Jump to content

I need some help?!?!


Recommended Posts

i have an infection i cannot get rid of. Here are copies of the logs.

malwarebytes

Malwarebytes' Anti-Malware 1.38

Database version: 2307

Windows 5.1.2600 Service Pack 3

7/28/2009 7:32:31 PM

mbam-log-2009-07-28 (19-32-31).txt

Scan type: Quick Scan

Objects scanned: 140364

Time elapsed: 17 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Hijack This

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:31:48 PM, on 7/28/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

O2 - BHO: (no name) - {3F1866D7-E21A-4403-A609-D8F2090567DF} - (no file)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O4 - HKLM\..\Run: [OSCD_Creator] c:\Dell\PreODM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [OSCD_Creator] C:\Dell\PreODM.EXE /2

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [Windows Update Utility] \\?\globalroot\systemroot\system32\vfhr.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Windows Update Utility] \\?\globalroot\systemroot\system32\vfhr.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Alerter AlerterALG (AlerterALG) - Unknown owner - C:\WINDOWS\system32\f.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--

End of file - 8531 bytes

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

No problem.

First off your version of MBAM is quite old now.

YOUR VERSION

Malwarebytes' Anti-Malware 1.38

Database version: 2307

CURRENT VERSION

Malwarebytes' Anti-Malware 1.40

Database version: 2577

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:

  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

Sorry About the Delay

Malwarebytes' Anti-Malware 1.40

Database version: 2551

Windows 5.1.2600 Service Pack 3 (Safe Mode)

8/14/2009 3:36:26 PM

mbam-log-2009-08-14 (15-36-25).txt

Scan type: Quick Scan

Objects scanned: 135076

Time elapsed: 15 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\fias4051 (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AlerterALG (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\SYSTEM32\DRIVERS\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\0101120101465452.lso (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\0101120101465749.lso (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\0101120101465452.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\0101120101465749.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 12/31/2004 6:26:16 PM

System Uptime: 8/14/2009 2:55:02 PM (1 hours ago)

Motherboard: Dell Computer Corp. | | 0N6381

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 72 GiB total, 33.045 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}

Description: CD-ROM Drive

Device ID: IDE\CDROMHL-DT-ST_CD-ROM_GCR-8483B_______________1.07____\5&145A0A8F&0&0.0.0

Manufacturer: (Standard CD-ROM drives)

Name: HL-DT-ST CD-ROM GCR-8483B

PNP Device ID: IDE\CDROMHL-DT-ST_CD-ROM_GCR-8483B_______________1.07____\5&145A0A8F&0&0.0.0

Service: cdrom

==== System Restore Points ===================

RP1585: 5/11/2009 11:42:05 PM - System Checkpoint

RP1586: 5/13/2009 3:14:35 AM - System Checkpoint

RP1587: 5/14/2009 7:31:24 PM - Software Distribution Service 3.0

RP1588: 5/15/2009 10:29:53 PM - System Checkpoint

RP1589: 5/16/2009 11:50:48 PM - System Checkpoint

RP1590: 5/18/2009 12:12:49 AM - System Checkpoint

RP1591: 5/19/2009 12:52:33 AM - System Checkpoint

RP1592: 5/20/2009 6:31:25 PM - System Checkpoint

RP1593: 5/21/2009 7:44:48 PM - System Checkpoint

RP1594: 5/23/2009 10:55:59 AM - System Checkpoint

RP1595: 5/24/2009 1:39:40 PM - System Checkpoint

RP1596: 5/25/2009 2:28:34 PM - System Checkpoint

RP1597: 5/26/2009 5:27:12 PM - System Checkpoint

RP1598: 5/27/2009 6:09:13 PM - System Checkpoint

RP1599: 5/28/2009 6:38:55 PM - System Checkpoint

RP1600: 5/29/2009 7:27:41 PM - System Checkpoint

RP1601: 5/30/2009 8:05:47 PM - System Checkpoint

RP1602: 5/31/2009 10:43:29 PM - System Checkpoint

RP1603: 6/1/2009 10:58:30 PM - System Checkpoint

RP1604: 6/3/2009 7:57:28 AM - System Checkpoint

RP1605: 6/4/2009 5:23:20 PM - System Checkpoint

RP1606: 6/5/2009 9:39:11 PM - System Checkpoint

RP1607: 6/7/2009 12:36:54 AM - System Checkpoint

RP1608: 6/8/2009 9:01:47 AM - System Checkpoint

RP1609: 6/9/2009 10:25:51 AM - System Checkpoint

RP1610: 6/10/2009 4:00:33 AM - Software Distribution Service 3.0

RP1611: 6/11/2009 4:19:38 AM - System Checkpoint

RP1612: 6/12/2009 6:07:43 AM - System Checkpoint

RP1613: 6/12/2009 1:49:34 PM - Installed Microsoft Fix it 50027

RP1614: 6/12/2009 2:43:06 PM - Installed Microsoft Fix it 50027

RP1615: 6/12/2009 3:32:29 PM - Software Distribution Service 3.0

RP1616: 6/13/2009 4:11:53 PM - System Checkpoint

RP1617: 6/14/2009 6:57:30 PM - System Checkpoint

RP1618: 6/15/2009 11:34:59 PM - System Checkpoint

RP1619: 6/17/2009 1:22:52 AM - System Checkpoint

RP1620: 6/18/2009 7:47:19 AM - System Checkpoint

RP1621: 6/19/2009 9:19:47 AM - System Checkpoint

RP1622: 6/20/2009 10:23:49 AM - System Checkpoint

RP1623: 6/21/2009 2:11:50 PM - System Checkpoint

RP1624: 8/8/2009 7:44:10 PM - System Checkpoint

RP1625: 8/9/2009 4:00:24 AM - Software Distribution Service 3.0

RP1626: 8/9/2009 4:32:34 AM - Printer Driver Microsoft XPS Document Writer Installed

==== Installed Programs ======================

1400

1400_Help

1400Trb

Adobe Download Manager 2.0 (Remove Only)

Adobe Flash Player 10 ActiveX

Adobe Reader 7.0.5

Adobe Shockwave Player 11

AiO_Scan

AiOSoftware

AOL Instant Messenger

Apple Mobile Device Support

Apple Software Update

Bonjour

Critical Update for Windows Media Player 11 (KB959772)

Dell Driver Reset Tool

Dell Photo Printer 720

Dell Support Center (Support Software)

DellSupport

ESPN Java Check

Fax

GdiplusUpgrade

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

HP Product Assistant

HP PSC & OfficeJet 4.7

HP Update

Intel® 537EP V9x DF PCI Modem

Intel® Extreme Graphics 2 Driver

Intel® PRO Network Adapters and Drivers

Intel® PROSet for Wired Connections

Internet Explorer Default Page

iPhone/iTouch/iPod to Computer Transfer 5.1.9

iPod for Windows 2005-09-23

iPod for Windows 2006-06-28

IrfanView (remove only)

iTunes

J2SE Runtime Environment 5.0 Update 4

J2SE Runtime Environment 5.0 Update 6

Java 2 Runtime Environment, SE v1.4.2_03

Java 6 Update 11

Java 6 Update 5

Malwarebytes' Anti-Malware

McAfee SecurityCenter

McAfee Shredder

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Standard Edition 2003

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ Run Time Lib Setup

Modem Event Monitor

Modem Helper

Modem On Hold

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 Parser and SDK

Music Visualizer Library 1.4.00

My Way Search Assistant

Net MD Simple Burner

Network Play System (Patching)

Nikon Message Center

OpenMG Limited Patch 3.1-02-10-22-01

OpenMG Limited Patch 3.1-02-10-22-02

OpenMG Limited Patch 3.1-02-12-04-01

OpenMG Secure Module 3.1

PictureProject

PictureProject In Touch Downloader 1.0

ProductContext

QuickTime

Readme

RealPlayer

Scan

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB973346)

Skype

Link to post
Share on other sites

  • Root Admin

Please fully disable your current Anti-Virus so that it does not interfere with this scanner.

Please visit this webpage for instructions for downloading ComboFix to your
DESKTOP
:
how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:

You must save and run
ComboFix.exe
on your DESKTOP and not from any other folder.

Also,
DO NOT
click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

Note:

The
Windows Recovery Console
will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Click
    Yes
    to allow ComboFix to continue scanning for malware.

  • When the tool is finished, it will produce a report for you.

  • Please post the
    C:\ComboFix.txt
    along with a
    new HijackThis log
    so we may continue cleaning the system.

Link to post
Share on other sites

I am going to post the logs within two post because the logs are too large for one post

ComboFix 09-08-10.06 - Brian 08/15/2009 16:46.3.1 - NTFSx86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.345 [GMT -4:00]

Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Installer\d3a3b.msi

c:\windows\run.log

c:\windows\system32\Drivers\acsww.sys

c:\windows\system32\Drivers\elldbwrw.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_drae

((((((((((((((((((((((((( Files Created from 2009-07-15 to 2009-08-15 )))))))))))))))))))))))))))))))

.

2009-08-15 21:01 . 2009-08-15 21:01 -------- d-----w- c:\windows\LastGood

2009-08-15 20:17 . 2009-08-15 20:17 -------- d-----w- c:\documents and settings\Brian\Application Data\McAfee

2009-08-09 08:19 . 2009-08-09 08:19 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-09 08:19 . 2009-08-09 08:19 -------- d-----w- c:\program files\MSBuild

2009-08-09 08:19 . 2009-08-09 08:19 -------- d-----w- c:\program files\Reference Assemblies

2009-08-09 08:18 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-09 08:18 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-09 08:18 . 2009-08-09 08:18 -------- d-----w- C:\22d06f0c895e0e6bf8fed5

2009-08-09 08:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-09 08:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-09 08:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-09 08:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-09 08:18 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-07-30 03:02 . 2009-07-30 03:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer

2009-07-25 23:11 . 2009-08-10 20:25 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-07-21 19:53 . 2009-07-21 19:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-15 21:11 . 2008-08-25 01:19 -------- d-----w- c:\documents and settings\Brian\Application Data\skypePM

2009-08-14 19:02 . 2004-11-09 10:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-14 19:02 . 2009-04-10 13:31 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-08-09 08:31 . 2005-01-23 03:14 -------- d-----w- c:\program files\McAfee

2009-08-03 17:36 . 2004-11-09 10:23 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 17:36 . 2004-11-09 10:23 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-03 17:09 . 2004-08-04 11:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-25 13:20 . 2009-06-25 13:20 -------- d-sh--w- c:\documents and settings\Guest\Application Data\lowsec

2009-06-24 01:34 . 2009-06-24 01:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-06-22 13:55 . 2008-08-13 20:01 -------- d-----w- c:\documents and settings\Brian\Application Data\SiteAdvisor

2009-06-19 02:14 . 2009-05-10 20:18 -------- d-----w- c:\program files\RealArcade

2009-06-17 17:13 . 2009-06-17 17:09 -------- d-----w- c:\program files\ZillaTube

2009-06-17 16:53 . 2009-04-04 22:08 -------- d-----w- c:\program files\Cucusoft

2009-06-16 14:36 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2004-08-04 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-03 19:09 . 2004-08-04 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll

2004-08-04 11:00 . 2004-08-04 11:00 94784 -csh--w- c:\windows\TWAIN.DLL

2008-04-14 00:12 . 2004-08-04 11:00 50688 --sh--w- c:\windows\twain_32.dll

2005-03-28 20:33 . 2005-01-13 05:54 900 -csha-w- c:\windows\SYSTEM32\KGyGaAvL.sys

2008-04-14 00:11 . 2004-08-04 11:00 1028096 --sha-w- c:\windows\SYSTEM32\mfc42.dll

2008-04-14 00:12 . 2004-08-04 11:00 57344 --sha-w- c:\windows\SYSTEM32\msvcirt.dll

2008-04-14 00:12 . 2004-08-04 11:00 413696 --sha-w- c:\windows\SYSTEM32\msvcp60.dll

2008-04-14 00:12 . 2004-08-04 11:00 343040 --sha-w- c:\windows\SYSTEM32\msvcrt.dll

2008-04-14 00:12 . 2004-08-04 11:00 551936 --sha-w- c:\windows\SYSTEM32\oleaut32.dll

2008-04-14 00:12 . 2004-08-04 11:00 84992 --sha-w- c:\windows\SYSTEM32\olepro32.dll

2008-04-14 00:12 . 2004-08-04 11:00 11776 --sha-w- c:\windows\SYSTEM32\regsvr32.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-06-24_14.59.20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-15 20:59 . 2009-08-15 20:59 16384 c:\windows\temp\Perflib_Perfdata_7e4.dat

+ 2008-07-30 01:10 . 2008-07-30 01:10 26112 c:\windows\SYSTEM32\TsWpfWrp.exe

+ 2009-08-09 08:18 . 2008-07-06 12:06 89088 c:\windows\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll

+ 2008-07-29 23:59 . 2008-07-29 23:59 43544 c:\windows\SYSTEM32\PresentationHostProxy.dll

+ 2004-12-22 02:59 . 2009-08-09 08:26 72576 c:\windows\SYSTEM32\PERFC009.DAT

+ 2008-07-25 15:17 . 2008-07-25 15:17 15360 c:\windows\SYSTEM32\MUI\0409\mscorees.dll

+ 2006-11-08 02:03 . 2009-07-03 17:09 55296 c:\windows\SYSTEM32\msfeedsbs.dll

- 2006-11-08 02:03 . 2009-03-08 08:31 55296 c:\windows\SYSTEM32\msfeedsbs.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 83968 c:\windows\SYSTEM32\mscories.dll

- 2004-08-04 11:00 . 2009-04-30 21:22 25600 c:\windows\SYSTEM32\jsproxy.dll

+ 2004-08-04 11:00 . 2009-07-03 17:09 25600 c:\windows\SYSTEM32\jsproxy.dll

+ 2008-07-29 23:24 . 2008-07-29 23:24 97800 c:\windows\SYSTEM32\infocardapi.dll

+ 2008-07-29 23:24 . 2008-07-29 23:24 11264 c:\windows\SYSTEM32\icardres.dll

+ 2008-07-30 01:10 . 2008-07-30 01:10 73720 c:\windows\SYSTEM32\dxva2.dll

+ 2009-06-12 19:46 . 2009-07-03 17:09 12800 c:\windows\SYSTEM32\DLLCACHE\xpshims.dll

- 2009-06-12 19:46 . 2009-04-30 21:22 12800 c:\windows\SYSTEM32\DLLCACHE\xpshims.dll

- 2007-05-08 21:39 . 2009-03-08 08:31 55296 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll

+ 2007-05-08 21:39 . 2009-07-03 17:09 55296 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll

+ 2004-08-04 11:00 . 2009-07-03 17:09 25600 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll

- 2004-08-04 11:00 . 2009-04-30 21:22 25600 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll

+ 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\SYSTEM32\DLLCACHE\fontsub.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 96760 c:\windows\SYSTEM32\dfshim.dll

+ 2004-12-31 23:19 . 2009-08-15 21:04 49152 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat

- 2004-12-31 23:19 . 2009-06-24 14:13 49152 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2004-12-31 23:19 . 2009-08-15 21:04 49152 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat

- 2004-12-31 23:19 . 2009-06-24 14:13 49152 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat

+ 2008-07-30 03:40 . 2008-07-30 03:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

+ 2008-07-30 03:40 . 2008-07-30 03:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe

+ 2008-07-30 03:40 . 2008-07-30 03:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll

+ 2008-07-30 03:40 . 2008-07-30 03:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe

+ 2008-07-30 03:40 . 2008-07-30 03:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe

+ 2008-07-30 03:40 . 2008-07-30 03:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe

+ 2008-07-30 03:40 . 2008-07-30 03:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe

+ 2008-07-30 03:40 . 2008-07-30 03:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe

+ 2008-07-30 03:40 . 2008-07-30 03:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe

+ 2008-07-30 01:10 . 2008-07-30 01:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

+ 2008-07-29 23:59 . 2008-07-29 23:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll

+ 2008-07-30 01:10 . 2008-07-30 01:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll

+ 2008-07-29 23:32 . 2008-07-29 23:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe

+ 2008-07-29 23:16 . 2008-07-29 23:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll

+ 2008-07-29 23:16 . 2008-07-29 23:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll

+ 2008-07-29 23:16 . 2008-07-29 23:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll

+ 2008-07-29 23:16 . 2008-07-29 23:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL

+ 2008-07-25 15:17 . 2008-07-25 15:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe

- 2005-09-23 11:28 . 2005-09-23 11:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

+ 2008-07-25 15:17 . 2008-07-25 15:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

+ 2008-07-25 15:17 . 2008-07-25 15:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

- 2005-09-23 11:28 . 2005-09-23 11:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

+ 2008-07-25 15:17 . 2008-07-25 15:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

+ 2008-07-25 15:16 . 2008-07-25 15:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

+ 2008-07-25 15:16 . 2008-07-25 15:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

+ 2008-07-25 15:16 . 2008-07-25 15:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe

- 2005-09-23 11:28 . 2005-09-23 11:28 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe

+ 2008-07-25 15:17 . 2008-07-25 15:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

- 2005-09-23 11:28 . 2005-09-23 11:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

+ 2008-07-25 15:17 . 2008-07-25 15:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

+ 2008-07-25 15:17 . 2008-07-25 15:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe

+ 2008-07-25 15:17 . 2008-07-25 15:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll

+ 2008-11-25 08:59 . 2008-11-25 08:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2008-07-25 15:16 . 2008-07-25 15:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

+ 2008-07-25 15:16 . 2008-07-25 15:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe

+ 2008-07-25 15:16 . 2008-07-25 15:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe

+ 2008-07-25 15:16 . 2008-07-25 15:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe

- 2005-09-23 11:28 . 2005-09-23 11:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe

+ 2008-07-25 15:17 . 2008-07-25 15:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

+ 2008-07-25 15:16 . 2008-07-25 15:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll

Link to post
Share on other sites

+ 2008-07-25 15:17 . 2008-07-25 15:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe

+ 2009-03-20 01:50 . 2009-03-20 01:50 51712 c:\windows\Installer\84b23a2.msi

+ 2004-12-22 03:13 . 2004-12-22 03:13 72704 c:\windows\Installer\83f5.msi

+ 2009-06-02 01:41 . 2009-06-02 01:41 99328 c:\windows\Installer\5e50e31.msi

+ 2008-07-30 01:07 . 2008-07-30 01:07 23040 c:\windows\Installer\1f588f1.msp

+ 2009-08-09 08:16 . 2009-08-09 08:16 88576 c:\windows\Installer\1f014ed.msi

+ 2009-08-09 08:10 . 2009-04-30 21:22 12800 c:\windows\ie8updates\KB972260-IE8\xpshims.dll

+ 2009-08-09 08:10 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll

+ 2009-08-09 08:10 . 2009-04-30 21:22 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll

+ 2009-08-09 08:18 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\I386\filterpipelineprintproc.dll

+ 2009-08-09 08:35 . 2009-08-09 08:35 60928 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll

+ 2009-08-09 08:40 . 2009-08-09 08:40 37888 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll

+ 2009-08-09 08:40 . 2009-08-09 08:40 36864 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll

+ 2009-08-09 08:38 . 2009-08-09 08:38 94208 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll

+ 2009-08-09 08:38 . 2009-08-09 08:38 82944 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll

+ 2009-08-15 21:03 . 2009-08-15 21:03 47104 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe

+ 2009-08-09 08:28 . 2009-08-09 08:28 39424 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll

+ 2009-08-09 08:40 . 2009-08-09 08:40 55296 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll

+ 2009-08-09 08:38 . 2009-08-09 08:38 65024 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll

+ 2009-08-09 08:38 . 2009-08-09 08:38 74752 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll

+ 2009-08-09 08:38 . 2009-08-09 08:38 14336 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe

+ 2009-08-09 08:37 . 2009-08-09 08:37 25600 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 94208 c:\windows\ASSEMBLY\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 98304 c:\windows\ASSEMBLY\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 40960 c:\windows\ASSEMBLY\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 12288 c:\windows\ASSEMBLY\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 61440 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 77824 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 32768 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 77824 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 32768 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 73728 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll

- 2009-04-04 21:23 . 2009-04-04 21:23 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 53248 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2009-04-04 21:23 . 2009-04-04 21:23 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 57344 c:\windows\ASSEMBLY\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 45056 c:\windows\ASSEMBLY\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 46104 c:\windows\ASSEMBLY\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe

+ 2009-08-09 08:19 . 2009-08-09 08:19 32768 c:\windows\ASSEMBLY\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 32768 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2009-04-04 21:22 . 2009-04-04 21:22 32768 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 12800 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2009-04-04 21:23 . 2009-04-04 21:23 12800 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 41984 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 28672 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2009-04-04 21:22 . 2009-04-04 21:22 28672 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 77824 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 94208 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 36864 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 36864 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2009-04-04 21:23 . 2009-04-04 21:23 36864 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 77824 c:\windows\ASSEMBLY\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2009-04-04 21:23 . 2009-04-04 21:23 13312 c:\windows\ASSEMBLY\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 13312 c:\windows\ASSEMBLY\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2009-04-04 21:23 . 2009-04-04 21:23 10752 c:\windows\ASSEMBLY\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 10752 c:\windows\ASSEMBLY\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 72192 c:\windows\ASSEMBLY\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2009-04-04 21:23 . 2009-04-04 21:23 72192 c:\windows\ASSEMBLY\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 69120 c:\windows\ASSEMBLY\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2008-07-30 03:40 . 2008-07-30 03:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll

- 2005-09-23 11:29 . 2005-09-23 11:29 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

- 2005-09-23 11:28 . 2005-09-23 11:28 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

+ 2008-07-25 15:16 . 2008-07-25 15:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

+ 2009-08-15 20:58 . 2009-08-15 20:58 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat

+ 2009-08-15 20:58 . 2009-08-15 20:58 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat

+ 2009-08-09 08:21 . 2009-08-09 08:21 5632 c:\windows\ASSEMBLY\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 7168 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2009-04-04 21:22 . 2009-04-04 21:22 7168 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 5632 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2009-04-04 21:24 . 2009-04-04 21:24 5632 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 6656 c:\windows\ASSEMBLY\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 8192 c:\windows\ASSEMBLY\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2009-04-04 21:23 . 2009-04-04 21:23 8192 c:\windows\ASSEMBLY\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2009-04-04 21:23 . 2009-04-04 21:23 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2007-11-07 06:19 . 2007-11-07 06:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll

+ 2007-11-07 06:19 . 2007-11-07 06:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll

+ 2007-11-07 01:23 . 2007-11-07 01:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll

+ 2008-07-30 01:26 . 2008-07-30 01:26 301568 c:\windows\SYSTEM32\XPSViewer\XPSViewer.exe

+ 2008-07-29 23:59 . 2008-07-29 23:59 161296 c:\windows\SYSTEM32\UIAutomationCore.dll

+ 2009-08-09 08:18 . 2008-07-06 12:06 765440 c:\windows\SYSTEM32\SPOOL\XPSEP\i386\mxdwdrv.dll

+ 2009-08-09 08:18 . 2008-07-06 12:06 765440 c:\windows\SYSTEM32\SPOOL\XPSEP\i386\i386\mxdwdrv.dll

+ 2009-08-09 08:18 . 2008-07-06 12:06 748032 c:\windows\SYSTEM32\SPOOL\XPSEP\amd64\mxdwdrv.dll

+ 2009-08-09 08:18 . 2008-07-06 12:06 748032 c:\windows\SYSTEM32\SPOOL\XPSEP\amd64\amd64\mxdwdrv.dll

+ 2009-08-09 08:18 . 2008-07-06 12:06 147456 c:\windows\SYSTEM32\SPOOL\PRTPROCS\x64\filterpipelineprintproc.dll

+ 2009-08-09 08:18 . 2008-07-06 10:50 597504 c:\windows\SYSTEM32\SPOOL\PRTPROCS\W32X86\printfilterpipelinesvc.exe

- 2005-05-20 06:33 . 2007-05-15 08:08 761344 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\unires.dll

+ 2005-05-20 06:33 . 2008-03-13 04:52 761344 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\unires.dll

+ 2005-05-20 06:33 . 2008-07-06 12:06 744960 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\unidrvui.dll

- 2005-05-20 06:33 . 2008-04-14 00:12 373248 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\unidrv.dll

+ 2005-05-20 06:33 . 2008-07-06 12:06 373248 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\unidrv.dll

+ 2009-08-09 08:18 . 2008-07-06 12:06 198656 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\mxdwdui.dll

+ 2009-08-09 08:18 . 2008-07-06 12:06 765440 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\mxdwdrv.dll

+ 2006-08-24 20:15 . 2006-08-24 20:15 150808 c:\windows\SYSTEM32\rgb9rast_2.dll

+ 2008-07-29 23:59 . 2008-07-29 23:59 781344 c:\windows\SYSTEM32\PresentationNative_v0300.dll

+ 2008-07-30 00:35 . 2008-07-30 00:35 326160 c:\windows\SYSTEM32\PresentationHost.exe

+ 2008-07-29 23:59 . 2008-07-29 23:59 105016 c:\windows\SYSTEM32\PresentationCFFRasterizerNative_v0300.dll

+ 2004-12-22 02:59 . 2009-08-09 08:26 445370 c:\windows\SYSTEM32\PERFH009.DAT

+ 2004-08-04 11:00 . 2009-07-03 17:09 206848 c:\windows\SYSTEM32\occache.dll

- 2006-11-08 02:03 . 2009-03-08 08:32 594432 c:\windows\SYSTEM32\msfeeds.dll

+ 2006-11-08 02:03 . 2009-07-03 17:09 594432 c:\windows\SYSTEM32\msfeeds.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 158720 c:\windows\SYSTEM32\mscorier.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 282112 c:\windows\SYSTEM32\mscoree.dll

+ 2004-08-04 11:00 . 2009-07-03 17:09 184320 c:\windows\SYSTEM32\iepeers.dll

+ 2004-08-04 11:00 . 2009-07-03 17:09 386048 c:\windows\SYSTEM32\iedkcs32.dll

+ 2004-08-04 11:00 . 2009-07-03 11:01 173056 c:\windows\SYSTEM32\ie4uinit.exe

- 2004-08-04 11:00 . 2009-04-30 11:21 173056 c:\windows\SYSTEM32\ie4uinit.exe

+ 2008-07-29 23:24 . 2008-07-29 23:24 622080 c:\windows\SYSTEM32\icardagt.exe

+ 2004-08-10 19:08 . 2009-08-09 08:31 146808 c:\windows\SYSTEM32\FNTCACHE.DAT

+ 2008-07-30 01:10 . 2008-07-30 01:10 493048 c:\windows\SYSTEM32\evr.dll

- 2006-05-10 05:23 . 2009-05-13 05:15 915456 c:\windows\SYSTEM32\DLLCACHE\wininet.dll

+ 2006-05-10 05:23 . 2009-07-03 17:09 915456 c:\windows\SYSTEM32\DLLCACHE\wininet.dll

+ 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\SYSTEM32\DLLCACHE\t2embed.dll

+ 2006-10-17 17:04 . 2009-07-03 17:09 206848 c:\windows\SYSTEM32\DLLCACHE\occache.dll

+ 2007-05-08 21:39 . 2009-07-03 17:09 594432 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll

- 2007-05-08 21:39 . 2009-03-08 08:32 594432 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll

+ 2009-06-12 19:46 . 2009-07-03 17:09 246272 c:\windows\SYSTEM32\DLLCACHE\ieproxy.dll

- 2009-06-12 19:46 . 2009-04-30 21:22 246272 c:\windows\SYSTEM32\DLLCACHE\ieproxy.dll

+ 2006-05-10 05:22 . 2009-07-03 17:09 184320 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll

+ 2004-08-04 11:00 . 2009-07-03 17:09 386048 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll

+ 2004-08-04 11:00 . 2009-07-03 11:01 173056 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe

- 2004-08-04 11:00 . 2009-04-30 11:21 173056 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe

+ 2004-12-31 23:19 . 2009-08-15 21:04 933888 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2004-12-31 23:19 . 2009-06-24 14:13 933888 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-08-30 00:03 . 2004-07-17 15:41 366080 c:\windows\ServicePackFiles\i386\digreqex.msi

+ 2008-08-30 00:03 . 2004-07-17 15:41 863232 c:\windows\ServicePackFiles\i386\digopt.msi

+ 2008-07-30 03:40 . 2008-07-30 03:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe

+ 2008-07-30 03:40 . 2008-07-30 03:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi

+ 2008-07-29 22:47 . 2008-07-29 22:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

+ 2008-07-29 22:47 . 2008-07-29 22:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll

+ 2008-07-30 03:15 . 2008-07-30 03:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat

+ 2008-07-30 03:40 . 2008-07-30 03:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll

+ 2008-07-30 03:40 . 2008-07-30 03:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll

+ 2008-07-30 00:35 . 2008-07-30 00:35 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll

+ 2008-07-29 23:59 . 2008-07-29 23:59 132120 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll

+ 2008-07-30 01:10 . 2008-07-30 01:10 806928 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll

+ 2008-07-29 23:16 . 2008-07-29 23:16 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe

+ 2008-07-29 23:16 . 2008-07-29 23:16 966656 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll

+ 2008-07-29 23:16 . 2008-07-29 23:16 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

+ 2008-07-29 23:16 . 2008-07-29 23:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll

+ 2008-07-29 23:16 . 2008-07-29 23:16 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe

+ 2008-07-29 23:16 . 2008-07-29 23:16 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll

+ 2008-07-29 23:16 . 2008-07-29 23:16 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll

+ 2008-07-29 23:24 . 2008-07-29 23:24 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

+ 2008-07-29 23:16 . 2008-07-29 23:16 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe

+ 2008-11-25 08:59 . 2008-11-25 08:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll

+ 2008-11-25 08:59 . 2008-11-25 08:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 392184 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe

+ 2008-07-25 15:17 . 2008-07-25 15:17 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll

+ 2008-11-25 08:59 . 2008-11-25 08:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll

+ 2008-11-25 08:59 . 2008-11-25 08:59 990032 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll

- 2005-09-23 11:29 . 2005-09-23 11:29 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll

- 2005-09-23 11:29 . 2005-09-23 11:29 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe

+ 2008-07-25 15:17 . 2008-07-25 15:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll

- 2005-09-23 11:28 . 2005-09-23 11:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

+ 2008-07-25 15:17 . 2008-07-25 15:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

+ 2008-07-25 15:16 . 2008-07-25 15:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe

- 2005-09-23 11:28 . 2005-09-23 11:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe

+ 2008-07-25 15:17 . 2008-07-25 15:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll

+ 2006-06-03 23:01 . 2006-06-03 23:01 258048 c:\windows\Installer\f8d422b.msi

+ 2008-11-13 08:01 . 2008-11-13 08:01 432640 c:\windows\Installer\c6b66f5.msi

+ 2008-10-24 21:00 . 2008-10-24 21:00 125952 c:\windows\Installer\95db1d.msp

+ 2005-09-28 02:18 . 2005-09-28 02:18 203264 c:\windows\Installer\87cb234.msi

+ 2005-09-28 02:18 . 2005-09-28 02:18 129536 c:\windows\Installer\87cb22f.msi

+ 2005-09-28 02:18 . 2005-09-28 02:18 130048 c:\windows\Installer\87cb22a.msi

+ 2005-09-28 02:14 . 2005-09-28 02:14 290304 c:\windows\Installer\87caf78.msi

+ 2005-09-28 02:14 . 2005-09-28 02:14 129536 c:\windows\Installer\87caf73.msi

+ 2005-09-28 02:14 . 2005-09-28 02:14 698880 c:\windows\Installer\87caf60.msi

+ 2005-09-28 02:13 . 2005-09-28 02:13 342016 c:\windows\Installer\87caf51.msi

+ 2005-09-28 02:13 . 2005-09-28 02:13 287232 c:\windows\Installer\87caf30.msi

+ 2005-09-28 02:13 . 2005-09-28 02:13 135168 c:\windows\Installer\87caf2b.msi

+ 2004-12-22 03:15 . 2004-12-22 03:15 293376 c:\windows\Installer\8410.msi

+ 2004-12-22 03:13 . 2004-12-22 03:13 656896 c:\windows\Installer\83f9.msi

+ 2004-12-22 03:12 . 2004-12-22 03:12 669696 c:\windows\Installer\83f1.msi

+ 2004-12-22 03:10 . 2004-12-22 03:10 171008 c:\windows\Installer\83d0.msi

+ 2004-12-22 03:09 . 2004-12-22 03:09 275968 c:\windows\Installer\83cc.msi

+ 2004-12-22 03:08 . 2004-12-22 03:08 621056 c:\windows\Installer\83bb.msi

+ 2004-08-10 19:08 . 2004-08-10 19:08 264704 c:\windows\Installer\7506.MSI

+ 2007-08-16 07:02 . 2007-08-16 07:02 431104 c:\windows\Installer\6334ae2.msi

+ 2006-11-15 08:01 . 2006-11-15 08:01 428544 c:\windows\Installer\5412655c.msi

+ 2005-01-23 03:14 . 2005-01-23 03:14 336896 c:\windows\Installer\42a0e.msi

+ 2009-03-02 19:43 . 2009-03-02 19:43 562176 c:\windows\Installer\3eec211.msi

+ 2005-04-21 02:01 . 2005-04-21 02:01 307712 c:\windows\Installer\39a67.msi

+ 2008-03-11 23:39 . 2008-03-11 23:39 569856 c:\windows\Installer\33b32e6.msp

+ 2008-10-26 20:59 . 2008-10-26 20:59 445440 c:\windows\Installer\2a405bf.msp

+ 2005-10-03 20:51 . 2005-10-03 20:51 178688 c:\windows\Installer\263bf76f.msi

+ 2009-01-21 22:39 . 2009-01-21 22:39 119296 c:\windows\Installer\2455076.msp

+ 2006-09-03 20:16 . 2006-09-03 20:16 171008 c:\windows\Installer\231368f6.msi

+ 2009-04-04 21:57 . 2009-04-04 21:57 213504 c:\windows\Installer\22ea581.msi

+ 2008-12-13 13:58 . 2008-12-13 13:58 754688 c:\windows\Installer\1f7ad8f.msp

+ 2009-08-09 08:21 . 2009-08-09 08:21 648192 c:\windows\Installer\1f7ad6c.msi

+ 2008-07-30 01:23 . 2008-07-30 01:23 250880 c:\windows\Installer\1f588fa.msp

+ 2008-07-30 01:28 . 2008-07-30 01:28 278016 c:\windows\Installer\1f588f8.msp

+ 2008-07-29 23:40 . 2008-07-29 23:40 291840 c:\windows\Installer\1f588f6.msp

+ 2009-08-09 08:20 . 2009-08-09 08:20 137728 c:\windows\Installer\1f588f0.msi

+ 2008-07-29 21:35 . 2008-07-29 21:35 553472 c:\windows\Installer\1f014f2.msp

+ 2008-07-29 21:33 . 2008-07-29 21:33 506368 c:\windows\Installer\1f014f0.msp

+ 2008-07-29 21:37 . 2008-07-29 21:37 911360 c:\windows\Installer\1f014ef.msp

+ 2009-03-20 15:48 . 2009-03-20 15:48 183808 c:\windows\Installer\1bd96.msp

+ 2007-05-19 12:07 . 2007-05-19 12:07 390656 c:\windows\Installer\188f3b57.msi

+ 2008-03-23 05:39 . 2008-03-23 05:39 289792 c:\windows\Installer\108940.msi

+ 2009-08-09 08:10 . 2009-05-13 05:15 915456 c:\windows\ie8updates\KB972260-IE8\wininet.dll

+ 2009-08-09 08:10 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll

+ 2009-08-09 08:10 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe

+ 2009-08-09 08:10 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll

+ 2009-08-09 08:10 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll

+ 2009-08-09 08:10 . 2009-04-30 21:22 246272 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll

+ 2009-08-09 08:10 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll

+ 2009-08-09 08:10 . 2009-04-30 21:22 385536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll

+ 2009-08-09 08:10 . 2009-04-30 11:21 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe

+ 2009-08-15 20:58 . 2009-08-15 20:58 184320 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat

+ 2009-08-15 20:58 . 2009-08-15 20:58 237568 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT

+ 2009-08-15 20:58 . 2009-08-15 20:58 237568 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT

+ 2009-08-09 08:18 . 2008-03-13 04:52 761344 c:\windows\Driver Cache\I386\unires.dll

+ 2009-08-09 08:18 . 2008-07-06 12:06 744960 c:\windows\Driver Cache\I386\unidrvui.dll

+ 2009-08-09 08:18 . 2008-07-06 12:06 373248 c:\windows\Driver Cache\I386\unidrv.dll

+ 2009-08-09 08:18 . 2008-07-06 12:06 198656 c:\windows\Driver Cache\I386\mxdwdui.dll

+ 2009-08-09 08:18 . 2008-07-06 12:06 765440 c:\windows\Driver Cache\I386\mxdwdrv.dll

+ 2004-12-22 03:08 . 2004-12-22 03:08 576512 c:\windows\Downloaded Installations\{D7027C31-E9CC-4B3F-A5A7-B36F69DB679E}\Banctec Service Agreement.msi

+ 2005-12-25 15:04 . 2005-04-04 07:07 982016 c:\windows\Downloaded Installations\{78F4DFCE-1336-4027-BCB2-1A00C24A8653}\ISScript11.Msi

+ 2006-07-14 16:57 . 2005-04-04 06:07 982016 c:\windows\Downloaded Installations\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\ISScript11.Msi

+ 2004-12-22 03:10 . 2004-12-22 03:10 413428 c:\windows\Downloaded Installations\{3AE813DE-06D6-4C11-AB7D-3832AA721F16}\Get High Speed Internet!.msi

+ 2009-08-09 08:37 . 2009-08-09 08:37 321536 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe

+ 2009-08-09 08:35 . 2009-08-09 08:35 240128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll

+ 2009-08-09 08:35 . 2009-08-09 08:35 187904 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll

+ 2009-08-09 08:35 . 2009-08-09 08:35 447488 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll

+ 2009-08-09 08:41 . 2009-08-09 08:41 400896 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll

+ 2009-08-09 08:40 . 2009-08-09 08:40 129536 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll

+ 2009-08-09 08:40 . 2009-08-09 08:40 202240 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll

+ 2009-08-09 08:40 . 2009-08-09 08:40 859648 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll

+ 2009-08-09 08:40 . 2009-08-09 08:40 328704 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll

+ 2009-08-09 08:40 . 2009-08-09 08:40 301056 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll

+ 2009-08-09 08:40 . 2009-08-09 08:40 547328 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll

+ 2009-08-09 08:40 . 2009-08-09 08:40 141312 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll

+ 2009-08-09 08:40 . 2009-08-09 08:40 627200 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll

+ 2009-08-09 08:40 . 2009-08-09 08:40 212992 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll

+ 2009-08-09 08:38 . 2009-08-09 08:38 676352 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll

+ 2009-08-09 08:39 . 2009-08-09 08:39 311296 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2009-08-09 08:40 . 2009-08-09 08:40 621056 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll

+ 2009-08-09 08:40 . 2009-08-09 08:40 998400 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll

+ 2009-08-09 08:39 . 2009-08-09 08:39 330752 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll

+ 2009-08-09 08:36 . 2009-08-09 08:36 381440 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll

+ 2009-08-09 08:36 . 2009-08-09 08:36 212992 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll

+ 2009-08-09 08:39 . 2009-08-09 08:39 280064 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll

+ 2009-08-09 08:39 . 2009-08-09 08:39 627712 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll

+ 2009-08-15 21:08 . 2009-08-15 21:08 208384 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll

+ 2009-08-09 08:39 . 2009-08-09 08:39 455680 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll

+ 2009-08-09 08:39 . 2009-08-09 08:39 881152 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll

+ 2009-08-09 08:39 . 2009-08-09 08:39 939008 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll

+ 2009-08-09 08:39 . 2009-08-09 08:39 354816 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll

+ 2009-08-09 08:39 . 2009-08-09 08:39 756736 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll

+ 2009-08-09 08:38 . 2009-08-09 08:38 135680 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll

+ 2009-08-09 08:38 . 2009-08-09 08:38 971264 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll

+ 2009-08-09 08:39 . 2009-08-09 08:39 141312 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll

+ 2009-08-09 08:38 . 2009-08-09 08:38 633856 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll

+ 2009-08-09 08:37 . 2009-08-09 08:37 366080 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe

+ 2009-08-09 08:37 . 2009-08-09 08:37 256000 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll

+ 2009-08-09 08:37 . 2009-08-09 08:37 320512 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe

+ 2009-08-15 21:05 . 2009-08-15 21:05 224768 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll

+ 2009-08-15 21:05 . 2009-08-15 21:05 539648 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll

+ 2009-08-15 21:05 . 2009-08-15 21:05 368128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll

+ 2009-08-15 21:05 . 2009-08-15 21:05 258048 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll

+ 2009-08-09 08:38 . 2009-08-09 08:38 133632 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe

+ 2009-08-09 08:37 . 2009-08-09 08:37 386560 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2009-08-09 08:38 . 2009-08-09 08:38 144384 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll

+ 2009-08-09 08:38 . 2009-08-09 08:38 175104 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2009-08-09 08:38 . 2009-08-09 08:38 839680 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll

+ 2009-08-09 08:38 . 2009-08-09 08:38 222720 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2009-08-09 08:38 . 2009-08-09 08:38 220672 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll

+ 2009-08-09 08:37 . 2009-08-09 08:37 410112 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe

+ 2009-08-09 08:37 . 2009-08-09 08:37 842240 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 385024 c:\windows\ASSEMBLY\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 167936 c:\windows\ASSEMBLY\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 139264 c:\windows\ASSEMBLY\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 507904 c:\windows\ASSEMBLY\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 540672 c:\windows\ASSEMBLY\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 839680 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2009-04-04 21:24 . 2009-04-04 21:24 835584 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 835584 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 335872 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll

+ 2009-08-09 08:28 . 2009-08-09 08:28 139264 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 131072 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll

+ 2009-08-09 08:28 . 2009-08-09 08:28 229376 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 688128 c:\windows\ASSEMBLY\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 114688 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2009-04-04 21:23 . 2009-04-04 21:23 114688 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 569344 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll

- 2009-04-04 21:23 . 2009-04-04 21:23 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 966656 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 131072 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2009-04-04 21:23 . 2009-04-04 21:23 131072 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 303104 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 233472 c:\windows\ASSEMBLY\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll

- 2009-04-04 21:23 . 2009-04-04 21:23 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 372736 c:\windows\ASSEMBLY\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 143360 c:\windows\ASSEMBLY\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 131072 c:\windows\ASSEMBLY\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 430080 c:\windows\ASSEMBLY\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 126976 c:\windows\ASSEMBLY\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 626688 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 401408 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2009-04-04 21:23 . 2009-04-04 21:23 188416 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 188416 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 286720 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 970752 c:\windows\ASSEMBLY\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 745472 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2009-08-09 08:28 . 2009-08-09 08:28 442368 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 114688 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll

+ 2009-08-09 08:28 . 2009-08-09 08:28 294912 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 684032 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 229376 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 667648 c:\windows\ASSEMBLY\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 425984 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 163840 c:\windows\ASSEMBLY\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll

- 2009-04-04 21:23 . 2009-04-04 21:23 110592 c:\windows\ASSEMBLY\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 110592 c:\windows\ASSEMBLY\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 110592 c:\windows\ASSEMBLY\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 528384 c:\windows\ASSEMBLY\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 864256 c:\windows\ASSEMBLY\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 163840 c:\windows\ASSEMBLY\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 397312 c:\windows\ASSEMBLY\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 139264 c:\windows\ASSEMBLY\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 196608 c:\windows\ASSEMBLY\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 598016 c:\windows\ASSEMBLY\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 659456 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 372736 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2009-04-04 21:24 . 2009-04-04 21:24 372736 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2009-04-04 21:24 . 2009-04-04 21:24 110592 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 110592 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 397312 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 749568 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 655360 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 802816 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 733184 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 348160 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 106496 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 507904 c:\windows\ASSEMBLY\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 261632 c:\windows\ASSEMBLY\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 368640 c:\windows\ASSEMBLY\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 113664 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2009-04-04 21:23 . 2009-04-04 21:23 258048 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 258048 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 486400 c:\windows\ASSEMBLY\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 163840 c:\windows\ASSEMBLY\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2004-08-04 11:00 . 2004-08-04 11:00 1326080 c:\windows\SYSTEM32\WEBFLDRS.MSI

+ 2004-08-04 11:00 . 2009-07-03 17:09 1208832 c:\windows\SYSTEM32\urlmon.dll

+ 2009-08-09 08:18 . 2008-07-06 12:06 1676288 c:\windows\SYSTEM32\SPOOL\XPSEP\i386\xpssvcs.dll

+ 2009-08-09 08:18 . 2008-07-06 12:06 1676288 c:\windows\SYSTEM32\SPOOL\XPSEP\i386\i386\xpssvcs.dll

+ 2009-08-09 08:18 . 2008-07-06 21:36 2936832 c:\windows\SYSTEM32\SPOOL\XPSEP\amd64\xpssvcs.dll

+ 2009-08-09 08:18 . 2008-07-06 21:36 2936832 c:\windows\SYSTEM32\SPOOL\XPSEP\amd64\amd64\xpssvcs.dll

+ 2009-08-09 08:18 . 2008-07-06 12:06 1676288 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\XpsSvcs.dll

+ 2004-08-04 11:00 . 2009-07-19 13:18 5937152 c:\windows\SYSTEM32\mshtml.dll

+ 2006-10-17 16:57 . 2009-07-03 17:09 1985536 c:\windows\SYSTEM32\iertutil.dll

+ 2006-05-10 05:23 . 2009-07-03 17:09 1208832 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll

+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\SYSTEM32\DLLCACHE\quartz.dll

+ 2006-05-19 15:08 . 2009-07-19 13:18 5937152 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll

+ 2007-05-08 21:39 . 2009-07-03 17:09 1985536 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll

+ 2004-12-31 23:26 . 2004-12-22 03:07 9946112 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\Java 2 Runtime Environment, SE v1.4.2_03.msi

+ 2008-08-30 00:06 . 2004-08-04 11:00 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi

+ 2008-08-30 00:05 . 2004-07-17 15:41 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi

+ 2008-07-30 03:40 . 2008-07-30 03:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe

+ 2008-07-29 22:47 . 2008-07-29 22:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll

+ 2008-07-30 03:40 . 2008-07-30 03:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe

+ 2008-12-05 23:35 . 2008-12-05 23:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll

+ 2008-07-30 01:10 . 2008-07-30 01:10 2637840 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll

+ 2008-07-30 01:10 . 2008-07-30 01:10 4883464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll

+ 2008-12-06 00:12 . 2008-12-06 00:12 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

+ 2008-11-25 08:59 . 2008-11-25 08:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

+ 2008-11-25 08:59 . 2008-11-25 08:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 3149824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll

+ 2008-07-25 15:17 . 2008-07-25 15:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll

+ 2008-11-25 08:59 . 2008-11-25 08:59 5813576 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2008-11-25 08:59 . 2008-11-25 08:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2008-07-25 15:16 . 2008-07-25 15:16 1163768 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll

+ 2007-05-25 16:08 . 2007-05-25 16:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp

+ 2008-08-28 17:18 . 2008-08-28 17:18 1247744 c:\windows\Installer\efc01d6.msi

+ 2005-12-26 20:43 . 2005-12-26 20:43 3037184 c:\windows\Installer\dd58ed.msi

+ 2008-08-14 07:26 . 2008-08-14 07:26 5314048 c:\windows\Installer\c7aecff.msp

+ 2007-04-14 02:21 . 2007-04-14 02:21 1392128 c:\windows\Installer\bbfe9b.msi

+ 2008-10-22 00:19 . 2008-10-22 00:19 3771904 c:\windows\Installer\a35747a.msi

+ 2008-10-22 00:16 . 2008-10-22 00:16 1652224 c:\windows\Installer\a3572ee.msi

+ 2008-10-22 00:14 . 2008-10-22 00:14 8990208 c:\windows\Installer\a3572e9.msi

+ 2008-10-22 00:09 . 2008-10-22 00:09 3152384 c:\windows\Installer\a35703b.msi

+ 2005-09-28 02:17 . 2005-09-28 02:17 3459584 c:\windows\Installer\87cb225.msi

+ 2009-01-15 07:35 . 2009-01-15 07:35 4830720 c:\windows\Installer\84b23a8.msp

+ 2004-12-22 03:09 . 2004-12-22 03:09 1914880 c:\windows\Installer\83c6.msi

+ 2008-08-21 23:29 . 2008-08-21 23:29 1888768 c:\windows\Installer\57b786d.msi

+ 2004-08-10 19:10 . 2004-08-10 19:10 3443712 c:\windows\Installer\50C4.MSI

+ 2006-07-14 15:58 . 2006-07-14 15:58 7435776 c:\windows\Installer\3928d2e6.msi

+ 2005-02-11 12:06 . 2005-02-11 12:06 5864960 c:\windows\Installer\32aa0b6.msp

+ 2008-02-13 09:15 . 2008-02-13 09:15 2417152 c:\windows\Installer\311fb017.msp

+ 2005-01-22 20:37 . 2005-01-22 20:37 1188864 c:\windows\Installer\2d5dc.msi

+ 2008-01-26 23:25 . 2008-01-26 23:25 2051072 c:\windows\Installer\2ac96828.msi

+ 2005-05-26 23:47 . 2005-05-26 23:47 4716032 c:\windows\Installer\27cd68.msi

+ 2008-12-13 13:57 . 2008-12-13 13:57 8397824 c:\windows\Installer\1f7ad7a.msp

+ 2008-07-29 23:26 . 2008-07-29 23:26 1043456 c:\windows\Installer\1f588f9.msp

+ 2008-07-30 00:37 . 2008-07-30 00:37 2679808 c:\windows\Installer\1f588f7.msp

+ 2008-07-30 01:15 . 2008-07-30 01:15 3697664 c:\windows\Installer\1f588f5.msp

+ 2008-07-29 23:34 . 2008-07-29 23:34 1448448 c:\windows\Installer\1f588f4.msp

+ 2008-07-30 00:22 . 2008-07-30 00:22 4137984 c:\windows\Installer\1f588f3.msp

+ 2008-07-29 23:18 . 2008-07-29 23:18 3376640 c:\windows\Installer\1f588f2.msp

+ 2008-07-29 21:45 . 2008-07-29 21:45 2543616 c:\windows\Installer\1f014f6.msp

+ 2008-07-29 21:29 . 2008-07-29 21:29 2926080 c:\windows\Installer\1f014f5.msp

+ 2008-07-29 21:41 . 2008-07-29 21:41 6487040 c:\windows\Installer\1f014f4.msp

+ 2008-07-29 21:39 . 2008-07-29 21:39 3403264 c:\windows\Installer\1f014f3.msp

+ 2008-07-29 21:43 . 2008-07-29 21:43 1013248 c:\windows\Installer\1f014f1.msp

+ 2008-07-29 21:31 . 2008-07-29 21:31 6083072 c:\windows\Installer\1f014ee.msp

+ 2005-12-25 15:03 . 2005-12-25 15:03 7417344 c:\windows\Installer\1bdc612.msi

+ 2008-08-29 21:10 . 2008-08-29 21:10 1549312 c:\windows\Installer\1ad7c3.msi

+ 2005-04-03 19:37 . 2005-04-03 19:37 2593792 c:\windows\Installer\14fe730c.msp

+ 2004-10-21 21:56 . 2004-10-21 21:56 5533696 c:\windows\Installer\14fe72f9.msp

+ 2004-10-21 14:23 . 2004-10-21 14:23 3581952 c:\windows\Installer\14fe72e4.msp

+ 2005-03-02 14:23 . 2005-03-02 14:23 4775424 c:\windows\Installer\14fe72d3.msp

+ 2005-04-22 19:29 . 2005-04-22 19:29 4855296 c:\windows\Installer\14fe72c2.msp

+ 2009-08-09 08:10 . 2009-04-30 21:22 1207808 c:\windows\ie8updates\KB972260-IE8\urlmon.dll

+ 2009-08-09 08:10 . 2009-05-13 05:15 5936128 c:\windows\ie8updates\KB972260-IE8\mshtml.dll

+ 2009-08-09 08:10 . 2009-04-30 21:22 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll

+ 2005-10-05 20:00 . 2005-10-05 20:00 2220544 c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{BB4EE741-CA46-4345-A3B7-1AECBFAB0AFE}\HP Software Update.msi

+ 2009-08-15 20:58 . 2009-08-15 20:58 3776512 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT

+ 2005-12-25 15:04 . 2005-09-16 15:15 9926144 c:\windows\Downloaded Installations\{78F4DFCE-1336-4027-BCB2-1A00C24A8653}\iTunes.msi

+ 2006-07-14 16:57 . 2006-06-19 20:04 9934848 c:\windows\Downloaded Installations\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\iTunes.msi

+ 2009-08-09 08:29 . 2009-08-09 08:29 3313664 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll

+ 2009-08-09 08:35 . 2009-08-09 08:35 1049600 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll

+ 2009-08-09 08:28 . 2009-08-09 08:28 7868416 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll

+ 2009-08-09 08:35 . 2009-08-09 08:35 5450752 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll

+ 2009-08-09 08:41 . 2009-08-09 08:41 1356288 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll

+ 2009-08-09 08:41 . 2009-08-09 08:41 1908224 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll

+ 2009-08-09 08:41 . 2009-08-09 08:41 4514304 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll

+ 2009-08-09 08:41 . 2009-08-09 08:41 2992640 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll

+ 2009-08-09 08:40 . 2009-08-09 08:40 1840640 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll

+ 2009-08-09 08:40 . 2009-08-09 08:40 2209280 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll

+ 2009-08-09 08:40 . 2009-08-09 08:40 2403328 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll

+ 2009-08-09 08:35 . 2009-08-09 08:35 1917440 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll

+ 2009-08-09 08:40 . 2009-08-09 08:40 1706496 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll

+ 2009-08-09 08:37 . 2009-08-09 08:37 2338304 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll

+ 2009-08-09 08:35 . 2009-08-09 08:35 1035264 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll

+ 2009-08-09 08:36 . 2009-08-09 08:36 1056768 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll

+ 2009-08-15 21:08 . 2009-08-15 21:08 1587200 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll

+ 2009-08-09 08:39 . 2009-08-09 08:39 1116672 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll

+ 2009-08-09 08:39 . 2009-08-09 08:39 1801216 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll

+ 2009-08-15 21:06 . 2009-08-15 21:06 6616576 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll

+ 2009-08-09 08:38 . 2009-08-09 08:38 2510336 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll

+ 2009-08-09 08:39 . 2009-08-09 08:39 1328128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll

+ 2009-08-15 21:06 . 2009-08-15 21:06 2516480 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Linq\0bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll

+ 2009-08-09 08:39 . 2009-08-09 08:39 9924096 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll

+ 2009-08-15 21:06 . 2009-08-15 21:06 2295296 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll

+ 2009-08-15 21:05 . 2009-08-15 21:05 2128896 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll

+ 2009-08-15 21:05 . 2009-08-15 21:05 1657856 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll

+ 2009-08-09 08:28 . 2009-08-09 08:28 1451008 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll

+ 2009-08-09 08:38 . 2009-08-09 08:38 1712128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll

+ 2009-08-09 08:37 . 2009-08-09 08:37 1093120 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll

+ 2009-08-09 08:40 . 2009-08-09 08:40 2332160 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll

+ 2009-08-09 08:38 . 2009-08-09 08:38 1620992 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll

+ 2009-08-09 08:38 . 2009-08-09 08:38 1966080 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2009-08-09 08:38 . 2009-08-09 08:38 1888768 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 1245184 c:\windows\ASSEMBLY\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 3149824 c:\windows\ASSEMBLY\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 2048000 c:\windows\ASSEMBLY\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 1630208 c:\windows\ASSEMBLY\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 1138688 c:\windows\ASSEMBLY\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 5025792 c:\windows\ASSEMBLY\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2009-08-09 08:28 . 2009-08-09 08:28 1277952 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

+ 2009-08-09 08:27 . 2009-08-09 08:27 5931008 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 5062656 c:\windows\ASSEMBLY\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2009-08-09 08:21 . 2009-08-09 08:21 2879488 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll

+ 2009-08-09 08:27 . 2009-08-09 08:27 5283840 c:\windows\ASSEMBLY\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 5242880 c:\windows\ASSEMBLY\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 2933248 c:\windows\ASSEMBLY\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2009-08-09 08:19 . 2009-08-09 08:19 4210688 c:\windows\ASSEMBLY\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2009-08-09 08:25 . 2009-08-09 08:25 4546560 c:\windows\ASSEMBLY\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2009-03-30 03:10 . 2009-07-07 15:10 24539592 c:\windows\SYSTEM32\MRT.exe

+ 2006-11-08 02:03 . 2009-07-19 22:48 11067392 c:\windows\SYSTEM32\ieframe.dll

+ 2007-05-08 21:39 . 2009-07-19 22:48 11067392 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll

+ 2007-07-11 07:00 . 2007-07-11 07:00 15256576 c:\windows\Installer\2543a793.msp

+ 2008-12-13 14:21 . 2008-12-13 14:21 10473472 c:\windows\Installer\1f7ad84.msp

+ 2004-08-10 19:10 . 2004-08-10 19:10 19204096 c:\windows\Installer\1599F.MSP

+ 2004-07-08 04:23 . 2004-07-08 04:23 18643968 c:\windows\Installer\14fe72af.msp

+ 2009-08-09 08:10 . 2009-04-30 21:22 11064832 c:\windows\ie8updates\KB972260-IE8\ieframe.dll

+ 2005-12-25 14:53 . 2008-03-23 05:26 35885568 c:\windows\Downloaded Installations\{B9C0ED57-3C59-4B31-9AE9-50E12D0357DD}\iPod for Windows 2005-09-23.msi

+ 2006-07-14 15:57 . 2006-07-14 15:56 45631488 c:\windows\Downloaded Installations\{ADF0CB4C-E2E8-41AC-832B-81F52F0FE755}\iPod for Windows 2006-06-28.msi

+ 2009-08-09 08:35 . 2009-08-09 08:35 12430848 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll

+ 2009-08-09 08:40 . 2009-08-09 08:40 11796992 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll

+ 2009-08-09 08:37 . 2009-08-09 08:37 17317888 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll

+ 2009-08-15 21:07 . 2009-08-15 21:07 10683392 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Design\8ee220bc3cce4f7bbd7818946519ed7f\System.Design.ni.dll

+ 2009-08-15 21:04 . 2009-08-15 21:04 14327808 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll

+ 2009-08-15 21:03 . 2009-08-15 21:03 12216320 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll

+ 2009-08-15 21:02 . 2009-08-15 21:02 11486720 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OSCD_Creator"="c:\dell\PreODM.EXE" [2004-10-31 408576]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-02 136600]

"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-05-12 180269]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"SiteAdvisor"="c:\program files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-09 36904]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"OSCD_Creator"="c:\dell\PreODM.EXE" [2004-10-31 408576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Update Utility"="\\?\globalroot\systemroot\system32\vfhr.exe" [?]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-5-19 118784]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\McAfee\\MPF\\MpfSrv.exe"=

"c:\\Program Files\\Dell Support Center\\bin\\sprtsvc.exe"=

R0 $sys$cor;$sys$cor;c:\windows\SYSTEM32\DRIVERS\$sys$cor.sys [10/6/2004 10:11 AM 10368]

R3 Am772;AMD Alchemy Solutions Wireless 802.11 Adapter;c:\windows\SYSTEM32\DRIVERS\Am772.sys [7/10/2003 6:47 PM 151894]

S2 vltinuyvkadws;vltinuyvkadws;\??\c:\windows\system32\drivers\zcohxi.sys --> c:\windows\system32\drivers\zcohxi.sys [?]

S3 gkmixern;gkmixern;\??\c:\docume~1\emily\LOCALS~1\Temp\gkmixern.sys --> c:\docume~1\emily\LOCALS~1\Temp\gkmixern.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-06-15 c:\windows\Tasks\McDefragTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-15 15:53]

2009-06-01 c:\windows\Tasks\McQcTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-15 15:53]

2009-08-15 c:\windows\Tasks\User_Feed_Synchronization-{DF4C93FD-E010-495E-BE2B-9D30E0F32456}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

- - - - ORPHANS REMOVED - - - -

BHO-{3F1866D7-E21A-4403-A609-D8F2090567DF} - (no file)

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-15 17:08

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

OSCD_Creator = c:\dell\PreODM.EXE /2??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3676)

c:\windows\system32\WININET.dll

c:\program files\SiteAdvisor\6172\saHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Microsoft Office\OFFICE11\msohev.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SYSTEM32\LEXBCES.EXE

c:\windows\SYSTEM32\LEXPPS.EXE

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\program files\Common Files\McAfee\MNA\McNASvc.exe

c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe

c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe

c:\program files\McAfee\MSK\msksrver.exe

c:\windows\SYSTEM32\HPZipm12.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\program files\McAfee\MPF\MpfSrv.exe

c:\windows\SYSTEM32\wscntfy.exe

c:\progra~1\McAfee.com\Agent\mcagent.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\program files\Java\jre6\bin\jucheck.exe

.

**************************************************************************

.

Completion time: 2009-08-15 17:39 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-15 21:39

ComboFix2.txt 2009-06-24 15:05

Pre-Run: 35,310,465,024 bytes free

Post-Run: 34,898,407,424 bytes free

934 --- E O F --- 2009-08-15 21:06

Link to post
Share on other sites

this is the hijack this log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:43:49 PM, on 8/15/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\wscntfy.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O4 - HKLM\..\Run: [OSCD_Creator] c:\Dell\PreODM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [OSCD_Creator] C:\Dell\PreODM.EXE /2

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-18\..\Run: [Windows Update Utility] \\?\globalroot\systemroot\system32\vfhr.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Windows Update Utility] \\?\globalroot\systemroot\system32\vfhr.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--

End of file - 9964 bytes

Link to post
Share on other sites

  • Root Admin

STEP 01

Download but do not yet run ComboFix

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

Download it to your DESKTOP - it MUST run from the Desktop

download.bleepingcomputer.com/sUBs/ComboFix.exe

subs.geekstogo.com/ComboFix.exe

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

KILLALL::
driver::
vltinuyvkadws
gkmixern
file::
c:\windows\system32\drivers\zcohxi.sys
c:\docume~1\emily\LOCALS~1\Temp\gkmixern.sys

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

CFScript.gif

  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disconnect from the Internet.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
  • It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 02

Please see if you can get MBAM to run and update now.

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

Link to post
Share on other sites

here are the logs:

ComboFix 09-08-10.06 - Brian 08/17/2009 21:55.4.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.236 [GMT -4:00]

Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Brian\Desktop\CFscript.txt

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::

"c:\docume~1\emily\LOCALS~1\Temp\gkmixern.sys"

"c:\windows\system32\drivers\zcohxi.sys"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_GKMIXERN

-------\Legacy_VLTINUYVKADWS

-------\Service_gkmixern

-------\Service_vltinuyvkadws

((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))

.

2009-08-15 21:02 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

2009-08-15 20:17 . 2009-08-15 20:17 -------- d-----w- c:\documents and settings\Brian\Application Data\McAfee

2009-08-09 08:19 . 2009-08-09 08:19 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-09 08:19 . 2009-08-09 08:19 -------- d-----w- c:\program files\MSBuild

2009-08-09 08:19 . 2009-08-09 08:19 -------- d-----w- c:\program files\Reference Assemblies

2009-08-09 08:18 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-09 08:18 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-09 08:18 . 2009-08-09 08:18 -------- d-----w- C:\22d06f0c895e0e6bf8fed5

2009-08-09 08:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-09 08:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-09 08:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-09 08:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-09 08:18 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

2009-07-30 03:02 . 2009-07-30 03:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer

2009-07-25 23:11 . 2009-08-10 20:25 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-07-21 19:53 . 2009-07-21 19:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-17 23:20 . 2008-08-25 01:19 -------- d-----w- c:\documents and settings\Brian\Application Data\skypePM

2009-08-15 21:35 . 2005-02-21 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-08-14 19:02 . 2004-11-09 10:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-14 19:02 . 2009-04-10 13:31 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-08-09 08:31 . 2005-01-23 03:14 -------- d-----w- c:\program files\McAfee

2009-08-05 09:01 . 2004-08-04 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-03 17:36 . 2004-11-09 10:23 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 17:36 . 2004-11-09 10:23 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-17 19:01 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 03:43 . 2004-08-04 11:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-03 17:09 . 2004-08-04 11:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-25 13:20 . 2009-06-25 13:20 -------- d-sh--w- c:\documents and settings\Guest\Application Data\lowsec

2009-06-24 01:34 . 2009-06-24 01:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-06-22 13:55 . 2008-08-13 20:01 -------- d-----w- c:\documents and settings\Brian\Application Data\SiteAdvisor

2009-06-16 14:36 . 2004-08-04 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2004-08-04 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2004-08-04 11:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:13 . 2004-08-04 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 13:19 . 2004-08-04 11:00 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:14 . 2004-08-04 11:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-03 19:09 . 2004-08-04 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll

2004-08-04 11:00 . 2004-08-04 11:00 94784 -csh--w- c:\windows\TWAIN.DLL

2008-04-14 00:12 . 2004-08-04 11:00 50688 --sh--w- c:\windows\twain_32.dll

2005-03-28 20:33 . 2005-01-13 05:54 900 -csha-w- c:\windows\SYSTEM32\KGyGaAvL.sys

2008-04-14 00:11 . 2004-08-04 11:00 1028096 --sha-w- c:\windows\SYSTEM32\mfc42.dll

2008-04-14 00:12 . 2004-08-04 11:00 57344 --sha-w- c:\windows\SYSTEM32\msvcirt.dll

2008-04-14 00:12 . 2004-08-04 11:00 413696 --sha-w- c:\windows\SYSTEM32\msvcp60.dll

2008-04-14 00:12 . 2004-08-04 11:00 343040 --sha-w- c:\windows\SYSTEM32\msvcrt.dll

2008-04-14 00:12 . 2004-08-04 11:00 551936 --sha-w- c:\windows\SYSTEM32\oleaut32.dll

2008-04-14 00:12 . 2004-08-04 11:00 84992 --sha-w- c:\windows\SYSTEM32\olepro32.dll

2008-04-14 00:12 . 2004-08-04 11:00 11776 --sha-w- c:\windows\SYSTEM32\regsvr32.exe

.

((((((((((((((((((((((((((((( SnapShot_2009-08-15_21.09.20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-18 02:11 . 2009-08-18 02:11 16384 c:\windows\temp\Perflib_Perfdata_7f0.dat

+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\SYSTEM32\DLLCACHE\telnet.exe

+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\SYSTEM32\DLLCACHE\avifil32.dll

+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\SYSTEM32\DLLCACHE\atl.dll

+ 2004-12-31 23:19 . 2009-08-17 23:29 49152 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat

- 2004-12-31 23:19 . 2009-08-15 21:04 49152 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2004-12-31 23:19 . 2009-08-17 23:29 49152 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat

- 2004-12-31 23:19 . 2009-08-15 21:04 49152 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat

- 2009-08-09 08:35 . 2009-08-09 08:35 60928 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll

+ 2009-08-15 21:15 . 2009-08-15 21:15 60928 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll

- 2009-08-09 08:40 . 2009-08-09 08:40 37888 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll

+ 2009-08-15 22:06 . 2009-08-15 22:06 37888 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll

- 2009-08-09 08:40 . 2009-08-09 08:40 36864 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll

+ 2009-08-15 22:06 . 2009-08-15 22:06 36864 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll

- 2009-08-09 08:38 . 2009-08-09 08:38 94208 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll

+ 2009-08-15 21:25 . 2009-08-15 21:25 94208 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll

- 2009-08-09 08:38 . 2009-08-09 08:38 82944 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll

+ 2009-08-15 21:25 . 2009-08-15 21:25 82944 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll

+ 2009-08-15 21:28 . 2009-08-15 21:28 55296 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll

- 2009-08-09 08:40 . 2009-08-09 08:40 55296 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll

+ 2009-08-15 21:24 . 2009-08-15 21:24 65024 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll

- 2009-08-09 08:38 . 2009-08-09 08:38 65024 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll

- 2009-08-09 08:38 . 2009-08-09 08:38 74752 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll

+ 2009-08-15 21:23 . 2009-08-15 21:23 74752 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll

+ 2009-08-15 21:23 . 2009-08-15 21:23 14336 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe

- 2009-08-09 08:38 . 2009-08-09 08:38 14336 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe

- 2009-08-09 08:37 . 2009-08-09 08:37 25600 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll

+ 2009-08-15 21:23 . 2009-08-15 21:23 25600 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll

- 2009-08-15 20:58 . 2009-08-15 20:58 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat

+ 2009-08-18 02:09 . 2009-08-18 02:09 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat

- 2009-08-15 20:58 . 2009-08-15 20:58 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat

+ 2009-08-18 02:09 . 2009-08-18 02:09 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat

+ 2004-08-04 11:00 . 2009-07-14 03:43 286208 c:\windows\SYSTEM32\DLLCACHE\wmpdxm.dll

+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\SYSTEM32\DLLCACHE\wkssvc.dll

+ 2004-12-31 23:19 . 2009-08-17 23:29 933888 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2004-12-31 23:19 . 2009-08-15 21:04 933888 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2009-08-18 02:09 . 2009-08-18 02:09 184320 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat

- 2009-08-15 20:58 . 2009-08-15 20:58 184320 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat

+ 2009-08-18 02:09 . 2009-08-18 02:09 237568 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT

- 2009-08-15 20:58 . 2009-08-15 20:58 237568 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT

- 2009-08-15 20:58 . 2009-08-15 20:58 237568 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT

+ 2009-08-18 02:09 . 2009-08-18 02:09 237568 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT

- 2009-08-09 08:37 . 2009-08-09 08:37 321536 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe

+ 2009-08-15 21:22 . 2009-08-15 21:22 321536 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe

+ 2009-08-15 21:17 . 2009-08-15 21:17 240128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll

- 2009-08-09 08:35 . 2009-08-09 08:35 240128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll

- 2009-08-09 08:35 . 2009-08-09 08:35 187904 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll

+ 2009-08-15 21:15 . 2009-08-15 21:15 187904 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll

+ 2009-08-15 21:15 . 2009-08-15 21:15 447488 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll

- 2009-08-09 08:35 . 2009-08-09 08:35 447488 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll

+ 2009-08-15 22:07 . 2009-08-15 22:07 400896 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll

- 2009-08-09 08:41 . 2009-08-09 08:41 400896 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll

- 2009-08-09 08:40 . 2009-08-09 08:40 129536 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll

+ 2009-08-15 21:30 . 2009-08-15 21:30 129536 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll

+ 2009-08-15 22:06 . 2009-08-15 22:06 202240 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll

- 2009-08-09 08:40 . 2009-08-09 08:40 202240 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll

+ 2009-08-15 22:06 . 2009-08-15 22:06 859648 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll

- 2009-08-09 08:40 . 2009-08-09 08:40 859648 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll

+ 2009-08-15 22:06 . 2009-08-15 22:06 328704 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll

- 2009-08-09 08:40 . 2009-08-09 08:40 328704 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll

- 2009-08-09 08:40 . 2009-08-09 08:40 301056 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll

+ 2009-08-15 22:06 . 2009-08-15 22:06 301056 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll

- 2009-08-09 08:40 . 2009-08-09 08:40 547328 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll

+ 2009-08-15 22:06 . 2009-08-15 22:06 547328 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll

+ 2009-08-15 21:30 . 2009-08-15 21:30 141312 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll

- 2009-08-09 08:40 . 2009-08-09 08:40 141312 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll

- 2009-08-09 08:40 . 2009-08-09 08:40 627200 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll

+ 2009-08-15 21:29 . 2009-08-15 21:29 627200 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll

+ 2009-08-15 21:29 . 2009-08-15 21:29 212992 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll

- 2009-08-09 08:40 . 2009-08-09 08:40 212992 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll

+ 2009-08-15 21:24 . 2009-08-15 21:24 676352 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll

- 2009-08-09 08:38 . 2009-08-09 08:38 676352 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll

- 2009-08-09 08:39 . 2009-08-09 08:39 311296 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2009-08-15 21:28 . 2009-08-15 21:28 311296 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2009-08-15 21:28 . 2009-08-15 21:28 621056 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll

- 2009-08-09 08:40 . 2009-08-09 08:40 621056 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll

- 2009-08-09 08:40 . 2009-08-09 08:40 998400 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll

+ 2009-08-15 21:28 . 2009-08-15 21:28 998400 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll

- 2009-08-09 08:39 . 2009-08-09 08:39 330752 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll

+ 2009-08-15 21:28 . 2009-08-15 21:28 330752 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll

- 2009-08-09 08:36 . 2009-08-09 08:36 381440 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll

+ 2009-08-15 21:19 . 2009-08-15 21:19 381440 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll

+ 2009-08-15 21:19 . 2009-08-15 21:19 212992 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll

- 2009-08-09 08:36 . 2009-08-09 08:36 212992 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll

+ 2009-08-15 21:28 . 2009-08-15 21:28 280064 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll

- 2009-08-09 08:39 . 2009-08-09 08:39 280064 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll

- 2009-08-09 08:39 . 2009-08-09 08:39 627712 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll

+ 2009-08-15 21:28 . 2009-08-15 21:28 627712 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll

- 2009-08-09 08:39 . 2009-08-09 08:39 455680 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll

+ 2009-08-15 21:28 . 2009-08-15 21:28 455680 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll

+ 2009-08-15 21:28 . 2009-08-15 21:28 881152 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll

- 2009-08-09 08:39 . 2009-08-09 08:39 881152 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll

+ 2009-08-15 21:27 . 2009-08-15 21:27 939008 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll

- 2009-08-09 08:39 . 2009-08-09 08:39 939008 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll

+ 2009-08-15 21:28 . 2009-08-15 21:28 354816 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll

- 2009-08-09 08:39 . 2009-08-09 08:39 354816 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll

- 2009-08-09 08:39 . 2009-08-09 08:39 756736 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll

+ 2009-08-15 21:27 . 2009-08-15 21:27 756736 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll

+ 2009-08-15 21:25 . 2009-08-15 21:25 135680 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll

- 2009-08-09 08:38 . 2009-08-09 08:38 135680 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll

- 2009-08-09 08:38 . 2009-08-09 08:38 971264 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll

+ 2009-08-15 21:24 . 2009-08-15 21:24 971264 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll

+ 2009-08-15 21:28 . 2009-08-15 21:28 141312 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll

- 2009-08-09 08:39 . 2009-08-09 08:39 141312 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll

+ 2009-08-15 21:25 . 2009-08-15 21:25 633856 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll

- 2009-08-09 08:38 . 2009-08-09 08:38 633856 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll

- 2009-08-09 08:37 . 2009-08-09 08:37 366080 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe

+ 2009-08-15 21:22 . 2009-08-15 21:22 366080 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe

- 2009-08-09 08:37 . 2009-08-09 08:37 256000 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll

+ 2009-08-15 21:22 . 2009-08-15 21:22 256000 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll

- 2009-08-09 08:37 . 2009-08-09 08:37 320512 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe

+ 2009-08-15 21:22 . 2009-08-15 21:22 320512 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe

+ 2009-08-15 21:23 . 2009-08-15 21:23 133632 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe

- 2009-08-09 08:38 . 2009-08-09 08:38 133632 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe

+ 2009-08-15 21:22 . 2009-08-15 21:22 386560 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll

- 2009-08-09 08:37 . 2009-08-09 08:37 386560 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2009-08-15 21:25 . 2009-08-15 21:25 144384 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll

- 2009-08-09 08:38 . 2009-08-09 08:38 144384 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll

+ 2009-08-15 21:25 . 2009-08-15 21:25 175104 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll

- 2009-08-09 08:38 . 2009-08-09 08:38 175104 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2009-08-15 21:24 . 2009-08-15 21:24 839680 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll

- 2009-08-09 08:38 . 2009-08-09 08:38 839680 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll

+ 2009-08-15 21:24 . 2009-08-15 21:24 222720 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll

- 2009-08-09 08:38 . 2009-08-09 08:38 222720 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll

- 2009-08-09 08:38 . 2009-08-09 08:38 220672 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll

+ 2009-08-15 21:24 . 2009-08-15 21:24 220672 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll

+ 2009-08-15 21:22 . 2009-08-15 21:22 410112 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe

- 2009-08-09 08:37 . 2009-08-09 08:37 410112 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe

- 2009-08-09 08:37 . 2009-08-09 08:37 842240 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll

+ 2009-08-15 21:23 . 2009-08-15 21:23 842240 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll

+ 2004-08-04 11:00 . 2009-06-10 13:19 2066432 c:\windows\SYSTEM32\DLLCACHE\mstscax.dll

+ 2009-08-18 02:09 . 2009-08-18 02:09 3784704 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT

+ 2009-08-15 21:15 . 2009-08-15 21:15 1049600 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll

- 2009-08-09 08:35 . 2009-08-09 08:35 1049600 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll

+ 2009-08-15 21:14 . 2009-08-15 21:14 5450752 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll

- 2009-08-09 08:35 . 2009-08-09 08:35 5450752 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll

+ 2009-08-15 22:07 . 2009-08-15 22:07 1356288 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll

- 2009-08-09 08:41 . 2009-08-09 08:41 1356288 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll

- 2009-08-09 08:41 . 2009-08-09 08:41 1908224 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll

+ 2009-08-15 22:07 . 2009-08-15 22:07 1908224 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll

- 2009-08-09 08:41 . 2009-08-09 08:41 4514304 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll

+ 2009-08-15 22:07 . 2009-08-15 22:07 4514304 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll

+ 2009-08-15 22:06 . 2009-08-15 22:06 2992640 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll

- 2009-08-09 08:41 . 2009-08-09 08:41 2992640 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll

- 2009-08-09 08:40 . 2009-08-09 08:40 1840640 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll

+ 2009-08-15 22:06 . 2009-08-15 22:06 1840640 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll

+ 2009-08-15 22:06 . 2009-08-15 22:06 2209280 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll

- 2009-08-09 08:40 . 2009-08-09 08:40 2209280 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll

+ 2009-08-15 22:06 . 2009-08-15 22:06 2403328 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll

- 2009-08-09 08:40 . 2009-08-09 08:40 2403328 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll

- 2009-08-09 08:35 . 2009-08-09 08:35 1917440 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll

+ 2009-08-15 21:12 . 2009-08-15 21:12 1917440 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll

+ 2009-08-15 21:29 . 2009-08-15 21:29 1706496 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll

- 2009-08-09 08:40 . 2009-08-09 08:40 1706496 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll

- 2009-08-09 08:37 . 2009-08-09 08:37 2338304 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll

+ 2009-08-15 21:19 . 2009-08-15 21:19 2338304 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll

- 2009-08-09 08:35 . 2009-08-09 08:35 1035264 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll

+ 2009-08-15 21:11 . 2009-08-15 21:11 1035264 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll

- 2009-08-09 08:36 . 2009-08-09 08:36 1056768 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll

+ 2009-08-15 21:19 . 2009-08-15 21:19 1056768 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll

- 2009-08-09 08:39 . 2009-08-09 08:39 1116672 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll

+ 2009-08-15 21:28 . 2009-08-15 21:28 1116672 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll

+ 2009-08-15 21:28 . 2009-08-15 21:28 1801216 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll

- 2009-08-09 08:39 . 2009-08-09 08:39 1801216 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll

- 2009-08-09 08:38 . 2009-08-09 08:38 2510336 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll

+ 2009-08-15 21:24 . 2009-08-15 21:24 2510336 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll

+ 2009-08-15 21:27 . 2009-08-15 21:27 1328128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll

- 2009-08-09 08:39 . 2009-08-09 08:39 1328128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll

+ 2009-08-15 21:27 . 2009-08-15 21:27 9924096 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll

- 2009-08-09 08:39 . 2009-08-09 08:39 9924096 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll

+ 2009-08-15 21:25 . 2009-08-15 21:25 1712128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll

- 2009-08-09 08:38 . 2009-08-09 08:38 1712128 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll

- 2009-08-09 08:37 . 2009-08-09 08:37 1093120 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll

+ 2009-08-15 21:22 . 2009-08-15 21:22 1093120 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll

- 2009-08-09 08:40 . 2009-08-09 08:40 2332160 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll

+ 2009-08-15 21:28 . 2009-08-15 21:28 2332160 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll

+ 2009-08-15 21:24 . 2009-08-15 21:24 1620992 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll

- 2009-08-09 08:38 . 2009-08-09 08:38 1620992 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll

+ 2009-08-15 21:25 . 2009-08-15 21:25 1966080 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll

- 2009-08-09 08:38 . 2009-08-09 08:38 1966080 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll

- 2009-08-09 08:38 . 2009-08-09 08:38 1888768 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll

+ 2009-08-15 21:23 . 2009-08-15 21:23 1888768 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll

+ 2004-08-04 11:00 . 2009-07-14 03:43 10841088 c:\windows\SYSTEM32\wmp.dll

+ 2009-03-30 03:10 . 2009-07-30 00:49 24281536 c:\windows\SYSTEM32\MRT.exe

+ 2009-07-14 03:43 . 2009-07-14 03:43 10841088 c:\windows\SYSTEM32\DLLCACHE\wmp.dll

+ 2009-08-15 21:13 . 2009-08-15 21:13 12430848 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll

- 2009-08-09 08:35 . 2009-08-09 08:35 12430848 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll

- 2009-08-09 08:40 . 2009-08-09 08:40 11796992 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll

+ 2009-08-15 21:29 . 2009-08-15 21:29 11796992 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll

- 2009-08-09 08:37 . 2009-08-09 08:37 17317888 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll

+ 2009-08-15 21:21 . 2009-08-15 21:21 17317888 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OSCD_Creator"="c:\dell\PreODM.EXE" [2004-10-31 408576]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-02 136600]

"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-05-12 180269]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"SiteAdvisor"="c:\program files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-09 36904]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"OSCD_Creator"="c:\dell\PreODM.EXE" [2004-10-31 408576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Update Utility"="\\?\globalroot\systemroot\system32\vfhr.exe" [?]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-5-19 118784]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\McAfee\\MPF\\MpfSrv.exe"=

"c:\\Program Files\\Dell Support Center\\bin\\sprtsvc.exe"=

R3 Am772;AMD Alchemy Solutions Wireless 802.11 Adapter;c:\windows\SYSTEM32\DRIVERS\Am772.sys [7/10/2003 6:47 PM 151894]

S0 $sys$cor;$sys$cor;c:\windows\system32\Drivers\$sys$cor.sys --> c:\windows\system32\Drivers\$sys$cor.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-06-15 c:\windows\Tasks\McDefragTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-15 15:53]

2009-06-01 c:\windows\Tasks\McQcTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-15 15:53]

2009-08-17 c:\windows\Tasks\User_Feed_Synchronization-{DF4C93FD-E010-495E-BE2B-9D30E0F32456}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-17 22:12

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

OSCD_Creator = c:\dell\PreODM.EXE /2??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1464)

c:\windows\system32\WININET.dll

c:\program files\SiteAdvisor\6172\saHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SYSTEM32\LEXBCES.EXE

c:\windows\SYSTEM32\LEXPPS.EXE

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\program files\Common Files\McAfee\MNA\McNASvc.exe

c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe

c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe

c:\program files\McAfee\MSK\msksrver.exe

c:\windows\SYSTEM32\HPZipm12.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\progra~1\McAfee.com\Agent\mcagent.exe

c:\windows\SYSTEM32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\program files\McAfee\MPF\MpfSrv.exe

c:\program files\Java\jre6\bin\jucheck.exe

.

**************************************************************************

.

Completion time: 2009-08-18 22:23 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-18 02:23

ComboFix2.txt 2009-08-15 21:40

ComboFix3.txt 2009-06-24 15:05

Pre-Run: 34,695,454,720 bytes free

Post-Run: 34,904,555,520 bytes free

402 --- E O F --- 2009-08-16 02:24

Malwarebytes' Anti-Malware 1.40

Database version: 2650

Windows 5.1.2600 Service Pack 3

8/18/2009 3:22:41 PM

mbam-log-2009-08-18 (15-22-41).txt

Scan type: Quick Scan

Objects scanned: 120573

Time elapsed: 6 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:24:51 PM, on 8/18/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\vsnp2std.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O4 - HKLM\..\Run: [OSCD_Creator] c:\Dell\PreODM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [OSCD_Creator] C:\Dell\PreODM.EXE /2

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [Windows Update Utility] \\?\globalroot\systemroot\system32\vfhr.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Windows Update Utility] \\?\globalroot\systemroot\system32\vfhr.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--

End of file - 9878 bytes

Link to post
Share on other sites

  • Root Admin

STEP 01

    Download and install CCleaner
  • CCleaner
  • Double-click on the downloaded file "ccsetup222_slim.exe" and install the application.
  • Keep the default installation folder "C:\Program Files\CCleaner"
  • Click finish when done and close ALL PROGRAMS
  • Start the CCleaner program.
  • Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)
  • Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
  • Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
  • Click on Run Cleaner button on the bottom right side of the program.
  • Click OK to any prompts

STEP 02

You have what appears to be the Sony Music protection from years ago on your system.

Please review the site here and download their tool for removal. Then verify that your CD/DVD drive still works when done and let me know.

Sony Music XCP PROTECTED CDs

STEP 03

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.

    When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop

  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

Here are the logs, and my cd drive still works

DDS (Ver_09-07-30.01) - NTFSx86

Run by Brian at 15:19:00.71 on Wed 08/19/2009

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.160 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\vsnp2std.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\Y1VKRIYI\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6253\SiteAdv.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6253\SiteAdv.dll

uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [OSCD_Creator] c:\dell\PreODM.EXE

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [siteAdvisor] c:\program files\siteadvisor\6172\SiteAdv.exe

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [snp2std] c:\windows\vsnp2std.exe

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [OSCD_Creator] c:\dell\PreODM.EXE /2

dRun: [Windows Update Utility] \\?\globalroot\systemroot\system32\vfhr.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe

dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409

DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Risk/Images/armhelper.ocx

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6253\SiteAdv.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-15 214024]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-2-15 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-2-15 144704]

R3 Am772;AMD Alchemy Solutions Wireless 802.11 Adapter;c:\windows\system32\drivers\Am772.sys [2003-7-10 151894]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-15 79880]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-15 35272]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-15 34216]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-15 40552]

S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-2-15 606736]

=============== Created Last 30 ================

2009-08-19 14:56 <DIR> --d----- c:\program files\CCleaner

2009-08-15 17:02 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx

2009-08-15 17:02 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll

2009-08-15 16:17 <DIR> --d----- c:\docume~1\brian\applic~1\McAfee

2009-08-09 12:54 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat

2009-08-09 04:19 <DIR> --d----- c:\windows\system32\XPSViewer

2009-08-09 04:18 117,760 -------- c:\windows\system32\prntvpt.dll

2009-08-09 04:18 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-09 04:18 <DIR> --d----- C:\22d06f0c895e0e6bf8fed5

2009-08-09 04:18 1,676,288 -------- c:\windows\system32\xpssvcs.dll

2009-08-09 04:18 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-09 04:18 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-09 04:18 575,488 -------- c:\windows\system32\xpsshhdr.dll

2009-08-09 04:18 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll

2009-07-25 19:11 664 a------- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2009-08-08 12:10 216,064 a------- c:\windows\PEV.exe

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll

2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\cache\mshtml.dll

2009-07-19 09:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll

2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll

2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll

2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll

2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll

2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll

2009-07-03 07:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe

2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll

2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll

2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll

2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe

2009-06-12 08:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe

2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll

2009-06-10 10:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll

2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll

2009-06-10 09:19 2,066,432 a------- c:\windows\system32\dllcache\mstscax.dll

2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll

2009-06-10 02:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll

2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll

2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll

2009-04-05 19:57 0 a------- c:\docume~1\brian\applic~1\itunesoption.bin

2008-03-21 18:15 20 -c--h--- c:\docume~1\alluse~1\applic~1\PKP_DLds.DAT

2008-03-21 18:15 20 -c--h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT

2004-08-04 07:00 94,784 -c-sh--- c:\windows\TWAIN.DLL

2008-04-13 20:12 50,688 ---sh--- c:\windows\twain_32.dll

2005-03-28 16:33 900 ac-sh--- c:\windows\system32\KGyGaAvL.sys

2008-04-13 20:11 1,028,096 a--sh--- c:\windows\system32\mfc42.dll

2008-04-13 20:12 57,344 a--sh--- c:\windows\system32\msvcirt.dll

2008-04-13 20:12 413,696 a--sh--- c:\windows\system32\msvcp60.dll

2008-04-13 20:12 343,040 a--sh--- c:\windows\system32\msvcrt.dll

2008-04-13 20:12 551,936 a--sh--- c:\windows\system32\oleaut32.dll

2008-04-13 20:12 84,992 a--sh--- c:\windows\system32\olepro32.dll

2008-04-13 20:12 11,776 a--sh--- c:\windows\system32\regsvr32.exe

2004-11-09 03:51 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

2004-11-09 03:51 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012004110920041110\index.dat

============= FINISH: 15:20:06.09 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 12/31/2004 6:26:16 PM

System Uptime: 8/19/2009 3:11:32 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0N6381

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 72 GiB total, 32.737 GiB free.

D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1592: 5/20/2009 6:31:25 PM - System Checkpoint

RP1593: 5/21/2009 7:44:48 PM - System Checkpoint

RP1594: 5/23/2009 10:55:59 AM - System Checkpoint

RP1595: 5/24/2009 1:39:40 PM - System Checkpoint

RP1596: 5/25/2009 2:28:34 PM - System Checkpoint

RP1597: 5/26/2009 5:27:12 PM - System Checkpoint

RP1598: 5/27/2009 6:09:13 PM - System Checkpoint

RP1599: 5/28/2009 6:38:55 PM - System Checkpoint

RP1600: 5/29/2009 7:27:41 PM - System Checkpoint

RP1601: 5/30/2009 8:05:47 PM - System Checkpoint

RP1602: 5/31/2009 10:43:29 PM - System Checkpoint

RP1603: 6/1/2009 10:58:30 PM - System Checkpoint

RP1604: 6/3/2009 7:57:28 AM - System Checkpoint

RP1605: 6/4/2009 5:23:20 PM - System Checkpoint

RP1606: 6/5/2009 9:39:11 PM - System Checkpoint

RP1607: 6/7/2009 12:36:54 AM - System Checkpoint

RP1608: 6/8/2009 9:01:47 AM - System Checkpoint

RP1609: 6/9/2009 10:25:51 AM - System Checkpoint

RP1610: 6/10/2009 4:00:33 AM - Software Distribution Service 3.0

RP1611: 6/11/2009 4:19:38 AM - System Checkpoint

RP1612: 6/12/2009 6:07:43 AM - System Checkpoint

RP1613: 6/12/2009 1:49:34 PM - Installed Microsoft Fix it 50027

RP1614: 6/12/2009 2:43:06 PM - Installed Microsoft Fix it 50027

RP1615: 6/12/2009 3:32:29 PM - Software Distribution Service 3.0

RP1616: 6/13/2009 4:11:53 PM - System Checkpoint

RP1617: 6/14/2009 6:57:30 PM - System Checkpoint

RP1618: 6/15/2009 11:34:59 PM - System Checkpoint

RP1619: 6/17/2009 1:22:52 AM - System Checkpoint

RP1620: 6/18/2009 7:47:19 AM - System Checkpoint

RP1621: 6/19/2009 9:19:47 AM - System Checkpoint

RP1622: 6/20/2009 10:23:49 AM - System Checkpoint

RP1623: 6/21/2009 2:11:50 PM - System Checkpoint

RP1624: 8/8/2009 7:44:10 PM - System Checkpoint

RP1625: 8/9/2009 4:00:24 AM - Software Distribution Service 3.0

RP1626: 8/9/2009 4:32:34 AM - Printer Driver Microsoft XPS Document Writer Installed

RP1627: 8/15/2009 5:01:08 PM - Software Distribution Service 3.0

RP1628: 8/15/2009 10:16:56 PM - Software Distribution Service 3.0

RP1629: 8/17/2009 8:16:27 PM - System Checkpoint

==== Installed Programs ======================

1400

1400_Help

1400Trb

Adobe Download Manager 2.0 (Remove Only)

Adobe Flash Player 10 ActiveX

Adobe Reader 7.0.5

Adobe Shockwave Player 11

AiO_Scan

AiOSoftware

AOL Instant Messenger

Apple Mobile Device Support

Apple Software Update

Bonjour

CCleaner (remove only)

Critical Update for Windows Media Player 11 (KB959772)

Dell Driver Reset Tool

Dell Photo Printer 720

Dell Support Center (Support Software)

DellSupport

ESPN Java Check

Fax

GdiplusUpgrade

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

HP Product Assistant

HP PSC & OfficeJet 4.7

HP Update

Intel® 537EP V9x DF PCI Modem

Intel® Extreme Graphics 2 Driver

Intel® PRO Network Adapters and Drivers

Intel® PROSet for Wired Connections

Internet Explorer Default Page

iPhone/iTouch/iPod to Computer Transfer 5.1.9

iPod for Windows 2005-09-23

iPod for Windows 2006-06-28

IrfanView (remove only)

iTunes

J2SE Runtime Environment 5.0 Update 4

J2SE Runtime Environment 5.0 Update 6

Java 2 Runtime Environment, SE v1.4.2_03

Java 6 Update 11

Java 6 Update 5

Malwarebytes' Anti-Malware

McAfee SecurityCenter

McAfee Shredder

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Standard Edition 2003

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ Run Time Lib Setup

Modem Event Monitor

Modem Helper

Modem On Hold

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 Parser and SDK

Music Visualizer Library 1.4.00

My Way Search Assistant

Net MD Simple Burner

Network Play System (Patching)

Nikon Message Center

OpenMG Limited Patch 3.1-02-10-22-01

OpenMG Limited Patch 3.1-02-10-22-02

OpenMG Limited Patch 3.1-02-12-04-01

OpenMG Secure Module 3.1

PictureProject

PictureProject In Touch Downloader 1.0

ProductContext

QuickTime

Readme

RealPlayer

Scan

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Skype

Link to post
Share on other sites

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Aug 20 15:57:05 2009

Found and removed: C:\Documents and Settings\Brian\Application Data\Sun\Java\jre1.6.0_12

Found and removed: SOFTWARE\Classes\JavaPlugin.150_04

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\Classes\JavaPlugin.142_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

------------------------------------

Finished reporting.

Link to post
Share on other sites

  • Root Admin

Good, let's do one last Online AV scan and then call it a day.

Please temporarily disable your current Anti-Virus in order to run this Online AV scanner.

Run Eset NOD32 Online AntiVirus

Note: You will need to use Internet Explorer for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.