | 000,000,000 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (no name) - {0662AF39-8A77-4014-8507-0BEEE0DB6C26} - C:\WINDOWS\System32\atmfd32.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {1EFDA478-664E-41A6-8C2F-852344CC7F64} https://cnc.mcbcnet....tAttachment.ocx (CNCPrintAttachment.PrintControl)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Dayton.Local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\ntaylor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ntaylor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/04 21:08:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/17 03:02:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/13 10:04:55 | 000,788,992 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\nv4_disp32.exe
[2011/06/13 10:04:52 | 000,788,992 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\msnsspc32.exe
[2011/06/13 10:04:46 | 000,788,992 | ---- | C] (Dmitry Streblechenko) -- C:\Documents and Settings\ntaylor\0.8274811850451973.exe
[2011/06/09 15:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2011/06/02 11:12:02 | 000,184,320 | ---- | C] (Homestead Technologies, Inc.) -- C:\WINDOWS\System32\OESICore.dll
[2011/06/02 11:12:02 | 000,046,480 | ---- | C] (Homestead Technologies) -- C:\WINDOWS\System32\HS_live.ocx
[2011/06/02 11:12:02 | 000,045,056 | ---- | C] (Homestead Technologies, Inc.) -- C:\WINDOWS\System32\HSSICore.dll
[2011/06/02 11:12:02 | 000,036,864 | ---- | C] (Homestead Technologies, Inc.) -- C:\nphssb.dll
[2011/06/02 11:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Homestead
[2011/06/01 15:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\AWS
[2011/06/01 15:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2011/06/01 15:15:59 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2011/06/01 15:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\W3i
[2011/06/01 15:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\W3i
[2011/06/01 15:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers
[2011/06/01 15:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[1 C:\Documents and Settings\ntaylor\Desktop\*.tmp files -> C:\Documents and Settings\ntaylor\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\ntaylor\*.tmp files -> C:\Documents and Settings\ntaylor\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/27 12:10:20 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/06/27 12:10:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/27 12:09:40 | 000,000,096 | ---- | M] () -- C:\WINDOWS\System32\2120901760
[2011/06/27 12:09:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/27 10:57:07 | 000,021,773 | ---- | M] () -- C:\Documents and Settings\ntaylor\Desktop\Sales History - Miller Weekly.PDF
[2011/06/27 10:55:47 | 000,013,664 | ---- | M] () -- C:\Documents and Settings\ntaylor\Desktop\Sales History - Coors Weekly 99.PDF
[2011/06/25 15:35:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/24 15:36:14 | 001,640,443 | ---- | M] () -- C:\Documents and Settings\ntaylor\Desktop\110621 July 4th Incremental Display Tracking- MI and OHKY.xlsx
[2011/06/24 13:58:34 | 037,434,368 | ---- | M] () -- C:\Documents and Settings\ntaylor\Desktop\Bonbright Quality Assurance Scorecard.xls
[2011/06/24 12:49:42 | 000,000,103 | ---- | M] () -- C:\WINDOWS\System32\544474f0
[2011/06/23 13:15:53 | 000,417,030 | ---- | M] () -- C:\Documents and Settings\ntaylor\Desktop\New Image.JPG
[2011/06/23 10:32:06 | 000,007,652 | ---- | M] () -- C:\Documents and Settings\ntaylor\Desktop\Sales History - Managers Meeting Salesman Report.PDF
[2011/06/22 08:43:44 | 000,123,686 | ---- | M] () -- C:\Documents and Settings\ntaylor\Desktop\MillerCoors Summer 2011 Objective Tracking Form.xlsx
[2011/06/21 08:40:04 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\ntaylor\Desktop\DECAL ORDER FORM.doc
[2011/06/20 08:51:53 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\ntaylor\Desktop\Applebee's BM HW Draft Pour.xls
[2011/06/17 08:25:21 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\ntaylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/06/17 08:25:18 | 000,453,312 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/17 08:25:18 | 000,075,152 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/17 03:03:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 09:22:37 | 000,495,424 | ---- | M] () -- C:\Documents and Settings\ntaylor\Desktop\All Incentive Recap 06-15-11.xlsx
[2011/06/13 15:04:35 | 000,495,996 | ---- | M] () -- C:\Documents and Settings\ntaylor\Desktop\All Incentive Recap 09-08-10.xlsx
[2011/06/13 13:19:29 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\ntaylor\Desktop\Displays matter points.xls
[2011/06/13 10:04:49 | 000,788,992 | ---- | M] (Dmitry Streblechenko) -- C:\WINDOWS\System32\nv4_disp32.exe
[2011/06/13 10:04:49 | 000,788,992 | ---- | M] (Dmitry Streblechenko) -- C:\WINDOWS\System32\msnsspc32.exe
[2011/06/13 10:04:49 | 000,788,992 | ---- | M] (Dmitry Streblechenko) -- C:\Documents and Settings\ntaylor\0.8274811850451973.exe
[2011/06/10 12:27:07 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\ntaylor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/09 14:48:22 | 000,144,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/09 14:45:16 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\ntaylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/03 09:08:03 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\ntaylor\Desktop\DONALD K.doc
[2011/06/02 14:42:06 | 000,049,285 | ---- | M] () -- C:\Documents and Settings\ntaylor\Desktop\218114_10150270429804325_515344324_9234665_6676830_n.jpg
[2011/06/02 11:03:36 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\nphssb.dll
[2011/06/02 11:03:36 | 000,000,247 | ---- | M] () -- C:\nphssb.xpt
[2011/06/02 11:03:18 | 000,184,320 | ---- | M] (Homestead Technologies, Inc.) -- C:\WINDOWS\System32\OESICore.dll
[2011/06/02 11:03:18 | 000,046,480 | ---- | M] (Homestead Technologies) -- C:\WINDOWS\System32\HS_live.ocx
[2011/06/02 11:03:18 | 000,045,056 | ---- | M] (Homestead Technologies, Inc.) -- C:\WINDOWS\System32\HSSICore.dll
[2011/06/02 11:02:40 | 000,098,136 | ---- | M] () -- C:\WINDOWS\gzip.exe
[2011/06/01 15:17:06 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\ntaylor\Desktop\WeatherBug.lnk
[2011/05/31 13:49:08 | 000,407,581 | ---- | M] () -- C:\Documents and Settings\ntaylor\Desktop\Caremark Final.xlsx
[2011/05/31 12:43:29 | 000,405,388 | ---- | M] () -- C:\Documents and Settings\ntaylor\Desktop\Caremark 5-20-11.xlsx
[2011/05/31 08:45:06 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\ntaylor\My Documents\A Accounts.doc
[1 C:\Documents and Settings\ntaylor\Desktop\*.tmp files -> C:\Documents and Settings\ntaylor\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\ntaylor\*.tmp files -> C:\Documents and Settings\ntaylor\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/24 12:59:25 | 000,021,773 | ---- | C] () -- C:\Documents and Settings\ntaylor\Desktop\Sales History - Miller Weekly.PDF
[2011/06/24 12:15:57 | 000,013,664 | ---- | C] () -- C:\Documents and Settings\ntaylor\Desktop\Sales History - Coors Weekly 99.PDF
[2011/06/24 11:02:47 | 001,640,443 | ---- | C] () -- C:\Documents and Settings\ntaylor\Desktop\110621 July 4th Incremental Display Tracking- MI and OHKY.xlsx
[2011/06/23 13:15:53 | 000,417,030 | ---- | C] () -- C:\Documents and Settings\ntaylor\Desktop\New Image.JPG
[2011/06/23 10:32:06 | 000,007,652 | ---- | C] () -- C:\Documents and Settings\ntaylor\Desktop\Sales History - Managers Meeting Salesman Report.PDF
[2011/06/21 14:23:42 | 000,123,686 | ---- | C] () -- C:\Documents and Settings\ntaylor\Desktop\MillerCoors Summer 2011 Objective Tracking Form.xlsx
[2011/06/20 08:51:53 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\ntaylor\Desktop\Applebee's BM HW Draft Pour.xls
[2011/06/15 08:19:35 | 000,495,424 | ---- | C] () -- C:\Documents and Settings\ntaylor\Desktop\All Incentive Recap 06-15-11.xlsx
[2011/06/13 13:59:57 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\544474f0
[2011/06/13 13:19:29 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\ntaylor\Desktop\Displays matter points.xls
[2011/06/13 10:04:52 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\2120901760
[2011/06/03 09:08:03 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\ntaylor\Desktop\DONALD K.doc
[2011/06/02 14:42:13 | 000,049,285 | ---- | C] () -- C:\Documents and Settings\ntaylor\Desktop\218114_10150270429804325_515344324_9234665_6676830_n.jpg
[2011/06/02 11:12:02 | 000,000,247 | ---- | C] () -- C:\nphssb.xpt
[2011/06/02 11:04:09 | 000,007,315 | ---- | C] () -- C:\WINDOWS\System32\javasup.vxd
[2011/06/02 11:04:09 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2011/06/02 11:04:04 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedon.reg
[2011/06/02 11:04:03 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedoff.reg
[2011/06/02 11:03:16 | 000,098,136 | ---- | C] () -- C:\WINDOWS\gzip.exe
[2011/06/01 15:17:06 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\ntaylor\Desktop\WeatherBug.lnk
[2011/05/31 12:56:47 | 000,407,581 | ---- | C] () -- C:\Documents and Settings\ntaylor\Desktop\Caremark Final.xlsx
[2010/12/31 12:49:03 | 000,011,344 | ---- | C] () -- C:\Documents and Settings\ntaylor\Application Data\Microsoft Excel.CAL
[2010/12/31 12:29:10 | 000,009,985 | ---- | C] () -- C:\Documents and Settings\ntaylor\Application Data\Comma Separated Values (Windows).CAL
[2010/12/29 15:38:33 | 000,009,981 | ---- | C] () -- C:\Documents and Settings\ntaylor\Application Data\Comma Separated Values (DOS).CAL
[2010/11/17 14:09:42 | 000,000,145 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/10/15 03:20:41 | 000,087,064 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/05 10:02:55 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\ntaylor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/05 00:45:34 | 000,001,380 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2010/02/05 00:08:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/04 21:19:08 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2010/02/04 21:19:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2010/02/04 16:00:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005/05/20 16:31:00 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\LNKFILES.DLL
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/04/19 14:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/06/01 15:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/06/01 15:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2010/05/19 12:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ntaylor\Application Data\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
[2010/02/09 14:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ntaylor\Application Data\ICAClient
[2010/11/23 01:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ntaylor\Application Data\Vueksi
[2010/03/18 12:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ntaylor\Application Data\WeatherBug

========== Purity Check ==========



< End of report >


Thanks.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c


:Services
RasAuto32

:OTL
SRV - [2011/06/13 10:04:49 | 000,788,992 | ---- | M] (Dmitry Streblechenko) [Auto | Running] -- C:\WINDOWS\system32\msnsspc32.exe -- (RasAuto32)
O2 - BHO: (no name) - {0662AF39-8A77-4014-8507-0BEEE0DB6C26} - C:\WINDOWS\System32\atmfd32.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (Yontoo LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
[2011/06/13 10:04:55 | 000,788,992 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\nv4_disp32.exe
[2011/06/13 10:04:52 | 000,788,992 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\msnsspc32.exe
[2011/06/13 10:04:46 | 000,788,992 | ---- | C] (Dmitry Streblechenko) -- C:\Documents and Settings\ntaylor\0.8274811850451973.exe
[2011/06/01 15:15:59 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2011/06/27 12:09:40 | 000,000,096 | ---- | M] () -- C:\WINDOWS\System32\2120901760
[2011/06/24 12:49:42 | 000,000,103 | ---- | M] () -- C:\WINDOWS\System32\544474f0

[2011/06/01 15:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\W3i
[2011/06/01 15:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\W3i
[2011/06/01 15:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers
[2011/06/01 15:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
     
:Commands
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Ron
  • 0

#3
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Ron:

Thanks for your help. The logs requested are attached. BTW, for aswMBR the "Fix" button was enabled.

========== SERVICES/DRIVERS ==========
Error: Unable to stop service RasAuto32!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto32 deleted successfully.
========== OTL ==========
Error: Unable to stop service RasAuto32!
Service RasAuto32 deleted successfully!
C:\WINDOWS\system32\msnsspc32.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0662AF39-8A77-4014-8507-0BEEE0DB6C26}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0662AF39-8A77-4014-8507-0BEEE0DB6C26}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Program Files\Yontoo Layers\YontooIEClient.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {32505657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmvadvd.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32505657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\WINDOWS\system32\nv4_disp32.exe moved successfully.
File C:\WINDOWS\System32\msnsspc32.exe not found.
C:\Documents and Settings\ntaylor\0.8274811850451973.exe moved successfully.
C:\WINDOWS\System32\AI_RecycleBin\146518949 folder moved successfully.
C:\WINDOWS\System32\AI_RecycleBin folder moved successfully.
C:\WINDOWS\system32\2120901760 moved successfully.
C:\WINDOWS\system32\544474f0 moved successfully.
C:\Program Files\W3i\InstallIQUpdater\images folder moved successfully.
C:\Program Files\W3i\InstallIQUpdater folder moved successfully.
C:\Program Files\W3i folder moved successfully.
C:\Documents and Settings\All Users\Application Data\W3i\InstallIQUpdater\import folder moved successfully.
Folder move failed. C:\Documents and Settings\All Users\Application Data\W3i\InstallIQUpdater scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Application Data\W3i scheduled to be moved on reboot.
C:\Program Files\Yontoo Layers folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui\ deleted successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\ntaylor\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\ntaylor\My Documents\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\ntaylor\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\ntaylor\My Documents\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\ntaylor\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\ntaylor\My Documents\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\ntaylor\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\ntaylor\My Documents\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.3 log created on 06282011_082510

Files\Folders moved on Reboot...
C:\Documents and Settings\All Users\Application Data\W3i\InstallIQUpdater folder moved successfully.
C:\Documents and Settings\All Users\Application Data\W3i folder moved successfully.

Registry entries deleted on Reboot...



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6966

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/28/2011 8:54:16 AM
mbam-log-2011-06-28 (08-54-16).txt

Scan type: Quick scan
Objects scanned: 177319
Time elapsed: 4 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\localservice\application data\020000000aa4d1941270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\020000000aa4d1941270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\020000000aa4d1941270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\020000000aa4d1941270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\020000000aa4d1941270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\020000000aa4d1941270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\020000000aa4d1941270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\020000000aa4d1941270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.



ComboFix 11-06-27.04 - Ntaylor 06/28/2011 9:04.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1517 [GMT -4:00]
Running from: c:\documents and settings\ntaylor\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))
.
.
2011-06-28 12:47 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-28 12:47 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-28 12:29 . 2011-06-13 14:04 788992 ----a-w- c:\windows\system32\nvdispsr32.exe
2011-06-28 12:29 . 2011-06-13 14:04 788992 ----a-w- c:\windows\system32\msorcl3232.exe
2011-06-28 12:27 . 2011-06-13 14:04 788992 ----a-w- c:\windows\system32\atmfd32.exe
2011-06-13 16:36 . 2011-06-13 16:36 0 ---ha-w- c:\documents and settings\ntaylor\tiipivasgu.tmp
2011-06-09 19:17 . 2011-06-09 19:17 -------- d-----w- c:\program files\Broadcom
2011-06-09 19:05 . 2011-06-09 19:05 45056 ----a-r- c:\documents and settings\ntaylor\Application Data\Microsoft\Installer\{2764CA82-DFB9-4498-AF85-719340BF5305}\NewShortcut1_2764CA82DFB94498AF85719340BF5305.exe
2011-06-02 15:12 . 2011-06-02 15:03 36864 ----a-w- C:\nphssb.dll
2011-06-02 15:12 . 2011-06-02 15:03 46480 ----a-w- c:\windows\system32\HS_live.ocx
2011-06-02 15:12 . 2011-06-02 15:03 45056 ----a-w- c:\windows\system32\HSSICore.dll
2011-06-02 15:12 . 2011-06-02 15:03 184320 ----a-w- c:\windows\system32\OESICore.dll
2011-06-02 15:03 . 2011-06-02 15:02 98136 ----a-w- c:\windows\gzip.exe
2011-06-02 15:02 . 2011-06-02 15:02 -------- d-----w- c:\program files\Homestead
2011-06-01 19:17 . 2011-06-01 19:17 18944 ----a-r- c:\documents and settings\ntaylor\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-06-01 19:17 . 2011-06-01 19:17 11264 ----a-r- c:\documents and settings\ntaylor\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A1630.exe
2011-06-01 19:17 . 2011-06-01 19:17 -------- d-----w- c:\program files\AWS
2011-06-01 19:16 . 2011-06-01 19:16 -------- d-----w- c:\program files\Free Offers from Freeze.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-11 15:15 . 2011-05-11 15:14 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-05-11 15:15 . 2011-05-11 15:14 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-02 15:31 . 2010-02-05 01:06 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2008-04-14 07:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2008-04-14 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2008-04-14 07:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2008-04-14 07:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2008-04-14 07:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 07:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2010-12-15_14.55.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-28 12:59 . 2011-06-28 12:59 16384 c:\windows\Temp\Perflib_Perfdata_220.dat
+ 2011-06-28 12:58 . 2011-06-28 12:58 16384 c:\windows\Temp\Perflib_Perfdata_1d8.dat
- 2009-05-25 02:25 . 2007-06-06 00:37 61440 c:\windows\system32\TrackID.DLL
+ 2009-05-25 02:25 . 2007-06-06 09:37 61440 c:\windows\system32\TrackID.DLL
- 2009-05-25 02:25 . 2007-06-06 00:37 69632 c:\windows\system32\TIFmtA.dll
+ 2009-05-25 02:25 . 2007-06-06 09:37 69632 c:\windows\system32\TIFmtA.dll
+ 2009-05-25 02:25 . 2007-06-06 09:37 49152 c:\windows\system32\TIBase64.dll
- 2009-05-25 02:25 . 2007-06-06 00:37 49152 c:\windows\system32\TIBase64.dll
+ 2011-01-28 22:00 . 2009-10-14 09:23 54272 c:\windows\system32\spool\prtprocs\w32x86\E424PP32.DLL
+ 2011-01-31 14:56 . 2007-06-06 09:37 61440 c:\windows\system32\spool\drivers\w32x86\ricohaficio_sp_c820d0378\TrackID.DLL
+ 2011-01-31 14:56 . 2007-06-06 09:37 69632 c:\windows\system32\spool\drivers\w32x86\ricohaficio_sp_c820d0378\TIFMTA.DLL
+ 2011-01-31 14:56 . 2007-06-06 09:37 49152 c:\windows\system32\spool\drivers\w32x86\ricohaficio_sp_c820d0378\TIBASE64.DLL
+ 2011-01-31 14:56 . 2008-02-08 08:18 77824 c:\windows\system32\spool\drivers\w32x86\ricohaficio_sp_c820d0378\RIC54FWM.EXE
+ 2011-01-31 14:56 . 2008-11-27 08:42 45056 c:\windows\system32\spool\drivers\w32x86\ricohaficio_sp_c820d0378\RIC54Fh.DLL
+ 2011-01-28 22:00 . 2009-10-14 09:23 61440 c:\windows\system32\spool\drivers\w32x86\ricohaficio_sp_c820d0378\MFRICRES.dll
- 2009-05-25 02:25 . 2007-06-06 00:37 61440 c:\windows\system32\spool\drivers\w32x86\3\TrackID.DLL
+ 2009-05-25 02:25 . 2007-06-06 09:37 61440 c:\windows\system32\spool\drivers\w32x86\3\TrackID.DLL
- 2009-05-25 02:25 . 2007-06-06 00:37 69632 c:\windows\system32\spool\drivers\w32x86\3\TIFMTA.DLL
+ 2009-05-25 02:25 . 2007-06-06 09:37 69632 c:\windows\system32\spool\drivers\w32x86\3\TIFMTA.DLL
- 2009-05-25 02:25 . 2007-06-06 00:37 49152 c:\windows\system32\spool\drivers\w32x86\3\TIBASE64.DLL
+ 2009-05-25 02:25 . 2007-06-06 09:37 49152 c:\windows\system32\spool\drivers\w32x86\3\TIBASE64.DLL
+ 2011-01-31 14:56 . 2008-02-08 08:18 77824 c:\windows\system32\spool\drivers\w32x86\3\RIC54FWM.EXE
+ 2011-01-31 14:56 . 2008-11-27 08:42 45056 c:\windows\system32\spool\drivers\w32x86\3\RIC54Fh.DLL
+ 2011-01-28 22:00 . 2009-10-14 09:23 61440 c:\windows\system32\spool\drivers\w32x86\3\MFRICRES.dll
+ 2010-04-17 03:12 . 2010-04-17 03:12 48464 c:\windows\system32\sirenacm.dll
- 2009-05-25 02:25 . 2007-06-06 00:32 57344 c:\windows\system32\ricdb32.DLL
+ 2009-05-25 02:25 . 2007-06-06 09:32 57344 c:\windows\system32\ricdb32.DLL
+ 2008-04-14 07:00 . 2011-06-17 12:25 75152 c:\windows\system32\perfc009.dat
- 2008-04-14 07:00 . 2010-11-23 14:53 75152 c:\windows\system32\perfc009.dat
+ 2011-06-02 15:04 . 2002-02-18 14:23 21264 c:\windows\system32\msjdbc10.dll
+ 2008-04-14 07:00 . 2011-04-25 16:11 66560 c:\windows\system32\mshtmled.dll
- 2008-04-14 07:00 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 08:31 . 2011-04-25 16:11 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 08:31 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-05-25 02:25 . 2008-03-28 09:26 61440 c:\windows\system32\mfricres.DLL
- 2009-05-25 02:25 . 2008-03-28 00:26 61440 c:\windows\system32\mfricres.DLL
- 2008-04-14 07:00 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 07:00 . 2011-04-25 16:11 25600 c:\windows\system32\jsproxy.dll
+ 2011-06-02 15:04 . 2002-02-18 14:23 15120 c:\windows\system32\jdbgmgr.exe
+ 2011-06-02 15:04 . 2002-02-18 14:22 63248 c:\windows\system32\javaprxy.dll
+ 2011-03-20 01:29 . 2011-03-20 01:29 87368 c:\windows\system32\FwsVpn.dll
+ 2011-03-20 01:28 . 2011-03-20 01:28 26416 c:\windows\system32\drivers\symredrv.sys
+ 2011-03-20 01:28 . 2011-03-20 01:28 38448 c:\windows\system32\drivers\symndisv.sys
+ 2011-03-20 01:28 . 2011-03-20 01:28 35120 c:\windows\system32\drivers\symndis.sys
+ 2011-03-20 01:28 . 2011-03-20 01:28 39856 c:\windows\system32\drivers\symids.sys
+ 2011-03-20 01:28 . 2011-03-20 01:28 12720 c:\windows\system32\drivers\symdns.sys
+ 2011-03-20 01:29 . 2011-03-20 01:29 43696 c:\windows\system32\drivers\srtspx.sys
+ 2011-03-20 01:28 . 2011-03-20 01:28 23888 c:\windows\system32\drivers\COH_Mon.sys
+ 2008-04-14 07:00 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
- 2008-04-14 07:00 . 2008-04-14 07:00 45568 c:\windows\system32\dnsrslvr.dll
+ 2010-02-05 03:51 . 2011-04-25 16:11 12800 c:\windows\system32\dllcache\xpshims.dll
- 2010-02-05 03:51 . 2010-11-06 00:26 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-04-14 07:00 . 2011-04-25 16:11 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2008-04-14 07:00 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2010-02-05 03:51 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-02-05 03:51 . 2011-04-25 16:11 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-04-14 07:00 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-04-14 07:00 . 2011-04-25 16:11 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-04-14 07:00 . 2011-04-25 16:11 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2008-04-14 07:00 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2008-04-14 07:00 . 2008-04-14 07:00 45568 c:\windows\system32\dllcache\dnsrslvr.dll
+ 2008-04-14 07:00 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
- 2008-04-14 07:00 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2008-04-14 07:00 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2008-04-14 07:00 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
- 2008-04-14 07:00 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2011-05-11 15:19 . 2011-06-28 00:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-05 01:10 . 2011-06-28 00:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-02-05 01:10 . 2010-11-23 16:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-05-11 15:19 . 2011-06-28 00:02 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-02-05 01:10 . 2010-11-23 16:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-06-02 15:04 . 2002-02-18 14:23 49424 c:\windows\system32\clspack.exe
+ 2011-03-20 01:29 . 2011-03-20 01:29 89600 c:\windows\system32\atl71.dll
+ 2011-06-02 15:04 . 2002-02-18 14:23 46352 c:\windows\setdebug.exe
+ 2011-01-24 17:54 . 2011-01-24 17:54 27136 c:\windows\Installer\195dd1f4.msi
+ 2011-01-24 17:53 . 2011-01-24 17:53 83456 c:\windows\Installer\195dd1dd.msi
+ 2011-01-24 17:53 . 2011-01-24 17:53 58880 c:\windows\Installer\195dd1d4.msi
+ 2011-01-24 17:54 . 2011-01-24 17:54 61272 c:\windows\Installer\{E6158D07-2637-4ECF-B576-37C489669174}\IconWlc.exe
+ 2011-01-10 15:22 . 2011-01-10 15:22 25214 c:\windows\Installer\{C768790F-04FB-11E0-9B2C-001AA037B01E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-01-24 17:54 . 2011-01-24 17:54 80395 c:\windows\Installer\{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}\MsblIco.Exe
+ 2011-06-01 19:15 . 2011-06-01 19:15 14534 c:\windows\Installer\{A9FE59F0-5BFA-4FDF-84C6-F45457715379}\SystemFolder_msiexec.exe
+ 2010-02-05 04:08 . 2011-06-17 07:03 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2010-02-05 04:08 . 2010-12-15 08:02 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-02-05 04:08 . 2011-06-17 07:03 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2010-02-05 04:08 . 2010-12-15 08:02 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2010-02-05 04:08 . 2011-06-17 07:03 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2010-02-05 04:08 . 2010-12-15 08:02 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-02-05 04:08 . 2011-06-17 07:03 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-02-05 04:08 . 2010-12-15 08:02 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-02-05 04:14 . 2010-12-15 08:01 35088 c:\windows\Installer\{91120000-0018-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-02-05 04:14 . 2011-06-17 07:05 35088 c:\windows\Installer\{91120000-0018-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-02-05 04:14 . 2010-12-15 08:01 18704 c:\windows\Installer\{91120000-0018-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-02-05 04:14 . 2011-06-17 07:05 18704 c:\windows\Installer\{91120000-0018-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-02-05 04:14 . 2010-12-15 08:01 20240 c:\windows\Installer\{91120000-0018-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-02-05 04:14 . 2011-06-17 07:05 20240 c:\windows\Installer\{91120000-0018-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-06-04 07:00 . 2010-09-29 07:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-04 07:00 . 2011-06-17 07:04 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-04-11 16:38 . 2011-04-11 16:38 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2011-05-11 15:15 . 2011-05-11 15:15 21446 c:\windows\Installer\{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}\ARPPRODUCTICON.exe
+ 2011-06-17 07:01 . 2011-02-22 23:06 12800 c:\windows\ie8updates\KB2530548-IE8\xpshims.dll
+ 2011-06-17 07:01 . 2011-02-22 23:06 66560 c:\windows\ie8updates\KB2530548-IE8\mshtmled.dll
+ 2011-06-17 07:01 . 2011-02-22 23:06 55296 c:\windows\ie8updates\KB2530548-IE8\msfeedsbs.dll
+ 2011-06-17 07:01 . 2011-02-22 23:06 43520 c:\windows\ie8updates\KB2530548-IE8\licmgr10.dll
+ 2011-06-17 07:01 . 2011-02-22 23:06 25600 c:\windows\ie8updates\KB2530548-IE8\jsproxy.dll
+ 2011-04-14 07:06 . 2010-12-20 23:59 12800 c:\windows\ie8updates\KB2497640-IE8\xpshims.dll
+ 2011-04-14 07:06 . 2010-12-20 23:59 66560 c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll
+ 2011-04-14 07:06 . 2010-12-20 23:59 55296 c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll
+ 2011-04-14 07:06 . 2010-12-20 23:59 43520 c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll
+ 2011-04-14 07:06 . 2010-12-20 23:59 25600 c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
+ 2011-04-14 07:09 . 2011-04-14 07:09 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\368187bcb570d202a019fc7c53b1df4c\UIAutomationProvider.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\3f621b90371e67197bd4d0b86aa6f21d\System.Windows.Presentation.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\577b049541803541e6b00e2c36c00852\System.Web.DynamicData.Design.ni.dll
+ 2011-04-14 07:12 . 2011-04-14 07:12 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\636ed65b7e5481320e3010b78a5e6cfa\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-04-14 07:12 . 2011-04-14 07:12 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f83b1e8dd8c90490c8d924826c8b107d\System.AddIn.Contract.ni.dll
+ 2011-04-14 07:07 . 2011-04-14 07:07 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2740ba673b1040f1995f13c6044da64c\PresentationFontCache.ni.exe
+ 2011-04-14 07:07 . 2011-04-14 07:07 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8514e7de63d46b6f8232ef70d93a1650\PresentationCFFRasterizer.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\108426b4dc654100c9a99bfa71f69886\Microsoft.Vsa.ni.dll
+ 2011-04-14 07:11 . 2011-04-14 07:11 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8905268997c77a27c7f9c54aeba37f24\Microsoft.Build.Framework.ni.dll
+ 2011-04-14 07:12 . 2011-04-14 07:12 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\11bb8ef375848eb1c074da1afd5cecdc\Microsoft.Build.Framework.ni.dll
+ 2011-04-14 07:11 . 2011-04-14 07:11 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\6d74b9308a1517bfe959e597c3dd2427\dfsvc.ni.exe
+ 2011-04-14 07:11 . 2011-04-14 07:11 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\fdf7f1404f4a5c7f5a0463d8e7a442e4\Accessibility.ni.dll
+ 2011-04-14 07:05 . 2011-04-14 07:05 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-04-14 07:05 . 2011-04-14 07:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-10-06 07:02 . 2010-10-06 07:02 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-10-06 07:02 . 2010-10-06 07:02 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-04-14 07:00 . 2008-04-14 07:00 45568 c:\windows\$NtUninstallKB2509553$\dnsrslvr.dll
+ 2011-02-10 08:01 . 2009-12-14 07:08 33280 c:\windows\$NtUninstallKB2476687$\csrsrv.dll
+ 2011-03-15 07:10 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971029\update\spcustom.dll
+ 2011-03-15 07:10 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971029\spmsg.dll
+ 2011-03-24 07:00 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2524375\update\spcustom.dll
+ 2011-03-24 07:00 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2524375\spmsg.dll
+ 2011-04-14 07:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2511455\update\spcustom.dll
+ 2011-04-14 07:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2511455\spmsg.dll
+ 2011-04-14 07:00 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2510531-IE8\update\spcustom.dll
+ 2011-04-14 07:00 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2510531-IE8\spmsg.dll
+ 2011-04-14 07:00 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2509553\update\spcustom.dll
+ 2011-04-14 07:00 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2509553\spmsg.dll
+ 2009-04-20 17:06 . 2009-04-20 17:06 45568 c:\windows\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll
+ 2011-04-14 07:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2508429\update\spcustom.dll
+ 2011-04-14 07:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2508429\spmsg.dll
+ 2011-04-14 07:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2508272\update\spcustom.dll
+ 2011-04-14 07:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2508272\spmsg.dll
+ 2011-04-14 07:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2507618\update\spcustom.dll
+ 2011-04-14 07:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2507618\spmsg.dll
+ 2011-04-14 07:07 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2506223\update\spcustom.dll
+ 2011-04-14 07:07 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2506223\spmsg.dll
+ 2011-04-14 07:02 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2506212\update\spcustom.dll
+ 2011-04-14 07:02 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2506212\spmsg.dll
+ 2011-04-14 07:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2503658\update\spcustom.dll
+ 2011-04-14 07:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2503658\spmsg.dll
+ 2011-04-14 07:07 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2497640-IE8\update\spcustom.dll
+ 2011-04-14 07:07 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2497640-IE8\spmsg.dll
+ 2011-04-14 00:44 . 2011-02-22 23:27 12800 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\xpshims.dll
+ 2011-04-14 00:44 . 2011-02-22 23:27 66560 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtmled.dll
+ 2011-04-14 00:44 . 2011-02-22 23:27 55296 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\msfeedsbs.dll
+ 2011-04-14 00:44 . 2011-02-22 23:27 43520 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\licmgr10.dll
+ 2011-04-14 00:44 . 2011-02-22 23:27 25600 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\jsproxy.dll
+ 2011-04-14 07:09 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2485663\update\spcustom.dll
+ 2011-04-14 07:09 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2485663\spmsg.dll
+ 2011-02-10 08:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2485376\update\spcustom.dll
+ 2011-02-10 08:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2485376\spmsg.dll
+ 2011-02-10 08:02 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2483185\update\spcustom.dll
+ 2011-02-10 08:02 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2483185\spmsg.dll
+ 2011-02-10 08:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2482017-IE8\update\spcustom.dll
+ 2011-02-10 08:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2482017-IE8\spmsg.dll
+ 2011-02-10 03:03 . 2010-12-20 23:58 12800 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\xpshims.dll
+ 2011-02-10 03:03 . 2010-12-20 23:58 66560 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtmled.dll
+ 2011-02-10 03:03 . 2010-12-20 23:58 55296 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeedsbs.dll
+ 2011-02-10 03:03 . 2010-12-20 23:58 43520 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\licmgr10.dll
+ 2011-02-10 03:03 . 2010-12-20 23:58 25600 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\jsproxy.dll
+ 2011-03-10 08:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2481109\update\spcustom.dll
+ 2011-03-10 08:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2481109\spmsg.dll
+ 2011-02-02 07:57 . 2011-02-02 07:57 53248 c:\windows\$hf_mig$\KB2481109\SP3QFE\tsgqec.dll
+ 2011-03-10 08:02 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2479943\update\spcustom.dll
+ 2011-03-10 08:02 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2479943\spmsg.dll
+ 2011-02-10 08:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2479628\update\spcustom.dll
+ 2011-02-10 08:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2479628\spmsg.dll
+ 2011-02-10 08:03 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2478971\update\spcustom.dll
+ 2011-02-10 08:03 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2478971\spmsg.dll
+ 2011-02-10 08:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2478960\update\spcustom.dll
+ 2011-02-10 08:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2478960\spmsg.dll
+ 2011-02-10 08:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2476687\update\spcustom.dll
+ 2011-02-10 08:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2476687\spmsg.dll
+ 2010-12-09 14:29 . 2010-12-09 14:29 33280 c:\windows\$hf_mig$\KB2476687\SP3QFE\csrsrv.dll
+ 2011-01-12 08:00 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2419632\update\spcustom.dll
+ 2011-01-12 08:00 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2419632\spmsg.dll
+ 2011-02-10 08:00 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2393802\update\spcustom.dll
+ 2011-02-10 03:02 . 2010-12-09 15:15 16896 c:\windows\$hf_mig$\KB2393802\update\mpsyschk.dll
+ 2011-02-10 08:00 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2393802\spmsg.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-02-05 01:36 . 2010-08-26 12:52 5120 c:\windows\system32\xpsp4res.dll
+ 2010-02-05 01:36 . 2011-02-17 12:32 5120 c:\windows\system32\xpsp4res.dll
+ 2011-06-02 15:04 . 2011-06-02 15:04 2678 c:\windows\java\Packages\Data\Q6R5B93D.DAT
+ 2011-06-02 15:04 . 2011-06-02 15:04 2232 c:\windows\java\Packages\Data\NJ1FPNVV.DAT
+ 2011-06-02 15:04 . 2011-06-02 15:04 2678 c:\windows\java\Packages\Data\K2YRLN7J.DAT
+ 2011-06-02 15:04 . 2011-06-02 15:04 2678 c:\windows\java\Packages\Data\EOOQTB7Z.DAT
+ 2011-06-02 15:04 . 2011-06-02 15:04 2678 c:\windows\java\Packages\Data\7NJ9JNL7.DAT
+ 2011-06-02 15:04 . 2011-06-02 15:04 2678 c:\windows\java\Packages\Data\7B9ZBBXV.DAT
+ 2011-06-02 15:04 . 2002-02-18 11:35 6550 c:\windows\jautoexp.dat
+ 2011-06-09 19:17 . 2011-06-09 19:17 3262 c:\windows\Installer\{FC57FC53-104C-415C-98D7-B05E659461A9}\ARPPRODUCTICON.exe
- 2010-02-05 01:30 . 2010-02-05 01:30 3262 c:\windows\Installer\{FC57FC53-104C-415C-98D7-B05E659461A9}\ARPPRODUCTICON.exe
- 2010-02-05 04:08 . 2010-12-15 08:02 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-02-05 04:08 . 2011-06-17 07:03 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-04-14 07:06 . 2011-04-14 07:06 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-10-06 07:02 . 2010-10-06 07:02 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-10-06 07:01 . 2010-10-06 07:01 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-04-14 07:03 . 2010-08-26 12:52 5120 c:\windows\$NtUninstallKB2508429$\xpsp4res.dll
+ 2011-02-17 12:32 . 2011-02-17 12:32 5120 c:\windows\$hf_mig$\KB2508429\SP3QFE\xpsp4res.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-12 05:12 . 2009-07-12 05:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 05:09 . 2009-07-12 05:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 05:08 . 2009-07-12 05:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2011-06-02 15:04 . 2002-02-18 14:23 171792 c:\windows\system32\wjview.exe
+ 2008-04-14 07:00 . 2008-04-14 10:42 507904 c:\windows\system32\winlogon.exe
- 2008-04-14 07:00 . 2010-12-09 13:05 507904 c:\windows\system32\winlogon.exe
+ 2011-06-02 15:04 . 2002-02-18 14:23 286992 c:\windows\system32\vmhelper.dll
+ 2008-04-14 07:00 . 2011-03-04 06:37 420864 c:\windows\system32\vbscript.dll
+ 2011-03-20 01:29 . 2011-03-20 01:29 107848 c:\windows\system32\SymVPN.dll
+ 2011-03-20 01:29 . 2011-03-20 01:29 242056 c:\windows\system32\SymRedir.dll
+ 2011-03-20 01:29 . 2011-03-20 01:29 625032 c:\windows\system32\SymNeti.dll
+ 2011-01-31 14:56 . 2008-06-10 23:11 221184 c:\windows\system32\spool\drivers\w32x86\ricohaficio_sp_c820d0378\RICJC32.dll
+ 2011-01-31 14:56 . 2008-11-27 08:41 880640 c:\windows\system32\spool\drivers\w32x86\ricohaficio_sp_c820d0378\RIC54Fu.DLL
+ 2011-01-31 14:56 . 2008-02-22 15:42 315392 c:\windows\system32\spool\drivers\w32x86\ricohaficio_sp_c820d0378\RIC54Fc.DLL
+ 2011-01-28 22:00 . 2009-10-14 09:23 225280 c:\windows\system32\spool\drivers\w32x86\ricohaficio_sp_c820d0378\Rc4manNT.dll
+ 2011-01-28 22:00 . 2009-10-14 09:24 543232 c:\windows\system32\spool\drivers\w32x86\ricohaficio_sp_c820d0378\PSCRIPT5.DLL
+ 2011-01-28 22:00 . 2009-10-14 09:24 728576 c:\windows\system32\spool\drivers\w32x86\ricohaficio_sp_c820d0378\PS5UI.DLL
+ 2011-01-31 14:56 . 2008-06-10 23:10 159744 c:\windows\system32\spool\drivers\w32x86\ricohaficio_sp_c820d0378\JCUI.EXE
+ 2011-01-28 22:00 . 2009-10-14 09:23 930816 c:\windows\system32\spool\drivers\w32x86\ricohaficio_sp_c820d0378\E424PSUI.DLL
+ 2011-01-28 22:00 . 2009-10-14 09:22 142848 c:\windows\system32\spool\drivers\w32x86\ricohaficio_sp_c820d0378\E424PSRE.DLL
- 2009-05-25 02:25 . 2008-03-18 10:24 221184 c:\windows\system32\spool\drivers\w32x86\3\RICJC32.dll
+ 2009-05-25 02:25 . 2008-06-10 23:11 221184 c:\windows\system32\spool\drivers\w32x86\3\RICJC32.dll
+ 2011-01-31 14:56 . 2008-11-27 08:41 880640 c:\windows\system32\spool\drivers\w32x86\3\RIC54Fu.DLL
+ 2011-01-31 14:56 . 2008-02-22 15:42 315392 c:\windows\system32\spool\drivers\w32x86\3\RIC54Fc.DLL
+ 2011-01-28 22:00 . 2009-10-14 09:23 225280 c:\windows\system32\spool\drivers\w32x86\3\Rc4manNT.dll
+ 2003-05-05 21:47 . 2009-10-14 09:24 543232 c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
- 2003-05-05 21:47 . 2008-04-14 10:42 543232 c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2003-05-05 21:47 . 2009-10-14 09:24 728576 c:\windows\system32\spool\drivers\w32x86\3\PS5UI.DLL
- 2003-05-05 21:47 . 2008-04-14 10:42 728576 c:\windows\system32\spool\drivers\w32x86\3\PS5UI.DLL
+ 2009-05-25 02:25 . 2008-06-10 23:10 159744 c:\windows\system32\spool\drivers\w32x86\3\JCUI.EXE
- 2009-05-25 02:25 . 2008-03-18 10:27 159744 c:\windows\system32\spool\drivers\w32x86\3\JCUI.EXE
+ 2011-01-28 22:00 . 2009-10-14 09:23 930816 c:\windows\system32\spool\drivers\w32x86\3\E424PSUI.DLL
+ 2011-01-28 22:00 . 2009-10-14 09:22 142848 c:\windows\system32\spool\drivers\w32x86\3\E424PSRE.DLL
+ 2008-04-14 07:00 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll
- 2008-04-14 07:00 . 2008-04-14 07:00 135168 c:\windows\system32\shsvcs.dll
+ 2008-04-14 07:00 . 2011-01-21 14:44 439296 c:\windows\system32\shimgvw.dll
+ 2008-04-14 07:00 . 2011-02-09 13:53 270848 c:\windows\system32\sbe.dll
- 2008-04-14 07:00 . 2008-04-14 07:00 270848 c:\windows\system32\sbe.dll
- 2009-05-25 02:25 . 2008-03-18 10:24 221184 c:\windows\system32\RICJC32.DLL
+ 2009-05-25 02:25 . 2008-06-10 23:11 221184 c:\windows\system32\RICJC32.DLL
+ 2011-06-09 19:17 . 2006-05-10 19:00 156160 c:\windows\system32\ReinstallBackups\0018\DriverFiles\b57xp32.sys
+ 2009-05-25 02:25 . 2008-07-17 08:25 225280 c:\windows\system32\rc4manNT.DLL
- 2008-04-14 07:00 . 2010-11-23 14:54 453312 c:\windows\system32\perfh009.dat
+ 2008-04-14 07:00 . 2011-06-17 12:25 453312 c:\windows\system32\perfh009.dat
- 2008-04-14 07:00 . 2008-04-14 07:00 551936 c:\windows\system32\oleaut32.dll
+ 2008-04-14 07:00 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
- 2008-04-14 07:00 . 2008-04-14 07:00 249856 c:\windows\system32\odbc32.dll
+ 2008-04-14 07:00 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll
- 2008-04-14 07:00 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll
+ 2008-04-14 07:00 . 2011-04-25 16:11 206848 c:\windows\system32\occache.dll
+ 2008-04-14 07:00 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll
+ 2008-04-14 07:00 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll
- 2008-04-14 07:00 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll
- 2003-02-21 10:42 . 2003-02-21 10:42 348160 c:\windows\system32\msvcr71.dll
+ 2003-02-21 10:42 . 2007-03-22 00:33 348160 c:\windows\system32\MSVCR71.DLL
+ 2003-03-19 02:14 . 2007-03-22 00:33 503808 c:\windows\system32\MSVCP71.DLL
- 2010-02-05 01:04 . 2008-04-14 07:00 677888 c:\windows\system32\mstsc.exe
+ 2010-02-05 01:04 . 2011-01-27 11:57 677888 c:\windows\system32\mstsc.exe
- 2008-04-14 07:00 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll
+ 2008-04-14 07:00 . 2011-04-25 16:11 611840 c:\windows\system32\mstime.dll
+ 2011-06-02 15:04 . 2002-02-18 14:23 945936 c:\windows\system32\msjava.dll
+ 2009-03-08 08:32 . 2011-04-25 16:11 602112 c:\windows\system32\msfeeds.dll
- 2009-03-08 08:32 . 2010-11-06 00:26 602112 c:\windows\system32\msfeeds.dll
+ 2011-06-02 15:04 . 2002-02-18 14:23 154384 c:\windows\system32\msawt.dll
- 2008-04-14 07:00 . 2010-09-18 16:23 974848 c:\windows\system32\mfc42u.dll
+ 2008-04-14 07:00 . 2011-02-08 13:33 974848 c:\windows\system32\mfc42u.dll
+ 2008-04-14 07:00 . 2011-02-08 13:33 978944 c:\windows\system32\mfc42.dll
+ 2011-02-21 13:35 . 2011-02-21 13:35 234656 c:\windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe
+ 2011-02-21 13:35 . 2011-02-21 13:35 311456 c:\windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.dll
+ 2008-04-14 07:00 . 2010-12-20 17:26 730112 c:\windows\system32\lsasrv.dll
- 2008-04-14 07:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2008-04-14 07:00 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll
- 2008-04-14 07:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2011-06-02 15:04 . 2002-02-18 14:23 172304 c:\windows\system32\jview.exe
+ 2008-04-14 07:00 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
- 2008-04-14 07:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
+ 2011-06-02 15:04 . 2002-02-18 14:22 171280 c:\windows\system32\jit.dll
- 2009-05-25 02:25 . 2008-03-18 10:27 159744 c:\windows\system32\JCUI.EXE
+ 2009-05-25 02:25 . 2008-06-10 23:10 159744 c:\windows\system32\JCUI.EXE
+ 2010-12-15 21:09 . 2010-11-12 23:53 157472 c:\windows\system32\javaws.exe
+ 2010-12-15 21:09 . 2010-11-12 23:53 145184 c:\windows\system32\javaw.exe
- 2010-07-13 17:01 . 2010-07-13 17:00 145184 c:\windows\system32\javaw.exe
+ 2011-06-02 15:04 . 2002-02-18 14:22 404752 c:\windows\system32\javart.dll
+ 2011-06-02 15:04 . 2002-02-18 14:22 139536 c:\windows\system32\javaee.dll
+ 2011-06-02 15:04 . 2002-02-18 14:22 187152 c:\windows\system32\javacypt.dll
- 2010-07-13 17:01 . 2010-07-13 17:00 145184 c:\windows\system32\java.exe
+ 2010-12-15 21:09 . 2010-11-12 23:53 145184 c:\windows\system32\java.exe
+ 2008-04-14 07:00 . 2011-04-25 16:11 184320 c:\windows\system32\iepeers.dll
- 2008-04-14 07:00 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll
- 2008-04-14 07:00 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-14 07:00 . 2011-04-25 16:11 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-14 07:00 . 2011-04-25 12:01 173568 c:\windows\system32\ie4uinit.exe
- 2008-04-14 07:00 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe
+ 2010-02-04 19:59 . 2011-06-09 18:48 144424 c:\windows\system32\FNTCACHE.DAT
- 2008-04-14 07:00 . 2008-04-14 07:00 186880 c:\windows\system32\encdec.dll
+ 2008-04-14 07:00 . 2011-02-09 13:53 186880 c:\windows\system32\encdec.dll
+ 2011-06-02 15:04 . 2002-02-18 11:34 313856 c:\windows\system32\dx3j.dll
+ 2011-06-09 19:17 . 2007-06-06 16:51 161792 c:\windows\system32\DRVSTORE\b57win32_A6A3BB295EFF1331660C396CCDA6204AFE0F10D9\b57xp32.sys
- 2010-02-05 01:30 . 2007-06-06 17:51 161792 c:\windows\system32\DRVSTORE\b57win32_A6A3BB295EFF1331660C396CCDA6204AFE0F10D9\b57xp32.sys
- 2010-02-05 01:30 . 2007-06-06 17:51 157488 c:\windows\system32\DRVSTORE\b57win32_A6A3BB295EFF1331660C396CCDA6204AFE0F10D9\b57w2k.sys
+ 2011-06-09 19:17 . 2007-06-06 16:51 157488 c:\windows\system32\DRVSTORE\b57win32_A6A3BB295EFF1331660C396CCDA6204AFE0F10D9\b57w2k.sys
+ 2010-02-05 01:23 . 2006-05-10 19:00 156160 c:\windows\system32\DRVSTORE\b57win32_6AAC51A1DA76BA2AEF4A0E371A6C1482B72095AB\b57xp32.sys
- 2010-02-05 01:23 . 2006-05-10 20:00 156160 c:\windows\system32\DRVSTORE\b57win32_6AAC51A1DA76BA2AEF4A0E371A6C1482B72095AB\b57xp32.sys
- 2010-02-05 01:23 . 2006-05-10 19:54 154874 c:\windows\system32\DRVSTORE\b57win32_6AAC51A1DA76BA2AEF4A0E371A6C1482B72095AB\b57w2k.sys
+ 2010-02-05 01:23 . 2006-05-10 18:54 154874 c:\windows\system32\DRVSTORE\b57win32_6AAC51A1DA76BA2AEF4A0E371A6C1482B72095AB\b57w2k.sys
+ 2011-03-20 01:28 . 2011-03-20 01:28 188080 c:\windows\system32\drivers\symtdi.sys
+ 2011-03-20 01:28 . 2011-03-20 01:28 145968 c:\windows\system32\drivers\symfw.sys
+ 2008-04-14 07:00 . 2011-02-17 13:18 357888 c:\windows\system32\drivers\srv.sys
+ 2011-03-20 01:29 . 2011-03-20 01:29 320944 c:\windows\system32\drivers\srtspl.sys
+ 2011-03-20 01:29 . 2011-03-20 01:29 283184 c:\windows\system32\drivers\srtsp.sys
- 2010-02-05 01:23 . 2007-06-06 17:51 161792 c:\windows\system32\drivers\b57xp32.sys
+ 2010-02-05 01:23 . 2007-06-06 16:51 161792 c:\windows\system32\drivers\b57xp32.sys
- 2008-04-14 07:00 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys
+ 2008-04-14 07:00 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys
+ 2008-04-14 07:00 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll
- 2008-04-14 07:00 . 2010-12-08 22:14 507904 c:\windows\system32\dllcache\winlogon.exe
+ 2008-04-14 07:00 . 2008-04-14 10:42 507904 c:\windows\system32\dllcache\winlogon.exe
+ 2008-04-14 07:00 . 2011-04-25 16:11 916480 c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 07:00 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll
+ 2010-02-05 01:06 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
+ 2008-04-14 07:00 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
+ 2008-04-14 07:00 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys
- 2008-04-14 07:00 . 2008-04-14 07:00 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2008-04-14 07:00 . 2009-07-27 23:17 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2008-04-14 07:00 . 2011-01-21 14:44 439296 c:\windows\system32\dllcache\shimgvw.dll
+ 2008-04-14 07:00 . 2011-02-09 13:53 270848 c:\windows\system32\dllcache\sbe.dll
- 2008-04-14 07:00 . 2008-04-14 07:00 270848 c:\windows\system32\dllcache\sbe.dll
+ 2008-04-14 07:00 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
- 2008-04-14 07:00 . 2008-04-14 07:00 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2008-04-14 07:00 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
- 2008-04-14 07:00 . 2008-04-14 07:00 249856 c:\windows\system32\dllcache\odbc32.dll
- 2008-04-14 07:00 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 07:00 . 2011-04-25 16:11 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 07:00 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
+ 2008-04-14 07:00 . 2011-04-21 13:37 105472 c:\windows\system32\dllcache\mup.sys
+ 2008-04-14 07:00 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll
- 2008-04-14 07:00 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2008-04-14 07:00 . 2011-04-25 16:11 611840 c:\windows\system32\dllcache\mstime.dll
- 2008-04-14 07:00 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-02-05 01:06 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
- 2010-02-05 01:06 . 2008-04-14 07:00 102400 c:\windows\system32\dllcache\msjro.dll
+ 2010-02-05 03:51 . 2011-04-25 16:11 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2010-02-05 03:51 . 2010-11-06 00:26 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-02-05 01:06 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
- 2010-02-05 01:06 . 2008-04-14 07:00 200704 c:\windows\system32\dllcache\msadox.dll
+ 2010-02-05 01:06 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
- 2010-02-05 01:06 . 2008-04-14 07:00 180224 c:\windows\system32\dllcache\msadomd.dll
- 2010-02-05 01:06 . 2008-04-14 07:00 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-02-05 01:06 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-02-05 01:06 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
- 2010-02-05 01:06 . 2008-04-14 07:00 143360 c:\windows\system32\dllcache\msadco.dll
+ 2010-02-05 01:37 . 2011-04-29 16:19 456320 c:\windows\system32\dllcache\mrxsmb.sys
- 2008-04-14 07:00 . 2010-09-18 16:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2008-04-14 07:00 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2008-04-14 07:00 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
+ 2008-04-14 07:00 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2008-04-14 07:00 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2010-02-05 01:04 . 2008-04-14 07:00 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2010-02-05 01:04 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2008-04-14 07:00 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
- 2008-04-14 07:00 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2008-04-14 07:00 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-04-14 07:00 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
- 2010-02-05 01:06 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-02-05 01:06 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-02-05 03:51 . 2011-04-25 16:11 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2010-02-05 03:51 . 2010-11-06 00:26 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2008-04-14 07:00 . 2011-04-25 16:11 184320 c:\windows\system32\dllcache\iepeers.dll
- 2008-04-14 07:00 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-11 17:12 . 2011-04-25 16:11 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-11 17:12 . 2010-11-06 00:26 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2008-04-14 07:00 . 2011-04-25 16:11 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-14 07:00 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-14 07:00 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 07:00 . 2011-04-25 12:01 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 07:00 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
- 2008-04-14 07:00 . 2008-04-14 07:00 186880 c:\windows\system32\dllcache\encdec.dll
+ 2008-04-14 07:00 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll
+ 2010-02-05 01:23 . 2007-06-06 16:51 161792 c:\windows\system32\dllcache\b57xp32.sys
- 2010-02-05 01:23 . 2007-06-06 17:51 161792 c:\windows\system32\dllcache\b57xp32.sys
+ 2008-04-14 07:00 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
- 2008-04-14 07:00 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
+ 2008-04-14 07:00 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys
+ 2010-12-15 21:09 . 2010-11-12 23:53 472808 c:\windows\system32\deployJava1.dll
+ 2011-05-11 15:19 . 2011-05-11 15:21 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2010-02-05 04:28 . 2010-02-17 14:53 511328 c:\windows\system32\capicom.dll
+ 2008-04-14 07:00 . 2011-02-15 12:56 290432 c:\windows\system32\atmfd.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2010-05-11 10:40 . 2010-05-11 10:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2010-05-11 10:40 . 2010-05-11 10:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-04-11 16:38 . 2011-04-11 16:38 811008 c:\windows\Installer\6cbec9b5.msi
+ 2010-12-15 21:09 . 2010-12-15 21:09 180224 c:\windows\Installer\6956a.msi
+ 2011-06-01 19:15 . 2011-06-01 19:15 809472 c:\windows\Installer\2051bbe1.msi
+ 2011-01-24 17:54 . 2011-01-24 17:54 429056 c:\windows\Installer\195dd21a.msi
+ 2011-01-24 17:54 . 2011-01-24 17:54 149504 c:\windows\Installer\195dd1e9.msi
- 2010-02-05 04:08 . 2010-12-15 08:02 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-02-05 04:08 . 2011-06-17 07:03 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2010-02-05 04:08 . 2010-12-15 08:02 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2010-02-05 04:08 . 2011-06-17 07:03 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-02-05 04:08 . 2010-12-15 08:02 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-02-05 04:08 . 2011-06-17 07:03 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-02-05 04:08 . 2011-06-17 07:03 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2010-02-05 04:08 . 2010-12-15 08:02 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-02-05 04:14 . 2011-06-17 07:05 922384 c:\windows\Installer\{91120000-0018-0000-0000-0000000FF1CE}\pptico.exe
- 2010-02-05 04:14 . 2010-12-15 08:01 922384 c:\windows\Installer\{91120000-0018-0000-0000-0000000FF1CE}\pptico.exe
- 2010-02-05 04:14 . 2010-12-15 08:01 217864 c:\windows\Installer\{91120000-0018-0000-0000-0000000FF1CE}\misc.exe
+ 2010-02-05 04:14 . 2011-06-17 07:05 217864 c:\windows\Installer\{91120000-0018-0000-0000-0000000FF1CE}\misc.exe
+ 2011-06-17 07:01 . 2009-03-08 08:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2011-06-17 07:01 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2011-06-17 07:01 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2011-06-17 07:01 . 2011-02-22 23:06 916480 c:\windows\ie8updates\KB2530548-IE8\wininet.dll
+ 2011-06-17 07:01 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2530548-IE8\spuninst\updspapi.dll
+ 2011-06-17 07:01 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2530548-IE8\spuninst\spuninst.exe
+ 2011-06-17 07:01 . 2011-02-22 23:06 206848 c:\windows\ie8updates\KB2530548-IE8\occache.dll
+ 2011-06-17 07:01 . 2011-02-22 23:06 611840 c:\windows\ie8updates\KB2530548-IE8\mstime.dll
+ 2011-06-17 07:01 . 2011-02-22 23:06 602112 c:\windows\ie8updates\KB2530548-IE8\msfeeds.dll
+ 2011-06-17 07:01 . 2011-02-22 23:06 247808 c:\windows\ie8updates\KB2530548-IE8\ieproxy.dll
+ 2011-06-17 07:01 . 2011-02-22 23:06 184320 c:\windows\ie8updates\KB2530548-IE8\iepeers.dll
+ 2011-06-17 07:01 . 2011-02-22 23:06 743424 c:\windows\ie8updates\KB2530548-IE8\iedvtool.dll
+ 2011-06-17 07:01 . 2011-02-22 23:06 387584 c:\windows\ie8updates\KB2530548-IE8\iedkcs32.dll
+ 2011-06-17 07:01 . 2011-02-18 11:49 173568 c:\windows\ie8updates\KB2530548-IE8\ie4uinit.exe
+ 2011-04-14 07:00 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2011-04-14 07:00 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2011-04-14 07:00 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2011-04-14 07:00 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2011-04-14 07:06 . 2010-12-20 23:59 916480 c:\windows\ie8updates\KB2497640-IE8\wininet.dll
+ 2011-04-14 07:07 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2497640-IE8\spuninst\updspapi.dll
+ 2011-04-14 07:07 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2497640-IE8\spuninst\spuninst.exe
+ 2011-04-14 07:06 . 2010-12-20 23:59 206848 c:\windows\ie8updates\KB2497640-IE8\occache.dll
+ 2011-04-14 07:06 . 2010-12-20 23:59 611840 c:\windows\ie8updates\KB2497640-IE8\mstime.dll
+ 2011-04-14 07:06 . 2010-12-20 23:59 602112 c:\windows\ie8updates\KB2497640-IE8\msfeeds.dll
+ 2011-04-14 07:06 . 2010-12-20 23:59 247808 c:\windows\ie8updates\KB2497640-IE8\ieproxy.dll
+ 2011-04-14 07:06 . 2010-12-20 23:59 184320 c:\windows\ie8updates\KB2497640-IE8\iepeers.dll
+ 2011-04-14 07:06 . 2010-12-20 23:59 743424 c:\windows\ie8updates\KB2497640-IE8\iedvtool.dll
+ 2011-04-14 07:06 . 2010-12-20 23:59 387584 c:\windows\ie8updates\KB2497640-IE8\iedkcs32.dll
+ 2011-04-14 07:06 . 2010-12-20 12:55 173568 c:\windows\ie8updates\KB2497640-IE8\ie4uinit.exe
+ 2011-02-10 08:01 . 2010-11-06 00:26 916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-02-10 08:01 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-02-10 08:01 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-02-10 08:01 . 2010-11-06 00:26 206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-02-10 08:01 . 2010-11-03 12:26 173568 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2010-02-05 01:37 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-04-14 07:11 . 2011-04-14 07:11 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\95de80b860252231b46014f58226e473\WsatConfig.ni.exe
+ 2011-04-14 07:09 . 2011-04-14 07:09 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\715710f5a31a494ed5c0ec0874dafe3e\WindowsFormsIntegration.ni.dll
+ 2011-04-14 07:09 . 2011-04-14 07:09 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\017be0e6c5f1810f15a696157cd5e2c2\UIAutomationTypes.ni.dll
+ 2011-04-14 07:09 . 2011-04-14 07:09 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\bec5b0a93df12eb26c02c877a4eae678\UIAutomationClient.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\3d8f787002439f4942c33f376cfd8555\System.Xml.Linq.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\4b746fea8062a10ccc6e5331914e7dad\System.Web.Routing.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\103956fdb019bce8a173fe9cb9da3e02\System.Web.RegularExpressions.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c0a156fbf46ad272ac262e45eaa998f4\System.Web.Extensions.Design.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\e3651e13567ce4e3fa7bb2fbab737d9a\System.Web.Entity.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\834d7769f39e4d937eda1ad3707d4716\System.Web.Entity.Design.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\032c96c6206b53bca122d1fbaf5f8ca2\System.Web.DynamicData.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6ce0e4fb33afcfcce43c427e82b987db\System.Web.Abstractions.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\990d96810a21e0fa95f916ffc66f3a94\System.Transactions.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll
+ 2011-04-14 07:12 . 2011-04-14 07:12 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\9e91cca51a5ed6fb13b67558109d2726\System.Security.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fa6a58394a1f162eecce4cd8af0875c3\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\6194eb4bc1e0133d0183d086b747f512\System.Net.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\d6ae8171ae6fd4fe83add34e6d70e5b5\System.Management.Instrumentation.ni.dll
+ 2011-04-14 07:11 . 2011-04-14 07:11 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\abd5a61d39e474f12b30ccbbe6277667\System.IO.Log.ni.dll
+ 2011-04-14 07:11 . 2011-04-14 07:11 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\12c4dba6d4ff0278d208c283d9ed7670\System.IdentityModel.Selectors.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.Wrapper.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.ni.dll
+ 2011-04-14 07:09 . 2011-04-14 07:09 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e6b7128278d8c0e8382a5685f5b196c6\System.Drawing.Design.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ef56bf47fc2fc4204e0fcc1f32bab01\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\447d7b4a7d0add13f8d2086088bcc41c\System.DirectoryServices.Protocols.ni.dll
+ 2011-04-14 07:12 . 2011-04-14 07:12 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ce2afe8854ee9cdc834b6f392348c882\System.Data.Services.Design.ni.dll
+ 2011-04-14 07:12 . 2011-04-14 07:12 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\03d4658290e300e437e745ef4a613b59\System.Data.Services.Client.ni.dll
+ 2011-04-14 07:12 . 2011-04-14 07:12 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\7ce21a2855bb7731de4dab797e69f3f6\System.Data.Entity.Design.ni.dll
+ 2011-04-14 07:12 . 2011-04-14 07:12 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\ea57694aea47c05853516c9bb2ad54b4\System.Data.DataSetExtensions.ni.dll
+ 2011-04-14 07:11 . 2011-04-14 07:11 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f312bb844670ebc7458fec9e6b2568b3\System.Configuration.Install.ni.dll
+ 2011-04-14 07:12 . 2011-04-14 07:12 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\afd9595f07a8c68b26e81cf995957f56\System.AddIn.ni.dll
+ 2011-04-14 07:11 . 2011-04-14 07:11 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\3a42b2fbafe93d7b9395e328bea35afa\SMSvcHost.ni.exe
+ 2011-04-14 07:11 . 2011-04-14 07:11 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\97ff96d3fc8d0b10ea294f320acf821e\SMDiagnostics.ni.dll
+ 2011-04-14 07:11 . 2011-04-14 07:11 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\28ed0e9efd938b05b4f53e0d90046701\ServiceModelReg.ni.exe
+ 2011-04-14 07:08 . 2011-04-14 07:08 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ffe13679e6b3e36e5cb6c47f8c4faf9c\PresentationFramework.Aero.ni.dll
+ 2011-04-14 07:08 . 2011-04-14 07:08 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbb40299379f2009c140ddadb04231b4\PresentationFramework.Classic.ni.dll
+ 2011-04-14 07:08 . 2011-04-14 07:08 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a34cd33cec1bdfebe4a3910bceb8723b\PresentationFramework.Royale.ni.dll
+ 2011-04-14 07:08 . 2011-04-14 07:08 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\689bb394bcb437ed085c22a43aba30c6\PresentationFramework.Luna.ni.dll
+ 2011-04-14 07:11 . 2011-04-14 07:11 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5670e74887ef1025c6a8c056ffe86b38\MSBuild.ni.exe
+ 2011-04-14 07:11 . 2011-04-14 07:11 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\653732002ebf5c68f69150a60e145e6a\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-04-14 07:12 . 2011-04-14 07:12 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\cc62770393640302bd4d7e442b1e49a4\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-04-14 07:12 . 2011-04-14 07:12 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\352bff1ee71ce114e225f849038dc48d\Microsoft.Build.Utilities.ni.dll
+ 2011-04-14 07:12 . 2011-04-14 07:12 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\7345f4d2d7157bf49de4158e8f2b6847\Microsoft.Build.Engine.ni.dll
+ 2011-04-14 07:12 . 2011-04-14 07:12 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\d7dba901ddd410ca1a0156d0f2a27533\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-04-14 07:12 . 2011-04-14 07:12 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\010552e529d130ce914765b0801e2367\CustomMarshalers.ni.dll
+ 2011-04-14 07:11 . 2011-04-14 07:11 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\6861f639b13967e9b014b44bbb7c5d4c\ComSvcConfig.ni.exe
+ 2011-04-14 07:11 . 2011-04-14 07:11 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\800da7dec567fadf3392091e9f01ecb9\AspNetMMCExt.ni.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-04-14 07:05 . 2011-04-14 07:05 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-04-14 07:05 . 2011-04-14 07:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-10-06 07:02 . 2010-10-06 07:02 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-04-14 07:05 . 2011-04-14 07:05 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-10-06 07:02 . 2010-10-06 07:02 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-10-06 07:02 . 2010-10-06 07:02 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-10-06 07:02 . 2010-10-06 07:02 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-10-06 07:02 . 2010-10-06 07:02 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-04-14 07:05 . 2011-04-14 07:05 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-10-06 07:02 . 2010-10-06 07:02 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-03-15 07:10 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971029$\spuninst\updspapi.dll
+ 2011-03-15 07:10 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971029$\spuninst\spuninst.exe
+ 2011-03-15 07:10 . 2008-04-14 07:00 135168 c:\windows\$NtUninstallKB971029$\shsvcs.dll
+ 2011-03-24 07:00 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2524375$\spuninst\updspapi.dll
+ 2011-03-24 07:00 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2524375$\spuninst\spuninst.exe
+ 2011-04-14 07:03 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2511455$\spuninst\updspapi.dll
+ 2011-04-14 07:03 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2511455$\spuninst\spuninst.exe
+ 2011-04-14 07:03 . 2010-02-24 13:11 455680 c:\windows\$NtUninstallKB2511455$\mrxsmb.sys
+ 2011-04-14 07:00 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2509553$\spuninst\updspapi.dll
+ 2011-04-14 07:00 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2509553$\spuninst\spuninst.exe
+ 2011-04-14 07:00 . 2008-06-20 17:46 245248 c:\windows\$NtUninstallKB2509553$\mswsock.dll
+ 2011-04-14 07:00 . 2008-06-20 17:46 147968 c:\windows\$NtUninstallKB2509553$\dnsapi.dll
+ 2011-04-14 07:00 . 2008-08-14 10:04 138496 c:\windows\$NtUninstallKB2509553$\afd.sys
+ 2011-04-14 07:03 . 2010-08-26 13:39 357248 c:\windows\$NtUninstallKB2508429$\srv.sys
+ 2011-04-14 07:03 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2508429$\spuninst\updspapi.dll
+ 2011-04-14 07:03 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2508429$\spuninst\spuninst.exe
+ 2011-04-14 07:03 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2508272$\spuninst\updspapi.dll
+ 2011-04-14 07:03 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2508272$\spuninst\spuninst.exe
+ 2011-04-14 07:03 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2507618$\spuninst\updspapi.dll
+ 2011-04-14 07:03 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2507618$\spuninst\spuninst.exe
+ 2011-04-14 07:03 . 2011-01-07 14:09 290048 c:\windows\$NtUninstallKB2507618$\atmfd.dll
+ 2011-04-14 07:07 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2506223$\spuninst\updspapi.dll
+ 2011-04-14 07:07 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2506223$\spuninst\spuninst.exe
+ 2011-04-14 07:02 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2506212$\spuninst\updspapi.dll
+ 2011-04-14 07:02 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2506212$\spuninst\spuninst.exe
+ 2011-04-14 07:02 . 2010-09-18 16:23 974848 c:\windows\$NtUninstallKB2506212$\mfc42u.dll
+ 2011-04-14 07:02 . 2010-09-18 06:53 974848 c:\windows\$NtUninstallKB2506212$\mfc42.dll
+ 2011-04-14 07:03 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2503658$\spuninst\updspapi.dll
+ 2011-04-14 07:03 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2503658$\spuninst\spuninst.exe
+ 2011-04-14 07:03 . 2010-06-09 07:43 692736 c:\windows\$NtUninstallKB2503658$\inetcomm.dll
+ 2011-04-14 07:09 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2485663$\spuninst\updspapi.dll
+ 2011-04-14 07:09 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2485663$\spuninst\spuninst.exe
+ 2011-02-10 08:03 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2485376$\spuninst\updspapi.dll
+ 2011-02-10 08:03 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2485376$\spuninst\spuninst.exe
+ 2011-02-10 08:03 . 2010-10-28 13:13 290048 c:\windows\$NtUninstallKB2485376$\atmfd.dll
+ 2011-02-10 08:02 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2483185$\spuninst\updspapi.dll
+ 2011-02-10 08:02 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2483185$\spuninst\spuninst.exe
+ 2011-02-10 08:02 . 2008-04-14 07:00 438272 c:\windows\$NtUninstallKB2483185$\shimgvw.dll
+ 2011-03-10 08:01 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2481109$\spuninst\updspapi.dll
+ 2011-03-10 08:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2481109$\spuninst\spuninst.exe
+ 2011-03-10 08:01 . 2008-04-14 07:00 677888 c:\windows\$NtUninstallKB2481109$\mstsc.exe
+ 2011-03-10 08:01 . 2008-04-14 07:00 677888 c:\windows\$NtUninstallKB2481109$\lhmstsc.exe
+ 2011-03-10 08:02 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2479943$\spuninst\updspapi.dll
+ 2011-03-10 08:02 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2479943$\spuninst\spuninst.exe
+ 2011-03-10 08:02 . 2008-04-14 07:00 270848 c:\windows\$NtUninstallKB2479943$\sbe.dll
+ 2011-03-10 08:02 . 2008-04-14 07:00 186880 c:\windows\$NtUninstallKB2479943$\encdec.dll
+ 2011-02-10 08:03 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2479628$\spuninst\updspapi.dll
+ 2011-02-10 08:03 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2479628$\spuninst\spuninst.exe
+ 2011-02-10 08:03 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2478971$\spuninst\updspapi.dll
+ 2011-02-10 08:03 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2478971$\spuninst\spuninst.exe
+ 2011-02-10 08:03 . 2009-06-25 08:25 301568 c:\windows\$NtUninstallKB2478971$\kerberos.dll
+ 2011-02-10 08:01 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2478960$\spuninst\updspapi.dll
+ 2011-02-10 08:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2478960$\spuninst\spuninst.exe
+ 2011-02-10 08:01 . 2009-06-25 08:25 730112 c:\windows\$NtUninstallKB2478960$\lsasrv.dll
+ 2011-02-10 08:01 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2476687$\spuninst\updspapi.dll
+ 2011-02-10 08:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2476687$\spuninst\spuninst.exe
+ 2011-01-12 08:00 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2419632$\spuninst\updspapi.dll
+ 2011-01-12 08:00 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2419632$\spuninst\spuninst.exe
+ 2011-01-12 08:00 . 2008-04-14 07:00 249856 c:\windows\$NtUninstallKB2419632$\odbc32.dll
+ 2011-01-12 08:00 . 2008-04-14 07:00 102400 c:\windows\$NtUninstallKB2419632$\msjro.dll
+ 2011-01-12 08:00 . 2008-04-14 07:00 200704 c:\windows\$NtUninstallKB2419632$\msadox.dll
+ 2011-01-12 08:00 . 2008-04-14 07:00 180224 c:\windows\$NtUninstallKB2419632$\msadomd.dll
+ 2011-01-12 08:00 . 2008-04-14 07:00 536576 c:\windows\$NtUninstallKB2419632$\msado15.dll
+ 2011-01-12 08:00 . 2008-04-14 07:00 143360 c:\windows\$NtUninstallKB2419632$\msadco.dll
+ 2011-04-14 07:06 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2412687$\spuninst\updspapi.dll
+ 2011-04-14 07:06 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2412687$\spuninst\spuninst.exe
+ 2011-02-10 08:00 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2393802$\spuninst\updspapi.dll
+ 2011-02-10 08:00 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2393802$\spuninst\spuninst.exe
+ 2011-02-10 08:00 . 2009-02-09 12:10 714752 c:\windows\$NtUninstallKB2393802$\ntdll.dll
+ 2011-03-15 07:10 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971029\update\updspapi.dll
+ 2011-03-15 07:10 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971029\update\update.exe
+ 2011-03-15 07:10 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971029\spuninst.exe
+ 2009-07-27 22:13 . 2009-07-27 22:13 135168 c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
+ 2011-03-24 07:00 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2524375\update\updspapi.dll
+ 2011-03-24 07:00 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2524375\update\update.exe
+ 2011-03-24 07:00 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2524375\spuninst.exe
+ 2011-04-14 07:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2511455\update\updspapi.dll
+ 2011-04-14 07:03 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2511455\update\update.exe
+ 2011-04-14 07:03 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2511455\spuninst.exe
+ 2011-04-14 00:43 . 2011-02-17 13:19 457472 c:\windows\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys
+ 2011-04-14 07:00 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2510531-IE8\update\updspapi.dll
+ 2011-04-14 07:00 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2510531-IE8\update\update.exe
+ 2011-04-14 07:00 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2510531-IE8\spuninst.exe
+ 2011-04-14 00:43 . 2011-03-04 06:35 420864 c:\windows\$hf_mig$\KB2510531-IE8\SP3QFE\vbscript.dll
+ 2011-04-14 00:43 . 2011-03-04 06:35 726528 c:\windows\$hf_mig$\KB2510531-IE8\SP3QFE\jscript.dll
+ 2011-04-14 07:00 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2509553\update\updspapi.dll
+ 2011-04-14 07:00 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2509553\update\update.exe
+ 2011-04-14 07:00 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2509553\spuninst.exe
+ 2008-06-20 11:16 . 2008-06-20 11:16 225856 c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip6.sys
+ 2008-06-20 11:59 . 2008-06-20 11:59 361600 c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
+ 2008-06-20 17:43 . 2008-06-20 17:43 245248 c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
+ 2011-03-03 06:53 . 2011-03-03 06:53 149504 c:\windows\$hf_mig$\KB2509553\SP3QFE\dnsapi.dll
+ 2008-10-16 15:07 . 2008-10-16 15:07 138496 c:\windows\$hf_mig$\KB2509553\SP3QFE\afd.sys
+ 2011-04-14 07:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2508429\update\updspapi.dll
+ 2011-04-14 07:03 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2508429\update\update.exe
+ 2011-04-14 07:03 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2508429\spuninst.exe
+ 2011-02-17 13:19 . 2011-02-17 13:19 357888 c:\windows\$hf_mig$\KB2508429\SP3QFE\srv.sys
+ 2011-04-14 07:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2508272\update\updspapi.dll
+ 2011-04-14 07:03 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2508272\update\update.exe
+ 2011-04-14 07:03 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2508272\spuninst.exe
+ 2011-04-14 07:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2507618\update\updspapi.dll
+ 2011-04-14 07:03 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2507618\update\update.exe
+ 2011-04-14 07:03 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2507618\spuninst.exe
+ 2011-02-15 13:05 . 2011-02-15 13:05 290432 c:\windows\$hf_mig$\KB2507618\SP3QFE\atmfd.dll
+ 2011-04-14 07:07 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2506223\update\updspapi.dll
+ 2011-04-14 07:07 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2506223\update\update.exe
+ 2011-04-14 07:07 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2506223\spuninst.exe
+ 2011-04-14 07:02 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2506212\update\updspapi.dll
+ 2011-04-14 07:02 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2506212\update\update.exe
+ 2011-04-14 07:02 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2506212\spuninst.exe
+ 2011-02-08 13:32 . 2011-02-08 13:32 974848 c:\windows\$hf_mig$\KB2506212\SP3QFE\mfc42u.dll
+ 2011-02-08 13:32 . 2011-02-08 13:32 978944 c:\windows\$hf_mig$\KB2506212\SP3QFE\mfc42.dll
+ 2011-04-14 07:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2503658\update\updspapi.dll
+ 2011-04-14 07:03 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2503658\update\update.exe
+ 2011-04-14 07:03 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2503658\spuninst.exe
+ 2011-03-07 05:31 . 2011-03-07 05:31 692736 c:\windows\$hf_mig$\KB2503658\SP3QFE\inetcomm.dll
+ 2011-04-14 07:07 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2497640-IE8\update\updspapi.dll
+ 2011-04-14 07:07 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2497640-IE8\update\update.exe
+ 2011-04-14 07:07 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2497640-IE8\spuninst.exe
+ 2011-04-14 00:44 . 2011-02-22 23:27 919552 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
+ 2011-04-14 00:44 . 2011-02-22 23:27 206848 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\occache.dll
+ 2011-04-14 00:44 . 2011-02-22 23:27 611840 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mstime.dll
+ 2011-04-14 00:44 . 2011-02-22 23:27 602112 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\msfeeds.dll
+ 2011-04-14 00:44 . 2011-02-22 23:27 247808 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\ieproxy.dll
+ 2011-04-14 00:44 . 2011-02-22 23:27 184320 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\iepeers.dll
+ 2011-04-14 00:44 . 2011-02-22 23:27 743424 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\iedvtool.dll
+ 2011-04-14 00:44 . 2011-02-22 23:27 387584 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\iedkcs32.dll
+ 2011-04-14 00:44 . 2011-02-22 12:08 173568 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\ie4uinit.exe
+ 2011-04-14 07:09 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2485663\update\updspapi.dll
+ 2011-04-14 07:09 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2485663\update\update.exe
+ 2011-04-14 07:09 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2485663\spuninst.exe
+ 2011-02-10 08:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2485376\update\updspapi.dll
+ 2011-02-10 08:03 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2485376\update\update.exe
+ 2011-02-10 08:03 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2485376\spuninst.exe
+ 2011-01-07 14:09 . 2011-01-07 14:09 290048 c:\windows\$hf_mig$\KB2485376\SP3QFE\atmfd.dll
+ 2011-02-10 08:02 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2483185\update\updspapi.dll
+ 2011-02-10 08:02 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2483185\update\update.exe
+ 2011-02-10 08:02 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2483185\spuninst.exe
+ 2011-01-21 14:42 . 2011-01-21 14:42 439808 c:\windows\$hf_mig$\KB2483185\SP3QFE\shimgvw.dll
+ 2011-02-10 08:01 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2482017-IE8\update\updspapi.dll
+ 2011-02-10 08:01 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2482017-IE8\update\update.exe
+ 2011-02-10 08:01 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2482017-IE8\spuninst.exe
+ 2011-02-10 03:03 . 2010-12-20 23:58 919552 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
+ 2011-02-10 03:03 . 2010-12-20 23:58 206848 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\occache.dll
+ 2011-02-10 03:03 . 2010-12-20 23:58 611840 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mstime.dll
+ 2011-02-10 03:03 . 2010-12-20 23:58 602112 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeeds.dll
+ 2011-02-10 03:03 . 2010-12-20 23:58 247808 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieproxy.dll
+ 2011-02-10 03:03 . 2010-12-20 23:58 184320 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iepeers.dll
+ 2011-02-10 03:03 . 2010-12-20 23:58 743424 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedvtool.dll
+ 2011-02-10 03:03 . 2010-12-20 23:58 387584 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedkcs32.dll
+ 2011-02-10 03:03 . 2010-12-20 12:48 173568 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ie4uinit.exe
+ 2011-03-10 08:01 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2481109\update\updspapi.dll
+ 2011-03-10 08:01 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2481109\update\update.exe
+ 2011-03-10 08:01 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2481109\spuninst.exe
+ 2011-01-27 11:41 . 2011-01-27 11:41 677888 c:\windows\$hf_mig$\KB2481109\SP3QFE\lhmstsc.exe
+ 2011-02-02 07:57 . 2011-02-02 07:57 136192 c:\windows\$hf_mig$\KB2481109\SP3QFE\aaclient.dll
+ 2011-03-10 08:02 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2479943\update\updspapi.dll
+ 2011-03-10 08:02 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2479943\update\update.exe
+ 2011-03-10 08:02 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2479943\spuninst.exe
+ 2011-02-09 13:52 . 2011-02-09 13:52 270848 c:\windows\$hf_mig$\KB2479943\SP3QFE\sbe.dll
+ 2011-02-09 13:52 . 2011-02-09 13:52 186880 c:\windows\$hf_mig$\KB2479943\SP3QFE\encdec.dll
+ 2011-02-10 08:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2479628\update\updspapi.dll
+ 2011-02-10 08:03 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2479628\update\update.exe
+ 2011-02-10 08:03 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2479628\spuninst.exe
+ 2011-02-10 08:03 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2478971\update\updspapi.dll
+ 2011-02-10 08:03 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2478971\update\update.exe
+ 2011-02-10 08:03 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2478971\spuninst.exe
+ 2010-12-22 12:32 . 2010-12-22 12:32 301568 c:\windows\$hf_mig$\KB2478971\SP3QFE\kerberos.dll
+ 2011-02-10 08:01 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2478960\update\updspapi.dll
+ 2011-02-10 08:01 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2478960\update\update.exe
+ 2011-02-10 08:01 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2478960\spuninst.exe
+ 2010-12-20 17:24 . 2010-12-20 17:24 730112 c:\windows\$hf_mig$\KB2478960\SP3QFE\lsasrv.dll
+ 2011-02-10 08:01 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2476687\update\updspapi.dll
+ 2011-02-10 08:01 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2476687\update\update.exe
+ 2011-02-10 08:01 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2476687\spuninst.exe
+ 2011-01-12 08:00 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2419632\update\updspapi.dll
+ 2011-01-12 08:00 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2419632\update\update.exe
+ 2011-01-12 08:00 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2419632\spuninst.exe
+ 2010-11-09 14:50 . 2010-11-09 14:50 253952 c:\windows\$hf_mig$\KB2419632\SP3QFE\odbc32.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 102400 c:\windows\$hf_mig$\KB2419632\SP3QFE\msjro.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 200704 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadox.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 180224 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadomd.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 565248 c:\windows\$hf_mig$\KB2419632\SP3QFE\msado15.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 143360 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadco.dll
+ 2011-02-10 08:00 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2393802\update\updspapi.dll
+ 2011-02-10 08:00 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2393802\update\update.exe
+ 2011-02-10 08:00 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2393802\spuninst.exe
+ 2011-02-10 03:02 . 2010-12-09 15:15 718336 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
+ 2011-04-14 00:43 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
+ 2005-09-28 18:46 . 2005-09-28 18:46 1184984 c:\windows\system32\wvc1dmod.dll
+ 2008-04-14 07:00 . 2011-03-03 13:21 1857920 c:\windows\system32\win32k.sys
+ 2008-04-14 07:00 . 2011-04-25 16:11 1211904 c:\windows\system32\urlmon.dll
+ 2011-01-28 22:01 . 2009-10-14 09:23 1269760 c:\windows\system32\spool\drivers\w32x86\ricohaficio_sp_c820d0378\SPC82dat.dll
+ 2011-01-31 14:56 . 2008-11-27 08:42 4812800 c:\windows\system32\spool\drivers\w32x86\ricohaficio_sp_c820d0378\RIC54Fl.DLL
+ 2011-01-28 22:01 . 2009-10-14 09:23 1269760 c:\windows\system32\spool\drivers\w32x86\3\SPC82dat.dll
+ 2011-01-31 14:56 . 2008-11-27 08:42 4812800 c:\windows\system32\spool\drivers\w32x86\3\RIC54Fl.DLL
+ 2011-01-31 14:56 . 2008-06-12 01:21 1269760 c:\windows\system32\SPC82dat.DLL
- 2008-04-14 07:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2008-04-14 07:00 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
+ 2008-04-14 07:00 . 2010-12-09 13:42 2148864 c:\windows\system32\ntoskrnl.exe
+ 2008-04-14 00:01 . 2010-12-09 13:07 2027008 c:\windows\system32\ntkrnlpa.exe
+ 2010-02-05 01:04 . 2011-02-02 07:58 2067456 c:\windows\system32\mstscax.dll
+ 2008-04-14 07:00 . 2011-05-30 22:19 5964800 c:\windows\system32\mshtml.dll
+ 2003-03-19 03:20 . 2007-03-22 00:39 1060864 c:\windows\system32\MFC71.DLL
- 2003-03-19 03:20 . 2003-03-19 03:20 1060864 c:\windows\system32\mfc71.dll
- 2009-03-08 08:32 . 2010-11-06 00:26 1991680 c:\windows\system32\iertutil.dll
+ 2009-03-08 08:32 . 2011-04-25 16:11 1991680 c:\windows\system32\iertutil.dll
+ 2008-04-14 07:00 . 2011-03-03 13:21 1857920 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-14 07:00 . 2011-04-25 16:11 1211904 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 07:00 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
- 2008-04-14 07:00 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2010-02-05 01:38 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2010-02-05 01:38 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 00:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2010-02-05 01:38 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-04-14 07:00 . 2011-05-30 22:19 5964800 c:\windows\system32\dllcache\mshtml.dll
+ 2010-02-05 01:04 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
- 2010-02-05 03:51 . 2010-11-06 00:26 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2010-02-05 03:51 . 2011-04-25 16:11 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2008-04-14 07:00 . 2008-04-14 10:42 1033728 c:\windows\system32\dllcache\explorer.exe
- 2008-04-14 07:00 . 2010-12-08 22:14 1033728 c:\windows\system32\dllcache\explorer.exe
+ 2011-01-18 08:39 . 2011-01-18 08:39 5813072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2010-05-11 10:40 . 2010-05-11 10:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-04-29 16:28 . 2011-04-29 16:28 1995264 c:\windows\Installer\dcf6243.msp
+ 2011-04-27 23:51 . 2011-04-27 23:51 6825472 c:\windows\Installer\dcf622b.msp
+ 2011-05-20 21:31 . 2011-05-20 21:31 5518848 c:\windows\Installer\dcf621a.msp
+ 2011-05-17 22:28 . 2011-05-17 22:28 6862848 c:\windows\Installer\dcf6209.msp
+ 2011-04-29 16:33 . 2011-04-29 16:33 8173568 c:\windows\Installer\dcf61f8.msp
+ 2011-01-27 18:49 . 2011-01-27 18:49 6825472 c:\windows\Installer\7a21c3bc.msp
+ 2011-04-05 16:52 . 2011-04-05 16:52 5519872 c:\windows\Installer\7a21c39a.msp
+ 2010-11-21 03:32 . 2010-11-21 03:32 4165120 c:\windows\Installer\7a21c389.msp
+ 2011-03-18 00:01 . 2011-03-18 00:01 9563648 c:\windows\Installer\7a21c36f.msp
+ 2011-01-11 21:50 . 2011-01-11 21:50 8177152 c:\windows\Installer\7a21c361.msp
+ 2010-11-21 03:33 . 2010-11-21 03:33 1980928 c:\windows\Installer\7a21c353.msp
+ 2011-06-09 19:17 . 2011-06-09 19:17 1498624 c:\windows\Installer\79505.msi
+ 2011-06-09 19:05 . 2011-06-09 19:05 7612928 c:\windows\Installer\794f0.msi
+ 2011-04-29 16:27 . 2011-04-29 16:27 4158464 c:\windows\Installer\6f10db06.msp
+ 2011-04-27 15:14 . 2011-04-27 15:14 5520384 c:\windows\Installer\6f10daf8.msp
+ 2011-04-11 16:39 . 2011-04-11 16:39 9472000 c:\windows\Installer\6cbec9b9.msi
+ 2011-04-11 16:38 . 2011-04-11 16:38 1549312 c:\windows\Installer\6cbec9b0.msi
+ 2011-02-22 15:32 . 2011-02-22 15:32 5520384 c:\windows\Installer\5062cf5a.msp
+ 2011-01-17 21:06 . 2011-01-17 21:06 5518848 c:\windows\Installer\37c0fdb.msp
+ 2011-06-01 19:17 . 2011-06-01 19:17 1042944 c:\windows\Installer\2051bbeb.msi
+ 2011-06-17 07:01 . 2011-02-22 23:06 1210880 c:\windows\ie8updates\KB2530548-IE8\urlmon.dll
+ 2011-06-17 07:01 . 2011-02-22 23:06 5962240 c:\windows\ie8updates\KB2530548-IE8\mshtml.dll
+ 2011-06-17 07:01 . 2011-02-22 23:06 1991680 c:\windows\ie8updates\KB2530548-IE8\iertutil.dll
+ 2011-04-14 07:06 . 2010-12-20 23:59 1210880 c:\windows\ie8updates\KB2497640-IE8\urlmon.dll
+ 2011-04-14 07:06 . 2010-12-20 23:59 5961216 c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
+ 2011-04-14 07:06 . 2010-12-20 23:59 1991680 c:\windows\ie8updates\KB2497640-IE8\iertutil.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 1210880 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 5959168 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 1991680 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
- 2008-04-14 07:00 . 2010-12-09 13:04 1033728 c:\windows\explorer.exe
+ 2008-04-14 07:00 . 2008-04-14 10:42 1033728 c:\windows\explorer.exe
+ 2010-02-05 01:38 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-02-05 01:38 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-08 00:02 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-02-05 01:38 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-04-14 07:07 . 2011-04-14 07:07 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e431fde1b252312b331f7108259fda\WindowsBase.ni.dll
+ 2011-04-14 07:09 . 2011-04-14 07:09 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\9e022c95e79f2b6f383a501ad99f08a9\UIAutomationClientsideProviders.ni.dll
+ 2011-04-14 07:07 . 2011-04-14 07:07 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
+ 2011-04-14 07:09 . 2011-04-14 07:09 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\6346221cecf631e5c0b754d842aad102\System.WorkflowServices.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\1fbcd203ff8d77d561df8bf806417ab6\System.Workflow.Runtime.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\efbaf3696c44fd7d4b3cd925e0437b36\System.Workflow.ComponentModel.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\52a9bc5dd1fa497af7c7f4600bd8e6d1\System.Workflow.Activities.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f5ebeeb0a8aaba9db15ec3df591339ba\System.Web.Services.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\92d6b75e3b63b528d4069bf4ee01983a\System.Web.Mobile.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\02d53154634c8000382942e0f43ead41\System.Web.Extensions.ni.dll
+ 2011-04-14 07:09 . 2011-04-14 07:09 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\dd128c8e21e7fa14c12b71df9892d046\System.Speech.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8b0bb430bb6af96c18b43e3c54cfafe8\System.ServiceModel.Web.ni.dll
+ 2011-04-14 07:11 . 2011-04-14 07:11 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\85090bd451617e204ffda625b8d9fc30\System.Runtime.Serialization.ni.dll
+ 2011-04-14 07:09 . 2011-04-14 07:09 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\85a7a7aace114e78fc6c9b219bcd5551\System.Printing.ni.dll
+ 2011-04-14 07:11 . 2011-04-14 07:11 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\86c59378e9a43bf101a10ad452a4bb8e\System.IdentityModel.ni.dll
+ 2011-04-14 07:09 . 2011-04-14 07:09 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c05d9332116964104c721e97f7ce1058\System.DirectoryServices.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\0118c0c73ea5c77bda7b10b188102ab6\System.Deployment.ni.dll
+ 2011-04-14 07:08 . 2011-04-14 07:08 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\1337829e3df6888464a17aab78bb9b8f\System.Data.ni.dll
+ 2011-04-14 07:11 . 2011-04-14 07:11 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ba3ca7a93e227c32ce7b50d0a7ba935f\System.Data.SqlXml.ni.dll
+ 2011-04-14 07:12 . 2011-04-14 07:12 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de52be5da96059651b5bec800cb4605\System.Data.Services.ni.dll
+ 2011-04-14 07:08 . 2011-04-14 07:08 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\11f1306e0e311a0d0cbd139fb2fa4c36\System.Data.Linq.ni.dll
+ 2011-04-14 07:12 . 2011-04-14 07:12 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\c91e83e85c030bc914ecc302fa9b2c60\System.Data.Entity.ni.dll
+ 2011-04-14 07:08 . 2011-04-14 07:08 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll
+ 2011-04-14 07:08 . 2011-04-14 07:08 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\12efddabe6fe35be21246c88ed9bf8ab\ReachFramework.ni.dll
+ 2011-04-14 07:08 . 2011-04-14 07:08 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\257c9327ba9cc5cd87f58de224aa2e0d\PresentationUI.ni.dll
+ 2011-04-14 07:07 . 2011-04-14 07:07 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b117bf63daa7e587f1bb2d975dccb4af\PresentationBuildTasks.ni.dll
+ 2011-04-14 07:12 . 2011-04-14 07:12 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\269103939243ec6929739c8b9a645c0d\Microsoft.VisualBasic.ni.dll
+ 2011-04-14 07:11 . 2011-04-14 07:11 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\bf7bd26d2828e35156814018939ce4f6\Microsoft.Transactions.Bridge.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\6594c17d7e112b0507b701d5b8a67bba\Microsoft.JScript.ni.dll
+ 2011-04-14 07:12 . 2011-04-14 07:12 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f5eb1e42ccd0f67f7496b94a31949cd0\Microsoft.Build.Tasks.ni.dll
+ 2011-04-14 07:12 . 2011-04-14 07:12 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cc7f05675a5cd8014222be1483d6beaf\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-04-14 07:11 . 2011-04-14 07:11 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\41cf95aa4ff5765b515d3252abc6353b\Microsoft.Build.Engine.ni.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-10-06 07:02 . 2010-10-06 07:02 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-10-06 07:02 . 2010-10-06 07:02 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-04-14 07:05 . 2011-04-14 07:05 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-04-14 07:05 . 2011-04-14 07:05 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-10-06 07:01 . 2010-10-06 07:01 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-04-14 07:05 . 2011-04-14 07:05 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-06 07:02 . 2010-10-06 07:02 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-06 07:02 . 2010-10-06 07:02 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-04-14 07:07 . 2010-12-31 13:10 1854976 c:\windows\$NtUninstallKB2506223$\win32k.sys
+ 2011-02-10 08:02 . 2010-07-27 06:30 8462336 c:\windows\$NtUninstallKB2483185$\shell32.dll
+ 2011-03-10 08:01 . 2009-06-10 14:19 2066432 c:\windows\$NtUninstallKB2481109$\mstscax.dll
+ 2011-03-10 08:01 . 2008-04-14 07:00 2061824 c:\windows\$NtUninstallKB2481109$\lhmstscx.dll
+ 2011-02-10 08:03 . 2010-10-26 13:25 1853312 c:\windows\$NtUninstallKB2479628$\win32k.sys
+ 2011-02-10 08:00 . 2010-04-27 13:59 2146304 c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
+ 2011-02-10 08:00 . 2010-04-27 13:05 2024448 c:\windows\$NtUninstallKB2393802$\ntkrpamp.exe
+ 2011-02-10 08:00 . 2010-04-27 13:05 2024448 c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
+ 2011-02-10 08:00 . 2010-04-27 13:59 2146304 c:\windows\$NtUninstallKB2393802$\ntkrnlmp.exe
+ 2009-07-27 22:13 . 2009-07-27 22:13 8462848 c:\windows\$hf_mig$\KB971029\SP3QFE\shell32.dll
+ 2011-03-03 13:27 . 2011-03-03 13:27 1866880 c:\windows\$hf_mig$\KB2506223\SP3QFE\win32k.sys
+ 2011-04-14 00:44 . 2011-02-22 23:27 1212928 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\urlmon.dll
+ 2011-04-14 00:44 . 2011-02-22 23:27 5964800 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll
+ 2011-04-14 00:44 . 2011-02-22 23:27 1992192 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\iertutil.dll
+ 2011-01-21 14:42 . 2011-01-21 14:42 8463360 c:\windows\$hf_mig$\KB2483185\SP3QFE\shell32.dll
+ 2011-02-10 03:03 . 2010-12-20 23:58 1211904 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\urlmon.dll
+ 2011-02-10 03:03 . 2010-12-20 23:58 5962240 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
+ 2011-02-10 03:03 . 2010-12-20 23:58 1992192 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iertutil.dll
+ 2011-02-02 07:57 . 2011-02-02 07:57 2069504 c:\windows\$hf_mig$\KB2481109\SP3QFE\lhmstscx.dll
+ 2010-12-31 13:14 . 2010-12-31 13:14 1864064 c:\windows\$hf_mig$\KB2479628\SP3QFE\win32k.sys
+ 2011-02-10 03:02 . 2010-12-09 13:43 2192768 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
+ 2011-02-10 03:02 . 2010-12-09 13:09 2027008 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrpamp.exe
+ 2010-12-09 23:39 . 2010-12-09 23:39 2069376 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
+ 2011-02-10 03:02 . 2010-12-09 13:47 2148864 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlmp.exe
+ 2010-02-05 03:49 . 2011-06-17 07:05 47716296 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2011-04-26 14:11 11081728 c:\windows\system32\ieframe.dll
+ 2010-02-05 03:51 . 2011-04-26 14:11 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-06-17 07:03 . 2011-06-17 07:03 20333056 c:\windows\Installer\dcf6236.msp
+ 2011-04-21 07:00 . 2011-04-21 07:00 20314624 c:\windows\Installer\8121b11.msp
+ 2011-02-24 13:38 . 2011-02-24 13:38 10984448 c:\windows\Installer\7a21c3ab.msp
+ 2011-02-12 00:47 . 2011-02-12 00:47 12028928 c:\windows\Installer\7a21c37a.msp
+ 2011-01-06 08:00 . 2011-01-06 08:00 20304384 c:\windows\Installer\78abf85.msp
+ 2011-05-11 15:15 . 2011-05-11 15:15 15684608 c:\windows\Installer\4187b.msi
+ 2011-03-15 07:11 . 2011-03-15 07:11 20308992 c:\windows\Installer\2d14721.msp
+ 2011-06-17 07:01 . 2011-02-22 23:06 11080704 c:\windows\ie8updates\KB2530548-IE8\ieframe.dll
+ 2011-04-14 07:06 . 2010-12-21 10:29 11080704 c:\windows\ie8updates\KB2497640-IE8\ieframe.dll
+ 2011-02-10 08:01 . 2010-11-06 00:26 11080704 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
+ 2011-04-14 07:09 . 2011-04-14 07:09 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
+ 2011-04-14 07:13 . 2011-04-14 07:13 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d7b7ee04166212533ae21eaeb584fb0d\System.Web.ni.dll
+ 2011-04-14 07:11 . 2011-04-14 07:11 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b5f24d96334ea08b99350421450d3ba4\System.ServiceModel.ni.dll
+ 2011-04-14 07:09 . 2011-04-14 07:09 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\5aeadb9ff9a86f49130de5976a9f1744\System.Design.ni.dll
+ 2011-04-14 07:08 . 2011-04-14 07:08 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a5d89d569e2e12842daf4d87c57361a\PresentationFramework.ni.dll
+ 2011-04-14 07:07 . 2011-04-14 07:07 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\46c57d845e55232a89e98101075cd455\PresentationCore.ni.dll
+ 2011-04-14 07:06 . 2011-04-14 07:06 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
+ 2011-02-23 08:57 . 2011-02-23 08:57 11082752 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\ieframe.dll
+ 2011-02-10 03:03 . 2010-12-20 23:58 11082752 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-08-03 1044480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-03-20 115560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\atmfd32.exe"=
"c:\\WINDOWS\\system32\\nvdispsr32.exe"=
.
R2 ERSvc32;Error Reporting Service ;c:\windows\system32\nvdispsr32.exe [6/28/2011 8:29 AM 788992]
R2 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [1/17/2010 7:39 PM 1310448]
R2 TapiSrv32;Telephony ;c:\windows\system32\atmfd32.exe [6/28/2011 8:27 AM 788992]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/25/2011 12:09 PM 105592]
S0 cerc6;cerc6; [x]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [3/19/2011 9:28 PM 23888]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/28/2011 8:47 AM 39984]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = https://retaillink.w...pe=IIS1&redir=/
uInternet Connection Wizard,ShellNext = https://rllogin.wal-.../&ct_orig_uri=/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.5
DPF: {1EFDA478-664E-41A6-8C2F-852344CC7F64} - hxxps://cnc.mcbcnet.com/cnc/CNCPrintAttachment.ocx
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{27C441FA-C76B-E6E5-01CA-D669BA19B6A0} - c:\windows\system32\msoert232.dll
HKCU-Run-InstallIQUpdater - c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
SafeBoot-Symantec Antvirus
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-28 09:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2296)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-06-28 09:11:50
ComboFix-quarantined-files.txt 2011-06-28 13:11
ComboFix2.txt 2010-12-15 20:41
ComboFix3.txt 2010-12-15 14:57
.
Pre-Run: 87,891,349,504 bytes free
Post-Run: 93,470,097,408 bytes free
.
- - End Of File - - 053E03B17797FD856C123E8132E071F8



aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-28 09:16:31
-----------------------------
09:16:31.592 OS Version: Windows 5.1.2600 Service Pack 3
09:16:31.592 Number of processors: 2 586 0xF02
09:16:31.592 ComputerName: BD05KWC1 UserName: Ntaylor
09:16:32.201 Initialize success
09:16:42.707 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:16:42.707 Disk 0 Vendor: ST3160812AS 3.ADJ Size: 152587MB BusType: 3
09:16:44.723 Disk 0 MBR read successfully
09:16:44.723 Disk 0 MBR scan
09:16:44.723 Disk 0 Windows XP default MBR code
09:16:46.724 Disk 0 scanning sectors +312496380
09:16:46.740 Disk 0 scanning C:\WINDOWS\system32\drivers
09:16:51.446 Service scanning
09:16:52.243 Disk 0 trace - called modules:
09:16:52.259 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
09:16:52.259 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89e57030]
09:16:52.259 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89da1d98]
09:16:52.259 Scan finished successfully
09:17:15.161 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ntaylor\Desktop\MBR.dat"
09:17:15.161 The log file has been saved successfully to "C:\Documents and Settings\ntaylor\Desktop\aswMBR.txt"


Thanks again for your help.
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\nvdispsr32.exe
c:\documents and settings\ntaylor\tiipivasgu.tmp

Driver::
ERSvc32
cerc6


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.


Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).



1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. (In Vista, next select Windows Logs) Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

It appears that Symantec has been damaged by the malware. At a minimum it needs to be uninstalled and reinstalled but if the subscription has expired or if you are tired of paying for it you could replace it with the free Avast which I think is better and which puts less of a load on your CPU:

Download and Save the free Avast:

http://www.avast.com...ivirus-download

Download, save and run the Norton Removal Utility:
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Uninstall Symantec, run the Norton Removla tool then install Avast.

I think if you rerun aswMBR you will see that only the FixMBR button is enabled but if the FIX button is really enabled then press it.


Ron
  • 0

#5
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Ron:

Sorry for the delay. Combofix log is attached. I cannot run eset or bitdefender, perhaps a firewall issue. Do you still want me to do the other items?

BTW, this computer had its desktop and program icons disappear and I was able to recover with unhide. Also now have an app called "system repair" that runs and then locks up the computer. I suspect this is a continuation of my other problems or perhaps something new?

Anyway, here is the combofix log from 6/28/11.

ComboFix 11-06-27.04 - Ntaylor 06/28/2011 11:07:51.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1472 [GMT -4:00]
Running from: c:\documents and settings\ntaylor\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ntaylor\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
FILE ::
"c:\documents and settings\ntaylor\tiipivasgu.tmp"
"c:\windows\system32\nvdispsr32.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ntaylor\tiipivasgu.tmp
c:\windows\system32\nvdispsr32.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ERSVC32
-------\Service_cerc6
-------\Service_ERSvc32
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))
.
.
2011-06-28 12:47 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-28 12:47 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-28 12:29 . 2011-06-13 14:04 788992 ----a-w- c:\windows\system32\msorcl3232.exe
2011-06-28 12:27 . 2011-06-13 14:04 788992 ----a-w- c:\windows\system32\atmfd32.exe
2011-06-09 19:17 . 2011-06-09 19:17 -------- d-----w- c:\program files\Broadcom
2011-06-09 19:05 . 2011-06-09 19:05 45056 ----a-r- c:\documents and settings\ntaylor\Application Data\Microsoft\Installer\{2764CA82-DFB9-4498-AF85-719340BF5305}\NewShortcut1_2764CA82DFB94498AF85719340BF5305.exe
2011-06-02 15:12 . 2011-06-02 15:03 36864 ----a-w- C:\nphssb.dll
2011-06-02 15:12 . 2011-06-02 15:03 46480 ----a-w- c:\windows\system32\HS_live.ocx
2011-06-02 15:12 . 2011-06-02 15:03 45056 ----a-w- c:\windows\system32\HSSICore.dll
2011-06-02 15:12 . 2011-06-02 15:03 184320 ----a-w- c:\windows\system32\OESICore.dll
2011-06-02 15:03 . 2011-06-02 15:02 98136 ----a-w- c:\windows\gzip.exe
2011-06-02 15:02 . 2011-06-02 15:02 -------- d-----w- c:\program files\Homestead
2011-06-01 19:17 . 2011-06-01 19:17 18944 ----a-r- c:\documents and settings\ntaylor\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-06-01 19:17 . 2011-06-01 19:17 11264 ----a-r- c:\documents and settings\ntaylor\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A1630.exe
2011-06-01 19:17 . 2011-06-01 19:17 -------- d-----w- c:\program files\AWS
2011-06-01 19:16 . 2011-06-01 19:16 -------- d-----w- c:\program files\Free Offers from Freeze.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-11 15:15 . 2011-05-11 15:14 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-05-11 15:15 . 2011-05-11 15:14 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-02 15:31 . 2010-02-05 01:06 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2008-04-14 07:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2008-04-14 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2008-04-14 07:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2008-04-14 07:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2008-04-14 07:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 07:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-08-03 1044480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-03-20 115560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\atmfd32.exe"=
.
R2 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [1/17/2010 7:39 PM 1310448]
R2 RasMan32;Remote Access Connection Manager ;c:\windows\system32\nvdispsr32.exe --> c:\windows\system32\nvdispsr32.exe [?]
R2 TapiSrv32;Telephony ;c:\windows\system32\atmfd32.exe [6/28/2011 8:27 AM 788992]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/25/2011 12:09 PM 105592]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [3/19/2011 9:28 PM 23888]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/28/2011 8:47 AM 39984]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RASMAN32
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = https://retaillink.w...pe=IIS1&redir=/
uInternet Connection Wizard,ShellNext = https://rllogin.wal-.../&ct_orig_uri=/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.5
DPF: {1EFDA478-664E-41A6-8C2F-852344CC7F64} - hxxps://cnc.mcbcnet.com/cnc/CNCPrintAttachment.ocx
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-28 11:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1372)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\msorcl3232.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2011-06-28 11:19:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-28 15:19
ComboFix2.txt 2011-06-28 13:11
ComboFix3.txt 2010-12-15 20:41
ComboFix4.txt 2010-12-15 14:57
.
Pre-Run: 93,406,777,344 bytes free
Post-Run: 93,376,585,728 bytes free
.
- - End Of File - - 70B02F4E1199445E0AE15215C949711C


This may or may not help at this point. Do we need to start over?

Thanks.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
I thing we removed a cloaker with the last CFScript. I can see a few other things that need to go now so let's do it one more time:

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

File::
c:\windows\system32\msorcl3232.exe
c:\windows\system32\atmfd32.exe
c:\windows\system32\nvdispsr32.exe


Driver::
RasMan32
TapiSrv32

Folder::
c:\documents and settings\ntaylor\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}

RootKit::
c:\windows\system32\msorcl3232.exe
c:\windows\system32\atmfd32.exe
c:\windows\system32\nvdispsr32.exe



******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.


You can do the other procedures even if you can't run the online scans so go ahead and do them too. If you run aswMBR again it has an option now to scan with the Avast engine. Since you can't do the online scans try it. (If the option is not there then delete the old aswMBR and redownload from the same link as before.)

I don't see the System Repair process in Combofix. Try running OTL again (quickscan) and post the log.

Ron
  • 0

#7
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Ron:

Thanks again. It looks like ComboFix got rid of System Repair. Here are the logs:

ComboFix 11-07-19.03 - Ntaylor 07/19/2011 14:20:48.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1412 [GMT -4:00]
Running from: c:\documents and settings\ntaylor\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ntaylor\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
FILE ::
"c:\windows\system32\atmfd32.exe"
"c:\windows\system32\msorcl3232.exe"
"c:\windows\system32\nvdispsr32.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt
c:\documents and settings\Nicole Taylor\Application Data\Microsoft\Internet Explorer\Desktop.htt
c:\documents and settings\ntaylor\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}
c:\documents and settings\ntaylor\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
c:\documents and settings\ntaylor\Application Data\Microsoft\Internet Explorer\Desktop.htt
c:\documents and settings\ntaylor\Application Data\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
c:\documents and settings\ntaylor\Start Menu\Programs\System Repair
c:\documents and settings\ntaylor\Start Menu\Programs\System Repair\System Repair.lnk
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RASMAN32
-------\Legacy_TAPISRV32
-------\Service_RasMan32
-------\Service_TapiSrv32
-------\Service_ALG32
.
.
((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 )))))))))))))))))))))))))))))))
.
.
2011-07-18 16:42 . 2011-07-18 16:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-18 13:42 . 2011-07-18 13:42 -------- d-----w- c:\documents and settings\ntaylor\Application Data\Malwarebytes
2011-07-18 13:42 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-18 13:42 . 2011-07-18 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-18 13:41 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-18 13:41 . 2011-07-18 13:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-15 19:02 . 2011-07-15 19:02 -------- d-----w- c:\documents and settings\ntaylor\Local Settings\Application Data\Identities
2011-07-15 17:25 . 2011-07-15 17:27 -------- d-----w- C:\rei
2011-07-15 17:25 . 2011-07-15 17:25 -------- d-----w- c:\program files\Reimage
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-09 19:05 . 2011-06-09 19:05 45056 ----a-r- c:\documents and settings\ntaylor\Application Data\Microsoft\Installer\{2764CA82-DFB9-4498-AF85-719340BF5305}\NewShortcut1_2764CA82DFB94498AF85719340BF5305.exe
2011-06-02 15:03 . 2011-06-02 15:12 36864 ----a-w- C:\nphssb.dll
2011-06-02 15:03 . 2011-06-02 15:12 46480 ----a-w- c:\windows\system32\HS_live.ocx
2011-06-02 15:03 . 2011-06-02 15:12 45056 ----a-w- c:\windows\system32\HSSICore.dll
2011-06-02 15:03 . 2011-06-02 15:12 184320 ----a-w- c:\windows\system32\OESICore.dll
2011-06-02 15:02 . 2011-06-02 15:03 98136 ----a-w- c:\windows\gzip.exe
2011-06-02 14:02 . 2008-04-14 07:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-11 15:15 . 2011-05-11 15:14 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-05-11 15:15 . 2011-05-11 15:14 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-02 15:31 . 2010-02-05 01:06 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 07:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-14 07:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2008-04-14 07:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2008-04-14 07:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:11 . 2008-04-14 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2008-04-14 07:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2008-04-14 07:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2008-04-14 07:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 07:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-06-28_13.09.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-19 18:28 . 2011-07-19 18:28 16384 c:\windows\temp\Perflib_Perfdata_1e0.dat
+ 2008-04-14 07:00 . 2011-06-29 07:05 75152 c:\windows\system32\perfc009.dat
- 2008-04-14 07:00 . 2011-06-17 12:25 75152 c:\windows\system32\perfc009.dat
+ 2008-04-14 07:00 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2008-04-14 07:00 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2011-05-11 15:19 . 2011-07-19 00:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-11 15:19 . 2011-06-28 00:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-05 01:10 . 2011-06-28 00:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-02-05 01:10 . 2011-07-19 00:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-07-05 00:01 . 2011-07-19 00:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-05-11 15:19 . 2011-06-28 00:02 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-07-18 16:42 . 2011-07-18 16:42 24064 c:\windows\Installer\a6a39e.msi
+ 2011-07-19 02:47 . 2011-07-19 02:47 21504 c:\windows\Installer\1c8b59e.msi
+ 2010-02-05 04:08 . 2011-07-14 07:01 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2010-02-05 04:08 . 2011-06-17 07:03 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-02-05 04:08 . 2011-07-14 07:01 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2010-02-05 04:08 . 2011-06-17 07:03 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2010-02-05 04:08 . 2011-06-17 07:03 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-02-05 04:08 . 2011-07-14 07:01 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-02-05 04:08 . 2011-07-14 07:01 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-02-05 04:08 . 2011-06-17 07:03 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-06-29 07:07 . 2011-06-29 07:07 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll
+ 2011-06-29 07:11 . 2011-06-29 07:11 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\61c3b1e170de97a8d418b610bd9b0c77\System.Windows.Presentation.ni.dll
+ 2011-06-29 07:11 . 2011-06-29 07:11 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a4173f12a0fea30f95bc56ab04f64cae\System.Web.DynamicData.Design.ni.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ab5802527ce15dbcc25e301dbbb4d666\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\177a17af98d803ab79006d6785706462\System.AddIn.Contract.ni.dll
+ 2011-06-29 07:06 . 2011-06-29 07:06 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e9bb32c656a2f80b629f129d738c392b\PresentationFontCache.ni.exe
+ 2011-06-29 07:06 . 2011-06-29 07:06 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\d54d318ae1eb0667badea576d0534f9d\PresentationCFFRasterizer.ni.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\87fe1d01b568b3bc9c750b7cf7802516\Microsoft.Vsa.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f5057c30d89ad8d99e38c946a68def9e\Microsoft.Build.Framework.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c40d3caad8bff3c52db7e7562286406a\dfsvc.ni.exe
+ 2011-06-29 07:09 . 2011-06-29 07:09 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-04-14 07:05 . 2011-04-14 07:05 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-04-14 07:05 . 2011-04-14 07:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-02-05 04:08 . 2011-07-14 07:01 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2010-02-05 04:08 . 2011-06-17 07:03 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-06-29 07:04 . 2011-06-29 07:04 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-14 07:06 . 2011-04-14 07:06 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-04-14 07:00 . 2011-06-29 07:05 453312 c:\windows\system32\perfh009.dat
- 2008-04-14 07:00 . 2011-06-17 12:25 453312 c:\windows\system32\perfh009.dat
+ 2011-07-18 16:42 . 2011-07-18 16:42 243360 c:\windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe
+ 2011-07-18 16:42 . 2011-07-18 16:42 328864 c:\windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.dll
+ 2010-02-04 19:59 . 2011-07-14 07:19 144424 c:\windows\system32\FNTCACHE.DAT
- 2010-02-04 19:59 . 2011-06-09 18:48 144424 c:\windows\system32\FNTCACHE.DAT
- 2008-04-14 07:00 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2008-04-14 07:00 . 2011-04-26 11:07 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2008-04-14 07:00 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-02-05 04:08 . 2011-07-14 07:01 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2010-02-05 04:08 . 2011-06-17 07:03 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2010-02-05 04:08 . 2011-06-17 07:03 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2010-02-05 04:08 . 2011-07-14 07:01 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2010-02-05 04:08 . 2011-07-14 07:01 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2010-02-05 04:08 . 2011-06-17 07:03 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-02-05 04:08 . 2011-07-14 07:01 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2010-02-05 04:08 . 2011-06-17 07:03 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-06-29 07:09 . 2011-06-29 07:09 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\8ba27eaa0f7d987f92319c64aefd2e98\WsatConfig.ni.exe
+ 2011-06-29 07:07 . 2011-06-29 07:07 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\431d5dc1cfcc0c0530e813f370931670\WindowsFormsIntegration.ni.dll
+ 2011-06-29 07:07 . 2011-06-29 07:07 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\3740d6db28af31a6523a79fcdd71fbeb\UIAutomationTypes.ni.dll
+ 2011-06-29 07:07 . 2011-06-29 07:07 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\00dfe5563886a1f69c96b3acb839107b\UIAutomationClient.ni.dll
+ 2011-06-29 07:11 . 2011-06-29 07:11 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\80187a9cfed4fd0ec82746495be76764\System.Xml.Linq.ni.dll
+ 2011-06-29 07:11 . 2011-06-29 07:11 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\58c421c537b1c3f3878458ad306b2a42\System.Web.Routing.ni.dll
+ 2011-06-29 07:11 . 2011-06-29 07:11 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\dc26fff00ce95d24fd190f38904bb2b3\System.Web.RegularExpressions.ni.dll
+ 2011-06-29 07:11 . 2011-06-29 07:11 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4e3dd4d7f9aeda74a2fcefee036e5070\System.Web.Extensions.Design.ni.dll
+ 2011-06-29 07:11 . 2011-06-29 07:11 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4fb1c0c07f40248b463f2e33444b9477\System.Web.Entity.ni.dll
+ 2011-06-29 07:11 . 2011-06-29 07:11 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\4dfcffc6e6d02bdcdc185d5527a8097e\System.Web.Entity.Design.ni.dll
+ 2011-06-29 07:11 . 2011-06-29 07:11 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b921d1cffcd5e80ea14c51db967edd6\System.Web.DynamicData.ni.dll
+ 2011-06-29 07:11 . 2011-06-29 07:11 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\702b506e56d3a7051aea7822cd915c7f\System.Web.Abstractions.ni.dll
+ 2011-06-29 07:11 . 2011-06-29 07:11 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll
+ 2011-06-29 07:11 . 2011-06-29 07:11 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\e4bcb14e8e53c8dcaff3d2c20daf746e\System.Security.ni.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\503ccbb50e9c06c2f0b02ad8c3f2d100\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\ac53723e41898bc0e8a591c2e4f6f39b\System.Net.ni.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\4a3a674008d8102c1aa5b3fc18251ef7\System.Management.Instrumentation.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7f5f5bfd5f8d6587c96870751a6eb44d\System.IO.Log.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\de1bf796614ca11afd9fab95edb1b4e2\System.IdentityModel.Selectors.ni.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.Wrapper.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.ni.dll
+ 2011-06-29 07:07 . 2011-06-29 07:07 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\1af8683e05c42eb32f46578fe5a8f83f\System.Drawing.Design.ni.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\791a6643b70542b148d977ff42f2f2ef\System.DirectoryServices.Protocols.ni.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\31759ad8be21735f0a369c37514c2efc\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\df507a4500e73fa4cfc13f65a1c9055e\System.Data.Services.Client.ni.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d1778fffc09d783bc90512b65d35be66\System.Data.Services.Design.ni.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\5a47a8bf16370c93b3c6a471e48cc67a\System.Data.Entity.Design.ni.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\50492d147392c238edc5a614beccb91b\System.Data.DataSetExtensions.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\fa21b6c9badcf916bb254b4b823c2463\System.Configuration.Install.ni.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\77015cc1e6d9e7d20e63903777afd6df\System.AddIn.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6ca41c7917119c3a9de0bcdca525001d\SMSvcHost.ni.exe
+ 2011-06-29 07:09 . 2011-06-29 07:09 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8ff6d395f8861384bc9bfbe34cafb64e\SMDiagnostics.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\67dc00c24e551003f6dacb73fe9cf881\ServiceModelReg.ni.exe
+ 2011-06-29 07:06 . 2011-06-29 07:06 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e468e9265c844f74577530e4df71f120\PresentationFramework.Aero.ni.dll
+ 2011-06-29 07:06 . 2011-06-29 07:06 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\959709491c71caef88fb41b0eb159714\PresentationFramework.Classic.ni.dll
+ 2011-06-29 07:06 . 2011-06-29 07:06 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\807b62468c2893ee943dffff63a34d8d\PresentationFramework.Royale.ni.dll
+ 2011-06-29 07:06 . 2011-06-29 07:06 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6cf82f370413a2cd1e6bc54060334753\PresentationFramework.Luna.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\0add35a0fbe0c381c998b651c5979902\MSBuild.ni.exe
+ 2011-06-29 07:09 . 2011-06-29 07:09 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\667dc256d9eb3577f2514c89c5974aff\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d5561a4ad04c22f0eb5acf4736c7936e\Microsoft.Build.Utilities.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1a0623063225521aa43044314cc5e721\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\530f98922474a31636c34fa3db9a63ba\Microsoft.Build.Engine.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\7e75fca3ca1f36df8ac624190d9cd283\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\80bd17388778c90f301746ad88700758\CustomMarshalers.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\c0f5f3c318a92212bbe3b413eeb2b374\ComSvcConfig.ni.exe
+ 2011-06-29 07:09 . 2011-06-29 07:09 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\0524928cbd0a686db3960ef688d0d37e\AspNetMMCExt.ni.dll
- 2011-04-14 07:05 . 2011-04-14 07:05 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-04-14 07:05 . 2011-04-14 07:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-04-14 07:05 . 2011-04-14 07:05 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-04-14 07:05 . 2011-04-14 07:05 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-04-14 07:00 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys
- 2008-07-25 15:17 . 2008-07-25 15:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2011-03-25 10:15 . 2011-03-25 10:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-05-23 18:15 . 2011-05-23 18:15 3617792 c:\windows\Installer\4d2da3af.msp
+ 2011-01-19 03:36 . 2011-01-19 03:36 2687488 c:\windows\Installer\341c8c0.msp
+ 2007-04-19 19:09 . 2007-04-19 19:09 1061720 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OMFC.DLL
+ 2011-06-29 07:06 . 2011-06-29 07:06 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\11526c1635b97a7d49e25e72ed6e9662\WindowsBase.ni.dll
+ 2011-06-29 07:07 . 2011-06-29 07:07 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\901c3796073853746fecd8979c679494\UIAutomationClientsideProviders.ni.dll
+ 2011-06-29 07:06 . 2011-06-29 07:06 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
+ 2011-06-29 07:07 . 2011-06-29 07:07 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll
+ 2011-06-29 07:11 . 2011-06-29 07:11 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\2877dda3e0f0faeba527b4bf1efe9cb5\System.WorkflowServices.ni.dll
+ 2011-06-29 07:11 . 2011-06-29 07:11 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d7cb3697989fe6fa3a08d2821d38aa5e\System.Workflow.Runtime.ni.dll
+ 2011-06-29 07:11 . 2011-06-29 07:11 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\4ac04107c35485d415f9e1bebfd155dd\System.Workflow.ComponentModel.ni.dll
+ 2011-06-29 07:11 . 2011-06-29 07:11 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\2169feb8bd57d96e621fa26d9391d463\System.Workflow.Activities.ni.dll
+ 2011-06-29 07:11 . 2011-06-29 07:11 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f31f1579160d87470cba918f06276e0d\System.Web.Services.ni.dll
+ 2011-06-29 07:11 . 2011-06-29 07:11 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\bdad1c0f4eb846543b234353fd2b926f\System.Web.Mobile.ni.dll
+ 2011-06-29 07:11 . 2011-06-29 07:11 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\647bfe6da40e8160b967c41424901dc8\System.Web.Extensions.ni.dll
+ 2011-06-29 07:07 . 2011-06-29 07:07 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2047e63293e067b351b8f0e038253f33\System.Speech.ni.dll
+ 2011-06-29 07:11 . 2011-06-29 07:11 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ead07662976fb7094811461c568643d5\System.ServiceModel.Web.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c889a45c82004537f1620dd3b211af66\System.Runtime.Serialization.ni.dll
+ 2011-06-29 07:07 . 2011-06-29 07:07 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\c64aa916251a45206a805ab6488b9255\System.Printing.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a8039af85f459c19c041313f9fe0d7e8\System.IdentityModel.ni.dll
+ 2011-06-29 07:07 . 2011-06-29 07:07 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a59b17e6040e3f6286a2227dfdb17096\System.Drawing.ni.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\55211bc8f4fcff47c05bfc3020d97148\System.DirectoryServices.ni.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f9ff2fb342cd5102e2d95883b3433a5d\System.Deployment.ni.dll
+ 2011-06-29 07:07 . 2011-06-29 07:07 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef31ab37b0d7c3c1a6d72646966c8911\System.Data.SqlXml.ni.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f945e9c32c775bb604ab83d8933f1b2c\System.Data.Services.ni.dll
+ 2011-06-29 07:07 . 2011-06-29 07:07 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\283e9bf48e17bdb34acdc93bd5721be0\System.Data.Linq.ni.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\368c85cccea8a1206be5c849fd6614e3\System.Data.Entity.ni.dll
+ 2011-06-29 07:07 . 2011-06-29 07:07 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\bd2e04dfab2993479ae17ea3fa4f6222\System.Core.ni.dll
+ 2011-06-29 07:06 . 2011-06-29 07:07 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4f82a0a1b4405ef61dfa088d11161e35\ReachFramework.ni.dll
+ 2011-06-29 07:06 . 2011-06-29 07:06 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\148505f5b0307230de5d355f10d30a20\PresentationUI.ni.dll
+ 2011-06-29 07:06 . 2011-06-29 07:06 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\1fab86af683c04bdb0aaf65ce7fcd9e5\PresentationBuildTasks.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7292ca9d793cb71cf3d41ae663e7139b\Microsoft.VisualBasic.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\abaf7a180354ed5ec099fb69339b538a\Microsoft.Transactions.Bridge.ni.dll
+ 2011-06-29 07:10 . 2011-06-29 07:10 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b41db9f2897f538203911026bb0abd5d\Microsoft.JScript.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a91940f9033c7910f3f64c061571cec9\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\5195a94327ccef45d202776e932e847b\Microsoft.Build.Tasks.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3efbca53acdd34586bd7f6f87e71ed62\Microsoft.Build.Engine.ni.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-04-14 07:05 . 2011-04-14 07:05 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-04-14 07:05 . 2011-04-14 07:05 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-06-29 07:04 . 2011-06-29 07:04 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-04-14 07:05 . 2011-04-14 07:05 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-04-14 07:06 . 2011-04-14 07:06 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-02-05 03:49 . 2011-07-14 07:01 49089992 c:\windows\system32\MRT.exe
+ 2011-03-28 07:27 . 2011-03-28 07:27 15456256 c:\windows\Installer\341c8cc.msp
+ 2011-06-29 07:04 . 2011-06-29 07:04 13725696 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4A5.tmp\PresentationFramework.dll
+ 2011-06-29 07:07 . 2011-06-29 07:07 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\29d16d2f164fe2263539789ecd0d9d4f\System.Windows.Forms.ni.dll
+ 2011-06-29 07:11 . 2011-06-29 07:11 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1fb5d8788c9a9a7f44e2d0fa19c62729\System.Web.ni.dll
+ 2011-06-29 07:09 . 2011-06-29 07:09 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\23abc8e4b535b9cd9c5560266c655ac2\System.ServiceModel.ni.dll
+ 2011-06-29 07:07 . 2011-06-29 07:07 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\ee914f59ad8211e0b6734dccffd9986e\System.Design.ni.dll
+ 2011-06-29 07:06 . 2011-06-29 07:06 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\999df2b262da53356dda514512bb7bb8\PresentationFramework.ni.dll
+ 2011-06-29 07:06 . 2011-06-29 07:06 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\caafa254739e326b0cf55eed815b4333\PresentationCore.ni.dll
+ 2011-06-29 07:05 . 2011-06-29 07:05 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27C441FA-C76B-E6E5-01CA-D669BA19B6A0}]
c:\windows\system32\msoert232.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-18 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-08-03 1044480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-03-20 115560]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R2 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [1/17/2010 7:39 PM 1310448]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/18/2011 9:42 AM 366640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/25/2011 12:09 PM 105592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/18/2011 9:41 AM 22712]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/18/2011 12:42 PM 136176]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [3/19/2011 9:28 PM 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/18/2011 12:42 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/18/2011 9:42 AM 41272]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-18 16:42]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-18 16:42]
.
2011-07-18 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2011-07-10 08:51]
.
.
------- Supplementary Scan -------
.
uStart Page = https://retaillink.w...pe=IIS1&redir=/
uInternet Connection Wizard,ShellNext = https://rllogin.wal-.../&ct_orig_uri=/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.5
DPF: {1EFDA478-664E-41A6-8C2F-852344CC7F64} - hxxps://cnc.mcbcnet.com/cnc/CNCPrintAttachment.ocx
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-19 14:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3080)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Symantec\Symantec Endpoint Protection\SescLU.exe
.
**************************************************************************
.
Completion time: 2011-07-19 14:34:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-19 18:34
ComboFix2.txt 2011-06-28 15:19
ComboFix3.txt 2011-06-28 13:11
ComboFix4.txt 2010-12-15 20:41
ComboFix5.txt 2011-07-19 18:19
.
Pre-Run: 91,928,457,216 bytes free
Post-Run: 92,138,168,320 bytes free
.
- - End Of File - - 549CD71702B0976E60C81E5E0967BF6E


aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-19 14:38:56
-----------------------------
14:38:56.013 OS Version: Windows 5.1.2600 Service Pack 3
14:38:56.013 Number of processors: 2 586 0xF02
14:38:56.013 ComputerName: BD05KWC1 UserName: Ntaylor
14:38:56.517 Initialize success
14:40:36.582 AVAST engine defs: 11071901
14:44:36.067 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:44:36.067 Disk 0 Vendor: ST3160812AS 3.ADJ Size: 152587MB BusType: 3
14:44:36.067 Disk 0 MBR read successfully
14:44:36.067 Disk 0 MBR scan
14:44:36.114 Disk 0 Windows XP default MBR code
14:44:36.114 Disk 0 scanning sectors +312496380
14:44:36.192 Disk 0 scanning C:\WINDOWS\system32\drivers
14:44:45.122 Service scanning
14:44:45.904 Disk 0 trace - called modules:
14:44:45.920 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
14:44:45.920 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89e59030]
14:44:45.920 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89e4eb00]
14:44:46.201 AVAST engine scan C:\WINDOWS
14:44:55.553 AVAST engine scan C:\WINDOWS\system32
14:46:38.567 AVAST engine scan C:\WINDOWS\system32\drivers
14:46:48.884 AVAST engine scan C:\Documents and Settings\ntaylor
15:10:38.785 AVAST engine scan C:\Documents and Settings\All Users
15:12:58.705 Scan finished successfully
15:14:35.797 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ntaylor\Desktop\MBR.dat"
15:14:35.797 The log file has been saved successfully to "C:\Documents and Settings\ntaylor\Desktop\aswMBR.txt"


Thanks.
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Yep, it found it that time. If you don't have any more problems I guess we're done except for some cleanup.

We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You do not have the latest Java (Java™ 6 Update 26). Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it.

Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 23 which is new enough that it should be removed automatically. If you use Firefox go into tools, Add-ons and make sure that CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA is not enabled. CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA is OK but 0023 should be disabled or uninstalled. Java seems to have a real problem removing the old consoles from Firefox. Having multiple Java consoles will make Firefox very sluggish and slow to start.


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#9
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Ron:

Symantec Endpoint is still finding Trojan.Gen in a temp sub-directory. Is it possible that it is still there? We are not getting any obvious infection symptoms, other than Symantec finding the files.

Thoughts?
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
What is the full path to the temp folder?

Open up a Command Prompt:

Start, Run, cmd, OK and type with an Enter after each line:


cd  "type in the full path to the temp folder without the C:"

dir  /a  >  \junk.txt

notepad  \junk.txt



Copy the text from notepad and put it in a reply.

Ron
  • 0

#11
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Ron:

Thanks again.

Volume in drive C has no label.
Volume Serial Number is 84C4-73F7

Directory of C:\Documents and Settings\ntaylor\Local Settings\temp

07/28/2011 11:16 AM <DIR> .
07/28/2011 11:16 AM <DIR> ..
07/19/2011 03:20 PM 15,630,848 30a688.mst
07/28/2011 09:38 AM 7,168 9ROS0005.TMP
07/21/2011 01:26 PM 2 ack.txt
07/28/2011 08:48 AM <DIR> Acrobat Distiller 8
07/25/2011 10:29 AM <DIR> Adobe
07/22/2011 12:05 PM 1,608 AdobeARM.log
07/28/2011 10:41 AM 786 AdobeARM_NotLocked.log
07/28/2011 10:41 AM 148,526 ArmUI.ini
07/19/2011 03:21 PM 221 AUCHECK_PARSER.txt
07/20/2011 03:05 PM <DIR> Cookies
07/21/2011 01:11 PM 40,272 datB19.tmp
07/21/2011 01:11 PM 55,284 datB1A.tmp
07/21/2011 01:11 PM 34,932 datB1B.tmp
07/21/2011 01:11 PM 21,540 datB1C.tmp
07/21/2011 01:11 PM 34,728 datB1D.tmp
07/21/2011 01:11 PM 52,908 datB1E.tmp
07/21/2011 01:11 PM 55,284 datB1F.tmp
07/21/2011 01:11 PM 40,272 datB20.tmp
07/21/2011 01:11 PM 21,540 datB21.tmp
07/21/2011 01:11 PM 34,932 datB22.tmp
07/21/2011 01:11 PM 34,728 datB23.tmp
07/21/2011 01:11 PM 52,908 datB24.tmp
07/21/2011 01:11 PM 55,284 datB25.tmp
07/21/2011 01:11 PM 40,272 datB26.tmp
07/21/2011 01:11 PM 21,540 datB27.tmp
07/21/2011 01:11 PM 34,932 datB28.tmp
07/21/2011 01:11 PM 34,728 datB29.tmp
07/21/2011 01:11 PM 52,908 datB2A.tmp
07/21/2011 01:12 PM 55,284 datB2B.tmp
07/21/2011 01:12 PM 40,272 datB2C.tmp
07/21/2011 01:12 PM 21,540 datB2D.tmp
07/21/2011 01:12 PM 34,932 datB2E.tmp
07/21/2011 01:12 PM 34,728 datB2F.tmp
07/21/2011 01:12 PM 52,908 datB30.tmp
07/21/2011 01:23 PM 55,284 datBC4.tmp
07/21/2011 01:23 PM 34,932 datBC5.tmp
07/21/2011 01:23 PM 40,272 datBC6.tmp
07/21/2011 01:23 PM 21,540 datBC7.tmp
07/21/2011 01:23 PM 34,728 datBC8.tmp
07/21/2011 01:23 PM 52,908 datBC9.tmp
05/25/2011 10:34 AM 739,093 dbevmain.dbc
05/25/2011 10:34 AM 828,928 dbevmain.dct
05/25/2011 10:34 AM 167,424 dbevmain.dcx
07/21/2011 01:26 PM 1,368 downloader log.txt
07/22/2011 03:28 PM 0 DSCN0156.JPG
07/22/2011 03:28 PM 0 DSCN0158 (2).JPG
07/22/2011 03:29 PM 0 DSCN0158 (3).JPG
07/22/2011 03:28 PM 0 DSCN0158.JPG
07/27/2011 03:44 PM 28 ExchangePerflog_8484fa31f7ee494fcfcccd43.dat
07/26/2011 08:20 AM <DIR> Google Toolbar
07/20/2011 03:05 PM <DIR> History
07/24/2011 12:41 PM <DIR> hsperfdata_Ntaylor
07/19/2011 03:21 PM 160 JAUReg.log
07/19/2011 03:21 PM 2,146 java_install_reg.log
07/19/2011 03:20 PM 1,297 java_install_sp.log
07/19/2011 03:20 PM 1,288 jinstall.cfg
07/14/2011 05:45 PM 909,088 jre-6u26-windows-i586-iftw-rv.exe
07/26/2011 04:24 PM 12,503 jusched.log
07/28/2011 08:07 AM 15,447 libFNP_events.log
07/27/2011 02:38 PM <DIR> msohtml
07/27/2011 02:38 PM <DIR> msohtml1
07/20/2011 10:14 AM <DIR> msohtmlclip
07/28/2011 10:18 AM <DIR> msohtmlclip1
07/28/2011 10:22 AM 0 off3473.tmp
07/20/2011 02:29 PM <DIR> OIS
07/21/2011 01:26 PM 931 repair_version.xml
07/28/2011 10:57 AM <DIR> Temporary Directory 1 for 1_6669268__ca_eps_large.zip
07/27/2011 12:23 PM <DIR> Temporary Directory 1 for August 2011.zip
07/27/2011 02:10 PM <DIR> Temporary Directory 15 for August 2011 (2).zip
07/27/2011 01:16 PM <DIR> Temporary Directory 4 for August 2011 (2).zip
07/27/2011 01:25 PM <DIR> Temporary Directory 6 for August 2011 (2).zip
07/27/2011 01:35 PM <DIR> Temporary Directory 8 for August 2011 (2).zip
07/20/2011 03:05 PM <DIR> Temporary Internet Files
07/28/2011 08:44 AM 693 TWAIN.LOG
07/28/2011 08:44 AM 2 Twain001.Mtx
07/28/2011 08:44 AM 156 Twunk001.MTX
07/20/2011 08:49 AM 0 Twunk002.MTX
07/20/2011 08:38 AM <DIR> VBE
07/28/2011 10:52 AM 106 VGX347C.tmp
07/28/2011 10:52 AM 106 VGX347D.tmp
07/28/2011 10:40 AM <DIR> VPMECTMP
07/19/2011 03:15 PM <DIR> _av4_
07/19/2011 02:51 PM <DIR> _avast4_
07/28/2011 10:57 AM 16,384 ~DF2CAC.tmp
07/28/2011 10:46 AM 512 ~DF495A.tmp
07/28/2011 10:45 AM 16,384 ~DF81A.tmp
07/28/2011 08:37 AM 16,384 ~DF85BD.tmp
07/28/2011 11:16 AM 16,384 ~DFDC20.tmp
07/27/2011 03:45 PM 512 ~DFFF8.tmp
07/28/2011 10:57 AM 1,020,735,488 ~PST3165.tmp
68 File(s) 1,040,470,291 bytes
24 Dir(s) 91,224,809,472 bytes free
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Please download ATF Cleaner by Atribune, saving it to your desktop: http://www.atribune..../click.php?id=1


Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser (and some Mozilla-based browsers):
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Then do this again:

Start, Run, cmd, OK and type with an Enter after each line:


cd "type in the full path to the temp folder without the C:"

dir /a > \junk.txt

notepad \junk.txt



Copy the text from notepad and put it in a reply.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP