Jump to content

Recommended Posts

Hello,

I've run the Malwarebytes scan and it came up with 2 infected files, one of the was quarantined and deleted successfully, the other one is supposed to be deleted upon restart, but it doesn't.

Here are my logs:

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.39

Database version: 2548

Windows 6.0.6001 Service Pack 1

8/7/2009 4:53:48 PM

mbam-log-2009-08-07 (16-53-48).txt

Scan type: Quick Scan

Objects scanned: 86796

Time elapsed: 4 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:55:12 PM, on 8/7/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18248)

Boot mode: Safe mode with network support

Running processes:

C:\Program Files\Windows Media Player\wmpnscfg.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Internet Explorer\Iexplore.exe

C:\Windows\Explorer.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll

O1 - Hosts: ::1 localhost

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll

O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)

O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [DNP] C:\Program Files\Desktop Notepad\Desktop Notepad.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.bat.exe" /runcleanupscript

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing)

O22 - SharedTaskScheduler: Ave's FolderBg - {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - C:\Users\Brandon\Documents\Downloads\Compressed\AveFolderBg\32bits\VistaFolderBackground.dll

O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: dldt_device - - C:\Windows\system32\dldtcoms.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--

End of file - 13388 bytes

Any help is appreciated! Thanks

Link to post
Share on other sites

Hi I3randon And Welcome to Malwarebytes!

Download RootRepeal:

http://rootrepeal.googlepages.com/RootRepeal.zip

  • Extract the archive to a folder you create such as C:\RootRepeal
  • Double-click RootRepeal.exe to launch the program (Vista users should right-click and select "Run as Administrator).
  • Click the "File" tab (located at the bottom of the RootRepeal screen)
  • Click the "Scan" button
  • In the popup dialog, check the drives to be scanned - making sure to check your primary operating system drive - normally C:
  • Click OK and the file scan will begin
  • When the scan is done, there will be files listed, but most if not all of them will be legitimate
  • Click the "Save Report" Button
  • Save the log file to your Documents folder
  • Post the content of the RootRepeal file scan log in your next reply.
Link to post
Share on other sites

Thanks for the reply Kenny94, here's the RootRepeal Log:

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/08/08 11:51

Program Version: Version 1.3.3.0

Windows Version: Windows Vista SP1

==================================================

Hidden/Locked Files

-------------------

Path: C:\System Volume Information\{409F0~1

Status: Locked to the Windows API!

Path: C:\System Volume Information\{48a8f4b6-61a9-11de-8e87-002219dc2f58}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{9a95fac9-6753-11de-9d0e-002219dc2f58}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{9a95fad1-6753-11de-9d0e-002219dc2f58}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{9a95fad7-6753-11de-9d0e-002219dc2f58}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{a6f3c9f1-64a7-11de-ba96-002219dc2f58}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{DB3B8~1

Status: Locked to the Windows API!

Path: C:\System Volume Information\{1659B~1

Status: Locked to the Windows API!

Path: C:\System Volume Information\{1a7a7e2b-629d-11de-bf2f-002219dc2f58}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{243eebf2-6cab-11de-a8a0-002219dc2f58}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{337C1~1

Status: Locked to the Windows API!

Path: C:\System Volume Information\{337C1~2

Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\Windows\System32\UACbteplxwpnoswrrdwh.dat

Status: Invisible to the Windows API!

Path: C:\Windows\System32\UACfpyohmpsxcxasrdar.dll

Status: Invisible to the Windows API!

Path: C:\Windows\System32\UAChqvbtxltuauwdhaxc.dll

Status: Invisible to the Windows API!

Path: C:\Windows\System32\uacinit.dll

Status: Invisible to the Windows API!

Path: C:\Windows\System32\UACkirreecvmpqlhcdfv.db

Status: Invisible to the Windows API!

Path: C:\Windows\System32\UACobmxkmoxitwxfywms.dll

Status: Invisible to the Windows API!

Path: C:\Windows\System32\UACsrqddvspjptiqrxns.dll

Status: Invisible to the Windows API!

Path: C:\Windows\System32\uactmp.db

Status: Invisible to the Windows API!

Path: C:\Windows\System32\UACumtneufxlhfpqkmiq.dll

Status: Invisible to the Windows API!

Path: c:\windows\temp\mcmsc_bifvud8gvgqlb1k

Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_4zmxk1wiiordrby

Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Windows\Temp\UAC1534.tmp

Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UAC1988.tmp

Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UAC25d7.tmp

Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UAC298f.tmp

Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UAC2b72.tmp

Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UAC2da4.tmp

Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UACb74.tmp

Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UACc36d.tmp

Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UACc782.tmp

Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UACcb1b.tmp

Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UACcd1d.tmp

Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UACcfeb.tmp

Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UACed79.tmp

Status: Invisible to the Windows API!

Path: C:\Windows\Temp\UACef3e.tmp

Status: Invisible to the Windows API!

Path: c:\programdata\pure networks\log\logfile.nmsrvc_exe.txt

Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Users\Brandon\Desktop\UACfpyohmpsxcxasrdar.dll

Status: Invisible to the Windows API!

Path: C:\Users\Brandon\Desktop\UAChqvbtxltuauwdhaxc.dll

Status: Invisible to the Windows API!

Path: C:\Users\Brandon\Desktop\UACobmxkmoxitwxfywms.dll

Status: Invisible to the Windows API!

Path: C:\Users\Brandon\Desktop\UACumtneufxlhfpqkmiq.dll

Status: Invisible to the Windows API!

Path: C:\Windows\System32\drivers\UACcpygoifntxnmtppiw.sys

Status: Invisible to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3c

e6.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed

.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8

.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.

cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d21850

4d2.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053

e8c6967ba9d.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc

0ea08098.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c

.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_765

8964504b9f3b6.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8d

d7dea5d5a7a18a.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c

0566bec5b24.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.c

at

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c

2866332652.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_588

43c41d2730d3f.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.c

at

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.

cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a

620671dde41.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003

bc63e949f6.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d

131.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_ab

ac38a907ee8801.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11d

f268b7c6d9.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.

cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e5070

87.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df5

6e60dc5df.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b

5d18a9128.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cd

a6db.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720_none_f570e12815568682\MACHIN~1.COM

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883_none_dea8f7cc2ef8cb75\MACHIN~1.COM

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18111_none_f54bc5de15a89323\MACHIN~1.COM

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.22230_none_de80367a2f4e0c36\MACHIN~1.COM

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7c8b5cbf426fb0d2\MICROS~1.TAS

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.22230_none_65bfcd5b5c1529e5\MICROS~1.TAS

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.16720_none_8d57832b7d03f5e1\MICROS~3.TAR

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.20883_none_768f99cf96a63ad4\MICROS~3.TAR

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.1638

6_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.18111_none_8d3267e17d560282\MICROS~3.TAR

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.22230_none_7666d87d96fb7b95\MICROS~3.TAR

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.16720_none_7081409dee51e2d7\MICROS~1.XSD

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.20883_none_59b9574207f427ca\MICROS~1.XSD

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.18111_none_705c2553eea3ef78\MICROS~1.XSD

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.22230_none_599095f00849688b\MICROS~1.XSD

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7cb07809421da431\MICROS~1.TAS

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.20883_none_65e88ead5bbfe924\MICROS~1.TAS

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_8774fd36990ff428\CSCEXE~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_70a96dd2b2b56d3b\CSCEXE~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.16720_none_9b01a5fd

d9371aff\GACUTI~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.20883_none_9b4d641e

f282ae74\GACUTI~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.18111_none_9cf3b4d9

d654a956\GACUTI~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.22230_none_9d66b182

ef8367ab\GACUTI~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\SYSTEM~1.DLL

Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MICROS~3.TAR

Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MICROS~1.TAS

Status: Locked to the Windows API!

Path: c:\windows\system32\wdi\logfiles\wdicontextlog.etl.001

Status: Allocation size mismatch (API: 262144, Raw: 0)

Path: c:\windows\system32\wdi\logfiles\wdicontextlog.etl.002

Status: Allocation size mismatch (API: 262144, Raw: 0)

Path: c:\windows\system32\wdi\logfiles\wdicontextlog.etl.003

Status: Allocation size mismatch (API: 262144, Raw: 0)

Path: c:\windows\system32\logfiles\scm\scm.evm

Status: Allocation size mismatch (API: 1572864, Raw: 0)

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp

Status: Locked to the Windows API!

Path: C:\Users\Brandon\AppData\Local\Temp\UACfb7e.tmp

Status: Invisible to the Windows API!

Path: C:\Users\Brandon\AppData\Local\Temp\fla458E.tmp

Status: Invisible to the Windows API!

Path: C:\Users\Brandon\AppData\Local\Temp\flaB61C.tmp

Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config

Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\SYSTEM~1.DLL

Status: Locked to the Windows API!

Path: c:\windows\serviceprofiles\localservice\appdata\local\lastalive0.dat

Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\serviceprofiles\localservice\appdata\local\lastalive1.dat

Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

Status: Locked to the Windows API!

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

Status: Locked to the Windows API!

Path: c:\programdata\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.200.crwl

Status: Allocation size mismatch (API: 8, Raw: 0)

Path: c:\programdata\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.200.gthr

Status: Allocation size mismatch (API: 136, Raw: 0)

Path: c:\users\brandon\appdata\local\mozilla\firefox\profiles\7pkx9c9b.default\urlclassifier3.sqlite

Status: Allocation size mismatch (API: 41803776, Raw: 41791488)

Path: C:\Users\Brandon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3YH2423\acCAP6S53O.htm

Status: Visible to the Windows API, but not on disk.

Path: c:\users\brandon\appdata\local\mozilla\firefox\profiles\7pkx9c9b.default\cache\_cache_001_

Status: Allocation size mismatch (API: 327680, Raw: 0)

Path: c:\users\brandon\appdata\local\mozilla\firefox\profiles\7pkx9c9b.default\cache\_cache_002_

Status: Allocation size mismatch (API: 327680, Raw: 0)

Path: c:\users\brandon\appdata\local\mozilla\firefox\profiles\7pkx9c9b.default\cache\_cache_003_

Status: Allocation size mismatch (API: 720896, Raw: 0)

Path: c:\users\brandon\appdata\local\mozilla\firefox\profiles\7pkx9c9b.default\cache\_cache_map_

Status: Allocation size mismatch (API: 280, Raw: 0)

Link to post
Share on other sites

Run Rootrepeal file scan only.

Highlight the following line and right click on it. Select *wipe file*

Path: C:\Windows\System32\drivers\UACcpygoifntxnmtppiw.sys

Status: Invisible to the Windows API!

Then reboot immediately!!

Next

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

After wiping that file, my computer worked without being in safe mode for the first time since it was infected. Also, my McAfee is working again and quarantined some files while the Malwarebytes scan was running. Here are the results from the latest MB scan:

Malwarebytes' Anti-Malware 1.39

Database version: 2548

Windows 6.0.6001 Service Pack 1

8/8/2009 2:51:15 PM

mbam-log-2009-08-08 (14-51-15).txt

Scan type: Quick Scan

Objects scanned: 89638

Time elapsed: 30 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 14

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\System32\UACfpyohmpsxcxasrdar.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

c:\windows\system32\UAChqvbtxltuauwdhaxc.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

c:\windows\system32\UACobmxkmoxitwxfywms.dll (Rogue.Agent) -> Quarantined and deleted successfully.

c:\windows\system32\UACsrqddvspjptiqrxns.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

c:\windows\temp\UAC1534.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

c:\windows\temp\UAC25d7.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.

c:\windows\temp\UAC298f.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.

c:\windows\temp\UAC2b72.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.

c:\Windows\Temp\UAC2da4.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.

c:\windows\temp\UACb74.tmp (Rogue.Agent) -> Quarantined and deleted successfully.

c:\windows\temp\UACc782.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.

c:\windows\temp\UACcd1d.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.

c:\Windows\System32\UACumtneufxlhfpqkmiq.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\System32\drivers\UACcpygoifntxnmtppiw.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

If you notice the file we wiped, played a jedi mind trick. Now there exposed and malwarebytes drop a train on them. But the next version of MBAM will be able to deal with this rootkit from the get go....:-) Still have work to do...

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\Combo-Fix.txt" for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

After ComboFix restarted the computer, Firefox won't start and I get this message:

"Illegal operation attempted on a registry key that has been marked for deletion."

Anyways, here's the ComboFix log:

ComboFix 09-08-07.09 - Brandon 08/08/2009 15:37.1.2 - NTFSx86

Microsoft

Link to post
Share on other sites

After ComboFix restarted the computer, Firefox won't start and I get this message:

"Illegal operation attempted on a registry key that has been marked for deletion."

Let me know if Firefox is working after you are done...?

Open Notepad and copy and paste the text in the code box below into it:

File::

C:\found.000

c:\windows\Setup1.exe

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

There are some older versions of Java on your computer. These can be a source of infection.

Upgrading Java:

  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 15.

  • Click the "Download" button to the right.

  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".

  • Click on Continue.

  • Click on the link to download Windows Offline Installation (jre-6u15-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..

  • Close any programs you may have running - especially your web browser.

  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.

  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.

  • Click the Remove or Change/Remove button.

  • Repeat as many times as necessary to remove each Java version.

  • Reboot your computer once all Java components are removed.

  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u15-windows-i586.exe and select "Run as an Administrator.")

In your next reply, please include these log(s):

CFScript.txt

HijackThis log (new)

Also, please let me know how things are running now?

Link to post
Share on other sites

ComboFix Pt. 2

+ 2009-08-10 19:35 . 2009-08-10 19:35 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b07a3428544255944bc199e4e3d2e6d3\UIAutomationProvider.ni.dll

+ 2009-08-11 05:12 . 2009-08-11 05:12 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\05fc89ad1590cc672c5a47bbef2e7b2f\System.Windows.Presentation.ni.dll

+ 2009-08-11 05:12 . 2009-08-11 05:12 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\17e2a7113434da494a846a8f4e4ac5e9\System.Web.DynamicData.Design.ni.dll

+ 2009-08-11 01:22 . 2009-08-11 01:22 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a8e047504bdad9ec14efd483574b0dd5\System.ComponentModel.DataAnnotations.ni.dll

+ 2009-08-11 01:22 . 2009-08-11 01:22 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f2b48eab657b4ef1d19dac11bdf0c913\System.AddIn.Contract.ni.dll

+ 2009-08-10 19:35 . 2009-08-10 19:35 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\30b970ab3de237247d0cd7f3dc328fed\PresentationFontCache.ni.exe

+ 2009-08-10 19:35 . 2009-08-10 19:35 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\22ccba9e26cba4b1dadd92f68173dc31\PresentationCFFRasterizer.ni.dll

+ 2009-08-11 01:22 . 2009-08-11 01:22 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\66359457e427c0d547750a79f754f9ba\Microsoft.Build.Framework.ni.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll

- 2008-01-21 02:25 . 2008-01-21 02:25 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe

- 2008-01-21 02:25 . 2008-01-21 02:25 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2008-12-26 06:46 . 2009-07-06 05:34 2992 c:\windows\System32\WDI\ERCQueuedResolutions.dat

+ 2008-12-26 06:46 . 2009-08-11 05:48 2992 c:\windows\System32\WDI\ERCQueuedResolutions.dat

+ 2009-08-11 15:41 . 2009-08-11 15:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-08-11 15:41 . 2009-08-11 15:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-08-08 19:46 . 2009-08-08 19:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-07-30 03:40 . 2008-07-30 03:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 540672 c:\windows\winsxs\x86_wwf-system.workflow.runtime_31bf3856ad364e35_6.0.6001.22208_none_65ac7e9ab91d6187\System.Workflow.Runtime.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 540672 c:\windows\winsxs\x86_wwf-system.workflow.runtime_31bf3856ad364e35_6.0.6001.18096_none_64bf9009a04a8d61\System.Workflow.Runtime.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 540672 c:\windows\winsxs\x86_wwf-system.workflow.runtime_31bf3856ad364e35_6.0.6000.20864_none_63815f44bc2b12e0\System.Workflow.Runtime.dll

+ 2009-08-10 19:28 . 2008-06-20 01:18 540672 c:\windows\winsxs\x86_wwf-system.workflow.runtime_31bf3856ad364e35_6.0.6000.16708_none_633ca329a2d930cc\System.Workflow.Runtime.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 301568 c:\windows\winsxs\x86_wpf-xpsviewerexe_31bf3856ad364e35_6.0.6001.22208_none_c9c50d8221a5a7d5\XPSViewer.exe

+ 2009-08-10 19:27 . 2008-06-20 01:14 301568 c:\windows\winsxs\x86_wpf-xpsviewerexe_31bf3856ad364e35_6.0.6001.18096_none_c8d81ef108d2d3af\XPSViewer.exe

+ 2009-08-10 19:27 . 2008-06-20 01:12 301568 c:\windows\winsxs\x86_wpf-xpsviewerexe_31bf3856ad364e35_6.0.6000.20864_none_c799ee2c24b3592e\XPSViewer.exe

+ 2009-08-10 19:27 . 2008-06-20 01:18 301568 c:\windows\winsxs\x86_wpf-xpsviewerexe_31bf3856ad364e35_6.0.6000.16708_none_c75532110b61771a\XPSViewer.exe

+ 2009-08-10 19:28 . 2008-06-20 01:13 385024 c:\windows\winsxs\x86_wpf-uiautomationclientsideproviders_31bf3856ad364e35_6.0.6001.22208_none_554db166677

cc421\UIAutomationClientsideProviders.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 385024 c:\windows\winsxs\x86_wpf-uiautomationclientsideproviders_31bf3856ad364e35_6.0.6001.18096_none_5460c2d54ea

9effb\UIAutomationClientsideProviders.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 385024 c:\windows\winsxs\x86_wpf-uiautomationclientsideproviders_31bf3856ad364e35_6.0.6000.20864_none_532292106a8

a757a\UIAutomationClientsideProviders.dll

+ 2009-08-10 19:28 . 2008-06-20 01:18 385024 c:\windows\winsxs\x86_wpf-uiautomationclientsideproviders_31bf3856ad364e35_6.0.6000.16708_none_52ddd5f5513

89366\UIAutomationClientsideProviders.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 167936 c:\windows\winsxs\x86_wpf-uiautomationclient_31bf3856ad364e35_6.0.6001.22208_none_db0a99315a5ed6b2\UIAutomationClient.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 167936 c:\windows\winsxs\x86_wpf-uiautomationclient_31bf3856ad364e35_6.0.6001.18096_none_da1daaa0418c028c\UIAutomationClient.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 167936 c:\windows\winsxs\x86_wpf-uiautomationclient_31bf3856ad364e35_6.0.6000.20864_none_d8df79db5d6c880b\UIAutomationClient.dll

+ 2009-08-10 19:28 . 2008-06-20 01:18 167936 c:\windows\winsxs\x86_wpf-uiautomationclient_31bf3856ad364e35_6.0.6000.16708_none_d89abdc0441aa5f7\UIAutomationClient.dll

+ 2008-01-21 02:25 . 2008-01-21 02:25 688128 c:\windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.22208_none_824e913c35a437af\System.Speech.dll

+ 2008-01-21 02:25 . 2008-01-21 02:25 688128 c:\windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.18096_none_8161a2ab1cd16389\System.Speech.dll

+ 2008-01-21 02:25 . 2008-01-21 02:25 688128 c:\windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.20864_none_802371e638b1e908\System.Speech.dll

+ 2008-01-21 02:25 . 2008-01-21 02:25 688128 c:\windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.16708_none_7fdeb5cb1f6006f4\System.Speech.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 528384 c:\windows\winsxs\x86_wpf-reachframework_31bf3856ad364e35_6.0.6001.22208_none_00bbcc3141cfe80d\ReachFramework.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 528384 c:\windows\winsxs\x86_wpf-reachframework_31bf3856ad364e35_6.0.6001.18096_none_ffcedda028fd13e7\ReachFramework.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 528384 c:\windows\winsxs\x86_wpf-reachframework_31bf3856ad364e35_6.0.6000.20864_none_fe90acdb44dd9966\ReachFramework.dll

+ 2009-08-10 19:28 . 2008-06-20 01:18 528384 c:\windows\winsxs\x86_wpf-reachframework_31bf3856ad364e35_6.0.6000.16708_none_fe4bf0c02b8bb752\ReachFramework.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 781344 c:\windows\winsxs\x86_wpf-presentationnative_31bf3856ad364e35_6.0.6001.22208_none_5757acdb5f96b091\PresentationNative_v0300.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 781344 c:\windows\winsxs\x86_wpf-presentationnative_31bf3856ad364e35_6.0.6001.18096_none_566abe4a46c3dc6b\PresentationNative_v0300.dll

+ 2009-08-10 19:27 . 2008-06-20 01:12 781344 c:\windows\winsxs\x86_wpf-presentationnative_31bf3856ad364e35_6.0.6000.20864_none_552c8d8562a461ea\PresentationNative_v0300.dll

+ 2009-08-10 19:27 . 2008-06-20 01:18 781344 c:\windows\winsxs\x86_wpf-presentationnative_31bf3856ad364e35_6.0.6000.16708_none_54e7d16a49527fd6\PresentationNative_v0300.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 326160 c:\windows\winsxs\x86_wpf-presentationhostexe_31bf3856ad364e35_6.0.6001.22208_none_7085d452393445e2\PresentationHost.exe

+ 2009-08-10 19:27 . 2008-06-20 01:14 326160 c:\windows\winsxs\x86_wpf-presentationhostexe_31bf3856ad364e35_6.0.6001.18096_none_6f98e5c1206171bc\PresentationHost.exe

+ 2009-08-10 19:27 . 2008-06-20 01:12 326160 c:\windows\winsxs\x86_wpf-presentationhostexe_31bf3856ad364e35_6.0.6000.20864_none_6e5ab4fc3c41f73b\PresentationHost.exe

+ 2009-08-10 19:27 . 2008-06-20 01:18 326160 c:\windows\winsxs\x86_wpf-presentationhostexe_31bf3856ad364e35_6.0.6000.16708_none_6e15f8e122f01527\PresentationHost.exe

+ 2009-08-10 19:28 . 2008-06-20 01:13 132120 c:\windows\winsxs\x86_wpf-presentationhostdll_31bf3856ad364e35_6.0.6001.22208_none_709d0e3a3915a370\PresentationHostDLL.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 132120 c:\windows\winsxs\x86_wpf-presentationhostdll_31bf3856ad364e35_6.0.6001.18096_none_6fb01fa92042cf4a\PresentationHostDLL.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 132120 c:\windows\winsxs\x86_wpf-presentationhostdll_31bf3856ad364e35_6.0.6000.20864_none_6e71eee43c2354c9\PresentationHostDLL.dll

+ 2009-08-10 19:28 . 2008-06-20 01:18 132120 c:\windows\winsxs\x86_wpf-presentationhostdll_31bf3856ad364e35_6.0.6000.16708_none_6e2d32c922d172b5\PresentationHostDLL.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 163840 c:\windows\winsxs\x86_wpf-presentationframework.royale_31bf3856ad364e35_6.0.6001.22208_none_eb46d1fac358e6

98\PresentationFramework.Royale.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 163840 c:\windows\winsxs\x86_wpf-presentationframework.royale_31bf3856ad364e35_6.0.6001.18096_none_ea59e369aa8612

72\PresentationFramework.Royale.dll

+ 2009-08-10 19:27 . 2008-06-20 01:12 163840 c:\windows\winsxs\x86_wpf-presentationframework.royale_31bf3856ad364e35_6.0.6000.20864_none_e91bb2a4c66697

f1\PresentationFramework.Royale.dll

+ 2009-08-10 19:27 . 2008-06-20 01:18 163840 c:\windows\winsxs\x86_wpf-presentationframework.royale_31bf3856ad364e35_6.0.6000.16708_none_e8d6f689ad14b5

dd\PresentationFramework.Royale.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 397312 c:\windows\winsxs\x86_wpf-presentationframework.luna_31bf3856ad364e35_6.0.6001.22208_none_31f039762251cd08\PresentationFramework.Luna.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 397312 c:\windows\winsxs\x86_wpf-presentationframework.luna_31bf3856ad364e35_6.0.6001.18096_none_31034ae5097ef8e2\PresentationFramework.Luna.dll

+ 2009-08-10 19:27 . 2008-06-20 01:12 397312 c:\windows\winsxs\x86_wpf-presentationframework.luna_31bf3856ad364e35_6.0.6000.20864_none_2fc51a20255f7e61\PresentationFramework.Luna.dll

+ 2009-08-10 19:27 . 2008-06-20 01:18 397312 c:\windows\winsxs\x86_wpf-presentationframework.luna_31bf3856ad364e35_6.0.6000.16708_none_2f805e050c0d9c4d\PresentationFramework.Luna.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 139264 c:\windows\winsxs\x86_wpf-presentationframework.classic_31bf3856ad364e35_6.0.6001.22208_none_f4fae63b42dc1

362\PresentationFramework.Classic.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 139264 c:\windows\winsxs\x86_wpf-presentationframework.classic_31bf3856ad364e35_6.0.6001.18096_none_f40df7aa2a093

f3c\PresentationFramework.Classic.dll

+ 2009-08-10 19:27 . 2008-06-20 01:12 139264 c:\windows\winsxs\x86_wpf-presentationframework.classic_31bf3856ad364e35_6.0.6000.20864_none_f2cfc6e545e9c

4bb\PresentationFramework.Classic.dll

+ 2009-08-10 19:27 . 2008-06-20 01:18 139264 c:\windows\winsxs\x86_wpf-presentationframework.classic_31bf3856ad364e35_6.0.6000.16708_none_f28b0aca2c97e

2a7\PresentationFramework.Classic.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 196608 c:\windows\winsxs\x86_wpf-presentationframework.aero_31bf3856ad364e35_6.0.6001.22208_none_3315609821a7b585\PresentationFramework.Aero.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 196608 c:\windows\winsxs\x86_wpf-presentationframework.aero_31bf3856ad364e35_6.0.6001.18096_none_3228720708d4e15f\PresentationFramework.Aero.dll

+ 2009-08-10 19:27 . 2008-06-20 01:12 196608 c:\windows\winsxs\x86_wpf-presentationframework.aero_31bf3856ad364e35_6.0.6000.20864_none_30ea414224b566de\PresentationFramework.Aero.dll

+ 2009-08-10 19:27 . 2008-06-20 01:18 196608 c:\windows\winsxs\x86_wpf-presentationframework.aero_31bf3856ad364e35_6.0.6000.16708_none_30a585270b6384ca\PresentationFramework.Aero.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 105016 c:\windows\winsxs\x86_wpf-presentationcffrasterizernative_31bf3856ad364e35_6.0.6001.22208_none_ca27001ca76

8d8df\PresentationCFFRasterizerNative_v0300.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 105016 c:\windows\winsxs\x86_wpf-presentationcffrasterizernative_31bf3856ad364e35_6.0.6001.18096_none_c93a118b8e9

604b9\PresentationCFFRasterizerNative_v0300.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 105016 c:\windows\winsxs\x86_wpf-presentationcffrasterizernative_31bf3856ad364e35_6.0.6000.20864_none_c7fbe0c6aa7

68a38\PresentationCFFRasterizerNative_v0300.dll

+ 2009-08-10 19:28 . 2008-06-20 01:18 105016 c:\windows\winsxs\x86_wpf-presentationcffrasterizernative_31bf3856ad364e35_6.0.6000.16708_none_c7b724ab912

4a824\PresentationCFFRasterizerNative_v0300.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 598016 c:\windows\winsxs\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6001.22208_none_509edfdf6691efea\PresentationBuildTasks.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 598016 c:\windows\winsxs\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6001.18096_none_4fb1f14e4dbf1bc4\PresentationBuildTasks.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 598016 c:\windows\winsxs\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6000.20864_none_4e73c089699fa143\PresentationBuildTasks.dll

+ 2009-08-10 19:28 . 2008-06-20 01:18 598016 c:\windows\winsxs\x86_wpf-presentationbuildtasks_31bf3856ad364e35_6.0.6000.16708_none_4e2f046e504dbf2f\PresentationBuildTasks.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 966656 c:\windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6001.22208_none_f0724a733a5cf5

93\System.Runtime.Serialization.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 966656 c:\windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6001.18096_none_0749218120ad46

09\System.Runtime.Serialization.dll

+ 2009-08-10 19:27 . 2008-06-20 01:12 966656 c:\windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6000.20864_none_f09cab873a061a

c2\System.Runtime.Serialization.dll

+ 2009-08-10 19:27 . 2008-06-20 01:17 966656 c:\windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.0.6000.16708_none_0763f56b206489

36\System.Runtime.Serialization.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 131072 c:\windows\winsxs\x86_wcf-system.io.log_b03f5f7f11d50a3a_6.0.6001.22208_none_c39f387ed4c63b41\System.IO.Log.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 131072 c:\windows\winsxs\x86_wcf-system.io.log_b03f5f7f11d50a3a_6.0.6001.18096_none_da760f8cbb168bb7\System.IO.Log.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 131072 c:\windows\winsxs\x86_wcf-system.io.log_b03f5f7f11d50a3a_6.0.6000.20864_none_c3c99992d46f6070\System.IO.Log.dll

+ 2009-08-10 19:28 . 2008-06-20 01:17 131072 c:\windows\winsxs\x86_wcf-system.io.log_b03f5f7f11d50a3a_6.0.6000.16708_none_da90e376bacdcee4\System.IO.Log.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 430080 c:\windows\winsxs\x86_wcf-system.identitymodel_b03f5f7f11d50a3a_6.0.6001.22208_none_0eda032a5a266f2c\System.IdentityModel.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 430080 c:\windows\winsxs\x86_wcf-system.identitymodel_b03f5f7f11d50a3a_6.0.6001.18096_none_25b0da384076bfa2\System.IdentityModel.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 430080 c:\windows\winsxs\x86_wcf-system.identitymodel_b03f5f7f11d50a3a_6.0.6000.20864_none_0f04643e59cf945b\System.IdentityModel.dll

+ 2009-08-10 19:28 . 2008-06-20 01:17 430080 c:\windows\winsxs\x86_wcf-system.identitymodel_b03f5f7f11d50a3a_6.0.6000.16708_none_25cbae22402e02cf\System.IdentityModel.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 126976 c:\windows\winsxs\x86_wcf-system.identitymodel.selectors_b03f5f7f11d50a3a_6.0.6001.22208_none_4ca2f28d4aba

1c9a\System.IdentityModel.Selectors.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 126976 c:\windows\winsxs\x86_wcf-system.identitymodel.selectors_b03f5f7f11d50a3a_6.0.6001.18096_none_6379c99b310a

6d10\System.IdentityModel.Selectors.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 126976 c:\windows\winsxs\x86_wcf-system.identitymodel.selectors_b03f5f7f11d50a3a_6.0.6000.20864_none_4ccd53a14a63

41c9\System.IdentityModel.Selectors.dll

+ 2009-08-10 19:28 . 2008-06-20 01:17 126976 c:\windows\winsxs\x86_wcf-system.identitymodel.selectors_b03f5f7f11d50a3a_6.0.6000.16708_none_63949d8530c1

b03d\System.IdentityModel.Selectors.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 181264 c:\windows\winsxs\x86_wcf-m_sm_cfg_ins_exe_31bf3856ad364e35_6.0.6001.22208_none_00b2fd11363c5214\SMConfigInstaller.exe

+ 2009-08-10 19:28 . 2008-06-20 01:14 181264 c:\windows\winsxs\x86_wcf-m_sm_cfg_ins_exe_31bf3856ad364e35_6.0.6001.18096_none_ffc60e801d697dee\SMConfigInstaller.exe

+ 2009-08-10 19:28 . 2008-06-20 01:12 181264 c:\windows\winsxs\x86_wcf-m_sm_cfg_ins_exe_31bf3856ad364e35_6.0.6000.20864_none_fe87ddbb394a036d\SMConfigInstaller.exe

+ 2009-08-10 19:28 . 2008-06-20 01:17 181264 c:\windows\winsxs\x86_wcf-m_sm_cfg_ins_exe_31bf3856ad364e35_6.0.6000.16708_none_fe4321a01ff82159\SMConfigInstaller.exe

+ 2009-08-10 19:28 . 2008-06-20 01:13 622080 c:\windows\winsxs\x86_wcf-icardagt_exe_31bf3856ad364e35_6.0.6001.22208_none_32694bc98abe06ed\icardagt.exe

+ 2009-08-10 19:28 . 2008-06-20 01:14 622080 c:\windows\winsxs\x86_wcf-icardagt_exe_31bf3856ad364e35_6.0.6001.18096_none_317c5d3871eb32c7\icardagt.exe

+ 2009-08-10 19:28 . 2008-06-20 01:12 622080 c:\windows\winsxs\x86_wcf-icardagt_exe_31bf3856ad364e35_6.0.6000.20864_none_303e2c738dcbb846\icardagt.exe

+ 2009-08-10 19:28 . 2008-06-20 01:17 622080 c:\windows\winsxs\x86_wcf-icardagt_exe_31bf3856ad364e35_6.0.6000.16708_none_2ff970587479d632\icardagt.exe

+ 2009-08-10 19:28 . 2008-06-20 01:13 368640 c:\windows\winsxs\x86_system.printing_31bf3856ad364e35_6.0.6001.22208_none_73d203be8f32b550\System.Printing.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 368640 c:\windows\winsxs\x86_system.printing_31bf3856ad364e35_6.0.6001.18096_none_72e5152d765fe12a\System.Printing.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 368640 c:\windows\winsxs\x86_system.printing_31bf3856ad364e35_6.0.6000.20864_none_71a6e468924066a9\System.Printing.dll

+ 2009-08-10 19:28 . 2008-06-20 01:18 368640 c:\windows\winsxs\x86_system.printing_31bf3856ad364e35_6.0.6000.16708_none_7162284d78ee8495\System.Printing.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 163840 c:\windows\winsxs\x86_microsoft.transactions.bridge.dtc_b03f5f7f11d50a3a_6.0.6001.22208_none_

d8566749ac903376\Microsoft.Transactions.Bridge.Dtc.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 163840 c:\windows\winsxs\x86_microsoft.transactions.bridge.dtc_b03f5f7f11d50a3a_6.0.6001.18096_none_

ef2d3e5792e083ec\Microsoft.Transactions.Bridge.Dtc.dll

+ 2009-08-10 19:27 . 2008-06-20 01:12 163840 c:\windows\winsxs\x86_microsoft.transactions.bridge.dtc_b03f5f7f11d50a3a_6.0.6000.20864_none_

d880c85dac3958a5\Microsoft.Transactions.Bridge.Dtc.dll

+ 2009-08-10 19:27 . 2008-06-20 01:17 163840 c:\windows\winsxs\x86_microsoft.transactions.bridge.dtc_b03f5f7f11d50a3a_6.0.6000.16708_none_

ef4812419297c719\Microsoft.Transactions.Bridge.Dtc.dll

+ 2009-08-08 18:46 . 2009-07-18 10:02 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.21089_none_0b99cb87f04d1d33\ieuser.exe

+ 2009-08-08 18:46 . 2009-07-18 10:01 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16890_none_0afc8414d73f8209\ieuser.exe

+ 2009-08-08 18:45 . 2009-07-18 10:02 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.21089_none_e6f1966badd25d81\ieinstal.exe

+ 2009-08-08 18:45 . 2009-07-18 10:01 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16890_none_e6544ef894c4c257\ieinstal.exe

+ 2009-08-08 18:45 . 2009-07-18 09:24 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22180_none_66bc01a4c4a3d534\ieui.dll

+ 2009-08-08 18:45 . 2009-07-18 09:20 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18071_none_663e350fab7d32d0\ieui.dll

+ 2009-08-08 18:45 . 2009-07-18 11:52 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22475_none_64e5611ac770e2d2\ieui.dll

+ 2009-08-08 18:45 . 2009-07-18 12:09 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21089_none_62f829ecca4f0949\ieui.dll

+ 2009-08-08 18:45 . 2009-07-18 12:10 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16890_none_625ae279b1416e1f\ieui.dll

+ 2009-08-08 18:45 . 2009-07-18 11:56 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22475_none_47e69ed4a5d609cc\sqmapi.dll

+ 2009-08-08 18:45 . 2009-07-18 11:52 271360 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22475_none_47e69ed4a5d609cc\iertutil.dll

+ 2009-08-08 18:45 . 2009-07-18 16:01 270848 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18294_none_474660018cc98b66\iertutil.dll

+ 2009-08-08 18:45 . 2009-07-18 12:15 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21089_none_45f967a6a8b43043\sqmapi.dll

+ 2009-08-08 18:45 . 2009-07-18 12:09 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21089_none_45f967a6a8b43043\iertutil.dll

+ 2009-08-08 18:45 . 2009-07-18 12:16 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16890_none_455c20338fa69519\sqmapi.dll

+ 2009-08-08 18:45 . 2009-07-18 12:10 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16890_none_455c20338fa69519\iertutil.dll

+ 2009-08-08 18:45 . 2009-07-18 11:55 146432 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.22475_none_37695ca72d74ef3a\occache.dll

+ 2009-08-08 18:45 . 2009-07-18 16:04 146432 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.18294_none_36c91dd4146870d4\occache.dll

+ 2009-08-08 18:45 . 2009-07-18 12:14 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.21089_none_357c2579305315b1\occache.dll

+ 2009-08-08 18:45 . 2009-07-18 12:15 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.16890_none_34dede0617457a87\occache.dll

+ 2009-08-08 18:45 . 2009-07-18 11:55 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\iexplore.exe

+ 2009-08-08 18:45 . 2009-07-18 21:39 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\iexplore.exe

+ 2009-08-08 18:45 . 2009-07-18 12:16 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\iexplore.exe

+ 2009-08-08 18:45 . 2009-07-18 12:16 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\iexplore.exe

+ 2009-08-08 18:46 . 2009-07-18 12:12 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.21089_none_467ea6b45f94c4f4\mshtmled.dll

+ 2009-08-08 18:46 . 2009-07-18 12:13 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16890_none_45e15f41468729ca\mshtmled.dll

+ 2009-08-08 18:45 . 2009-07-18 11:54 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.22475_none_60297ec753c83e27\msfeeds.dll

+ 2009-08-08 18:45 . 2009-07-18 16:02 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.18294_none_5f893ff43abbbfc1\msfeeds.dll

+ 2009-08-08 18:45 . 2009-07-18 12:12 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.21089_none_5e3c479956a6649e\msfeeds.dll

+ 2009-08-08 18:45 . 2009-07-18 12:13 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.16890_none_5d9f00263d98c974\msfeeds.dll

+ 2009-08-08 18:46 . 2009-07-18 12:08 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21089_none_961c0c5c9dd41267\dxtrans.dll

+ 2009-08-08 18:46 . 2009-07-18 12:08 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21089_none_961c0c5c9dd41267\dxtmsft.dll

+ 2009-08-08 18:46 . 2009-07-18 12:09 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16890_none_957ec4e984c6773d\dxtrans.dll

+ 2009-08-08 18:46 . 2009-07-18 12:09 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16890_none_957ec4e984c6773d\dxtmsft.dll

+ 2009-08-08 18:46 . 2009-07-18 12:09 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21089_none_f9e7d3a487ee8c39\ieapfltr.dll

+ 2009-08-08 18:46 . 2009-07-18 12:10 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16890_none_f94a8c316ee0f10f\ieapfltr.dll

+ 2009-08-08 18:45 . 2009-07-18 11:52 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22475_none_ae7516482017c315\ieakui.dll

+ 2009-08-08 18:45 . 2009-07-18 11:52 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22475_none_ae7516482017c315\ieaksie.dll

+ 2009-08-08 18:45 . 2009-07-18 16:01 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18294_none_add4d775070b44af\ieaksie.dll

+ 2009-08-08 18:45 . 2009-07-18 12:09 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21089_none_ac87df1a22f5e98c\ieakui.dll

+ 2009-08-08 18:45 . 2009-07-18 12:09 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21089_none_ac87df1a22f5e98c\ieaksie.dll

+ 2009-08-08 18:45 . 2009-07-18 12:10 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16890_none_abea97a709e84e62\ieakui.dll

+ 2009-08-08 18:45 . 2009-07-18 12:10 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16890_none_abea97a709e84e62\ieaksie.dll

+ 2009-08-08 18:45 . 2009-07-18 11:52 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.22475_none_749360f470cf0c36\iedkcs32.dll

+ 2009-08-08 18:45 . 2009-07-18 16:01 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.18294_none_73f3222157c28dd0\iedkcs32.dll

+ 2009-08-08 18:45 . 2009-07-18 12:09 388608 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.21089_none_72a629c673ad32ad\iedkcs32.dll

+ 2009-08-08 18:45 . 2009-07-18 12:10 385024 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.16890_none_7208e2535a9f9783\iedkcs32.dll

+ 2009-08-08 18:45 . 2009-07-18 11:47 828928 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22180_none_04028882b857ddd1\wininet.dll

+ 2009-08-08 18:45 . 2009-07-18 11:35 828416 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18071_none_0384bbed9f313b6d\wininet.dll

+ 2009-08-08 18:45 . 2009-07-18 11:56 828416 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22475_none_022be7f8bb24eb6f\wininet.dll

+ 2009-08-08 18:45 . 2009-07-18 16:06 827904 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18294_none_018ba925a2186d09\wininet.dll

+ 2009-08-08 18:45 . 2009-07-18 12:16 828928 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21089_none_003eb0cabe0311e6\wininet.dll

+ 2009-08-08 18:45 . 2009-07-18 12:17 827392 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16890_none_ffa16957a4f576bc\wininet.dll

+ 2009-08-08 18:45 . 2009-07-18 11:54 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22475_none_e1089b1f95c4844b\mstime.dll

+ 2009-08-08 18:45 . 2009-07-18 16:03 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18294_none_e0685c4c7cb805e5\mstime.dll

+ 2009-08-08 18:45 . 2009-07-18 12:13 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.21089_none_df1b63f198a2aac2\mstime.dll

+ 2009-08-08 18:45 . 2009-07-18 12:13 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16890_none_de7e1c7e7f950f98\mstime.dll

+ 2009-08-08 18:47 . 2009-06-15 12:45 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\atmfd.dll

+ 2009-08-08 18:47 . 2009-06-15 12:42 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\atmfd.dll

+ 2009-08-08 18:47 . 2009-06-15 12:56 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\atmfd.dll

+ 2009-08-08 18:47 . 2009-06-15 12:52 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\atmfd.dll

+ 2009-08-08 18:47 . 2009-06-15 12:53 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\atmfd.dll

+ 2009-08-08 18:47 . 2009-06-15 13:03 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\atmfd.dll

+ 2009-08-08 18:47 . 2009-06-15 15:00 156672 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.22152_none_b7fc28a4355e72c9\t2embed.dll

+ 2009-08-08 18:47 . 2009-06-15 14:53 156672 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.18051_none_b7718b8f1c41b9a8\t2embed.dll

+ 2009-08-08 18:47 . 2009-06-15 15:26 156672 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6001.22450_none_b613b6283839eaf7\t2embed.dll

+ 2009-08-08 18:47 . 2009-06-15 15:24 156672 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6001.18272_none_b57678331f2ab896\t2embed.dll

+ 2009-08-08 18:47 . 2009-06-15 15:09 156160 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.21067_none_b4297fd83b155d73\t2embed.dll

+ 2009-08-08 18:47 . 2009-06-15 15:29 156160 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.16870_none_b38e38f92205f4f7\t2embed.dll

+ 2009-08-08 18:45 . 2009-07-18 12:06 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.21089_none_aa2122c70f008df0\advpack.dll

+ 2009-08-08 18:45 . 2009-07-18 12:07 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16890_none_a983db53f5f2f2c6\advpack.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 881664 c:\windows\winsxs\x86_infocard_b77a5c561934e089_6.0.6001.22208_none_b4bd0a2b32340979\infocard.exe

+ 2009-08-10 19:27 . 2008-06-20 01:14 881664 c:\windows\winsxs\x86_infocard_b77a5c561934e089_6.0.6001.18096_none_cb93e139188459ef\infocard.exe

+ 2009-08-10 19:27 . 2008-06-20 01:12 881664 c:\windows\winsxs\x86_infocard_b77a5c561934e089_6.0.6000.20864_none_b4e76b3f31dd2ea8\infocard.exe

+ 2009-08-10 19:27 . 2008-06-20 01:17 881664 c:\windows\winsxs\x86_infocard_b77a5c561934e089_6.0.6000.16708_none_cbaeb523183b9d1c\infocard.exe

+ 2009-08-10 19:28 . 2008-06-20 01:13 152576 c:\windows\winsxs\msil_wsatconfig_b03f5f7f11d50a3a_6.0.6001.22208_none_f20f4d49d1297aed\WsatConfig.exe

+ 2009-08-10 19:28 . 2008-06-20 01:14 152576 c:\windows\winsxs\msil_wsatconfig_b03f5f7f11d50a3a_6.0.6001.18096_none_08e62457b779cb63\WsatConfig.exe

+ 2009-08-10 19:28 . 2008-06-20 01:12 152576 c:\windows\winsxs\msil_wsatconfig_b03f5f7f11d50a3a_6.0.6000.20864_none_f239ae5dd0d2a01c\WsatConfig.exe

+ 2009-08-10 19:28 . 2008-06-20 01:17 152576 c:\windows\winsxs\msil_wsatconfig_b03f5f7f11d50a3a_6.0.6000.16708_none_0900f841b7310e90\WsatConfig.exe

+ 2009-08-10 19:28 . 2008-06-20 01:13 385024 c:\windows\winsxs\msil_uiautomationclientsideproviders_31bf3856ad364e35_6.0.6001.22208_none_b

77300279b2a623c\UIAutomationClientsideProviders.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 385024 c:\windows\winsxs\msil_uiautomationclientsideproviders_31bf3856ad364e35_6.0.6001.18096_none_b

686119682578e16\UIAutomationClientsideProviders.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 385024 c:\windows\winsxs\msil_uiautomationclientsideproviders_31bf3856ad364e35_6.0.6000.20864_none_b

547e0d19e381395\UIAutomationClientsideProviders.dll

+ 2009-08-10 19:28 . 2008-06-20 01:18 385024 c:\windows\winsxs\msil_uiautomationclientsideproviders_31bf3856ad364e35_6.0.6000.16708_none_b

50324b684e63181\UIAutomationClientsideProviders.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 167936 c:\windows\winsxs\msil_uiautomationclient_31bf3856ad364e35_6.0.6001.22208_none_21b6b58fa15595

15\UIAutomationClient.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 167936 c:\windows\winsxs\msil_uiautomationclient_31bf3856ad364e35_6.0.6001.18096_none_20c9c6fe8882c0

ef\UIAutomationClient.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 167936 c:\windows\winsxs\msil_uiautomationclient_31bf3856ad364e35_6.0.6000.20864_none_1f8b9639a46346

6e\UIAutomationClient.dll

+ 2009-08-10 19:28 . 2008-06-20 01:18 167936 c:\windows\winsxs\msil_uiautomationclient_31bf3856ad364e35_6.0.6000.16708_none_1f46da1e8b1164

5a\UIAutomationClient.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 540672 c:\windows\winsxs\msil_system.workflow.runtime_31bf3856ad364e35_6.0.6001.22208_none_d8b0c75ed

873478b\System.Workflow.Runtime.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 540672 c:\windows\winsxs\msil_system.workflow.runtime_31bf3856ad364e35_6.0.6001.18096_none_d7c3d8cdb

fa07365\System.Workflow.Runtime.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 540672 c:\windows\winsxs\msil_system.workflow.runtime_31bf3856ad364e35_6.0.6000.20864_none_d685a808d

b80f8e4\System.Workflow.Runtime.dll

+ 2009-08-10 19:28 . 2008-06-20 01:18 540672 c:\windows\winsxs\msil_system.workflow.runtime_31bf3856ad364e35_6.0.6000.16708_none_d640ebedc

22f16d0\System.Workflow.Runtime.dll

+ 2008-01-21 02:25 . 2008-01-21 02:25 688128 c:\windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6001.22208_none_0a7e4c40999e5e7e\System.Speech.dll

+ 2008-01-21 02:25 . 2008-01-21 02:25 688128 c:\windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6001.18096_none_09915daf80cb8a58\System.Speech.dll

+ 2008-01-21 02:25 . 2008-01-21 02:25 688128 c:\windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6000.20864_none_08532cea9cac0fd7\System.Speech.dll

+ 2008-01-21 02:25 . 2008-01-21 02:25 688128 c:\windows\winsxs\msil_system.speech_31bf3856ad364e35_6.0.6000.16708_none_080e70cf835a2dc3\System.Speech.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 966656 c:\windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6001.22208_none_eb97

9ea5f9865b51\System.Runtime.Serialization.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 966656 c:\windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6001.18096_none_026e

75b3dfd6abc7\System.Runtime.Serialization.dll

+ 2009-08-10 19:27 . 2008-06-20 01:12 966656 c:\windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6000.20864_none_ebc1

ffb9f92f8080\System.Runtime.Serialization.dll

+ 2009-08-10 19:27 . 2008-06-20 01:17 966656 c:\windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.0.6000.16708_none_0289

499ddf8deef4\System.Runtime.Serialization.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 966656 c:\windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6001.22208_none_

bb54690bd1df5a1e\System.Runtime.Serialization.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 966656 c:\windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6001.18096_none_

d22b4019b82faa94\System.Runtime.Serialization.dll

+ 2009-08-10 19:27 . 2008-06-20 01:12 966656 c:\windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6000.20864_none_

bb7eca1fd1887f4d\System.Runtime.Serialization.dll

+ 2009-08-10 19:27 . 2008-06-20 01:17 966656 c:\windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.0.6000.16708_none_

d2461403b7e6edc1\System.Runtime.Serialization.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 131072 c:\windows\winsxs\msil_system.io.log_b03f5f7f11d50a3a_6.0.6001.22208_none_6e2eb1c839eb7bff\System.IO.Log.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 131072 c:\windows\winsxs\msil_system.io.log_b03f5f7f11d50a3a_6.0.6001.18096_none_850588d6203bcc75\System.IO.Log.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 131072 c:\windows\winsxs\msil_system.io.log_b03f5f7f11d50a3a_6.0.6000.20864_none_6e5912dc3994a12e\System.IO.Log.dll

+ 2009-08-10 19:28 . 2008-06-20 01:17 131072 c:\windows\winsxs\msil_system.io.log_b03f5f7f11d50a3a_6.0.6000.16708_none_85205cc01ff30fa2\System.IO.Log.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 430080 c:\windows\winsxs\msil_system.identitymodel_b77a5c561934e089_6.0.6001.22208_none_068c11b05db6

bb6a\System.IdentityModel.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 430080 c:\windows\winsxs\msil_system.identitymodel_b77a5c561934e089_6.0.6001.18096_none_1d62e8be4407

0be0\System.IdentityModel.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 430080 c:\windows\winsxs\msil_system.identitymodel_b77a5c561934e089_6.0.6000.20864_none_06b672c45d5f

e099\System.IdentityModel.dll

+ 2009-08-10 19:28 . 2008-06-20 01:17 430080 c:\windows\winsxs\msil_system.identitymodel_b77a5c561934e089_6.0.6000.16708_none_1d7dbca843be

4f0d\System.IdentityModel.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 126976 c:\windows\winsxs\msil_system.identitymodel.selectors_b77a5c561934e089_6.0.6001.22208_none_95

20e1d88d457400\System.IdentityModel.Selectors.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 126976 c:\windows\winsxs\msil_system.identitymodel.selectors_b77a5c561934e089_6.0.6001.18096_none_ab

f7b8e67395c476\System.IdentityModel.Selectors.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 126976 c:\windows\winsxs\msil_system.identitymodel.selectors_b77a5c561934e089_6.0.6000.20864_none_95

4b42ec8cee992f\System.IdentityModel.Selectors.dll

+ 2009-08-10 19:28 . 2008-06-20 01:17 126976 c:\windows\winsxs\msil_system.identitymodel.selectors_b77a5c561934e089_6.0.6000.16708_none_ac

128cd0734d07a3\System.IdentityModel.Selectors.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 132096 c:\windows\winsxs\msil_smsvchost_b03f5f7f11d50a3a_6.0.6001.22208_none_fb8b69b06e19ee70\SMSvcHost.exe

+ 2009-08-10 19:27 . 2008-06-20 01:14 132096 c:\windows\winsxs\msil_smsvchost_b03f5f7f11d50a3a_6.0.6001.18096_none_126240be546a3ee6\SMSvcHost.exe

+ 2009-08-10 19:27 . 2008-06-20 01:12 132096 c:\windows\winsxs\msil_smsvchost_b03f5f7f11d50a3a_6.0.6000.20864_none_fbb5cac46dc3139f\SMSvcHost.exe

+ 2009-08-10 19:27 . 2008-06-20 01:17 132096 c:\windows\winsxs\msil_smsvchost_b03f5f7f11d50a3a_6.0.6000.16708_none_127d14a854218213\SMSvcHost.exe

+ 2009-08-10 19:28 . 2008-06-20 01:13 110592 c:\windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.0.6001.22208_none_87c3f6f4c9aa65b8\SMdiagnostics.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 110592 c:\windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.0.6001.18096_none_9e9ace02affab62e\SMdiagnostics.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 110592 c:\windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.0.6000.20864_none_87ee5808c9538ae7\SMdiagnostics.dll

+ 2009-08-10 19:28 . 2008-06-20 01:17 110592 c:\windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.0.6000.16708_none_9eb5a1ecafb1f95b\SMdiagnostics.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 156688 c:\windows\winsxs\msil_servicemodelreg_b03f5f7f11d50a3a_6.0.6001.22208_none_33fe5fa115ae9bd2\ServiceModelReg.exe

+ 2009-08-10 19:28 . 2008-06-20 01:14 156688 c:\windows\winsxs\msil_servicemodelreg_b03f5f7f11d50a3a_6.0.6001.18096_none_4ad536aefbfeec48\ServiceModelReg.exe

+ 2009-08-10 19:28 . 2008-06-20 01:12 156688 c:\windows\winsxs\msil_servicemodelreg_b03f5f7f11d50a3a_6.0.6000.20864_none_3428c0b51557c101\ServiceModelReg.exe

+ 2009-08-10 19:28 . 2008-06-20 01:17 156688 c:\windows\winsxs\msil_servicemodelreg_b03f5f7f11d50a3a_6.0.6000.16708_none_4af00a98fbb62f75\ServiceModelReg.exe

+ 2009-08-10 19:28 . 2008-06-20 01:13 528384 c:\windows\winsxs\msil_reachframework_31bf3856ad364e35_6.0.6001.22208_none_4240f8a51a971ffc\ReachFramework.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 528384 c:\windows\winsxs\msil_reachframework_31bf3856ad364e35_6.0.6001.18096_none_41540a1401c44bd6\ReachFramework.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 528384 c:\windows\winsxs\msil_reachframework_31bf3856ad364e35_6.0.6000.20864_none_4015d94f1da4d155\ReachFramework.dll

+ 2009-08-10 19:28 . 2008-06-20 01:18 528384 c:\windows\winsxs\msil_reachframework_31bf3856ad364e35_6.0.6000.16708_none_3fd11d340452ef41\ReachFramework.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 864256 c:\windows\winsxs\msil_presentationui_31bf3856ad364e35_6.0.6001.22208_none_ac3c35f9559e5ae3\PresentationUI.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 864256 c:\windows\winsxs\msil_presentationui_31bf3856ad364e35_6.0.6001.18096_none_ab4f47683ccb86bd\PresentationUI.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 864256 c:\windows\winsxs\msil_presentationui_31bf3856ad364e35_6.0.6000.20864_none_aa1116a358ac0c3c\PresentationUI.dll

+ 2009-08-10 19:28 . 2008-06-20 01:18 864256 c:\windows\winsxs\msil_presentationui_31bf3856ad364e35_6.0.6000.16708_none_a9cc5a883f5a2a28\PresentationUI.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 163840 c:\windows\winsxs\msil_presentationframework.royale_31bf3856ad364e35_6.0.6001.22208_none_9b3c

e050aa5ad929\PresentationFramework.Royale.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 163840 c:\windows\winsxs\msil_presentationframework.royale_31bf3856ad364e35_6.0.6001.18096_none_9a4f

f1bf91880503\PresentationFramework.Royale.dll

+ 2009-08-10 19:27 . 2008-06-20 01:12 163840 c:\windows\winsxs\msil_presentationframework.royale_31bf3856ad364e35_6.0.6000.20864_none_9911

c0faad688a82\PresentationFramework.Royale.dll

+ 2009-08-10 19:27 . 2008-06-20 01:18 163840 c:\windows\winsxs\msil_presentationframework.royale_31bf3856ad364e35_6.0.6000.16708_none_98cd

04df9416a86e\PresentationFramework.Royale.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 397312 c:\windows\winsxs\msil_presentationframework.luna_31bf3856ad364e35_6.0.6001.22208_none_18b48c

e1895a2e6b\PresentationFramework.Luna.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 397312 c:\windows\winsxs\msil_presentationframework.luna_31bf3856ad364e35_6.0.6001.18096_none_17c79e

5070875a45\PresentationFramework.Luna.dll

+ 2009-08-10 19:27 . 2008-06-20 01:12 397312 c:\windows\winsxs\msil_presentationframework.luna_31bf3856ad364e35_6.0.6000.20864_none_16896d

8b8c67dfc4\PresentationFramework.Luna.dll

+ 2009-08-10 19:27 . 2008-06-20 01:18 397312 c:\windows\winsxs\msil_presentationframework.luna_31bf3856ad364e35_6.0.6000.16708_none_1644b1

707315fdb0\PresentationFramework.Luna.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 139264 c:\windows\winsxs\msil_presentationframework.classic_31bf3856ad364e35_6.0.6001.22208_none_b0e

af6e9fda81431\PresentationFramework.Classic.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 139264 c:\windows\winsxs\msil_presentationframework.classic_31bf3856ad364e35_6.0.6001.18096_none_aff

e0858e4d5400b\PresentationFramework.Classic.dll

+ 2009-08-10 19:27 . 2008-06-20 01:12 139264 c:\windows\winsxs\msil_presentationframework.classic_31bf3856ad364e35_6.0.6000.20864_none_aeb

fd79400b5c58a\PresentationFramework.Classic.dll

+ 2009-08-10 19:27 . 2008-06-20 01:18 139264 c:\windows\winsxs\msil_presentationframework.classic_31bf3856ad364e35_6.0.6000.16708_none_ae7

b1b78e763e376\PresentationFramework.Classic.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 196608 c:\windows\winsxs\msil_presentationframework.aero_31bf3856ad364e35_6.0.6001.22208_none_19d9b4

0388b016e8\PresentationFramework.Aero.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 196608 c:\windows\winsxs\msil_presentationframework.aero_31bf3856ad364e35_6.0.6001.18096_none_18ecc5

726fdd42c2\PresentationFramework.Aero.dll

+ 2009-08-10 19:27 . 2008-06-20 01:12 196608 c:\windows\winsxs\msil_presentationframework.aero_31bf3856ad364e35_6.0.6000.20864_none_17ae94

ad8bbdc841\PresentationFramework.Aero.dll

+ 2009-08-10 19:27 . 2008-06-20 01:18 196608 c:\windows\winsxs\msil_presentationframework.aero_31bf3856ad364e35_6.0.6000.16708_none_1769d8

92726be62d\PresentationFramework.Aero.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 598016 c:\windows\winsxs\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6001.22208_none_9cb21d8151

aec4d9\PresentationBuildTasks.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 598016 c:\windows\winsxs\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6001.18096_none_9bc52ef038

dbf0b3\PresentationBuildTasks.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 598016 c:\windows\winsxs\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6000.20864_none_9a86fe2b54

bc7632\PresentationBuildTasks.dll

+ 2009-08-10 19:28 . 2008-06-20 01:18 598016 c:\windows\winsxs\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6000.16708_none_9a4242103b

6a941e\PresentationBuildTasks.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 397312 c:\windows\winsxs\msil_microsoft.transactions.bridge_b03f5f7f11d50a3a_6.0.6001.22208_none_b11

4e4c017448d80\Microsoft.Transactions.Bridge.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 397312 c:\windows\winsxs\msil_microsoft.transactions.bridge_b03f5f7f11d50a3a_6.0.6001.18096_none_c7e

bbbcdfd94ddf6\Microsoft.Transactions.Bridge.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 397312 c:\windows\winsxs\msil_microsoft.transactions.bridge_b03f5f7f11d50a3a_6.0.6000.20864_none_b13

f45d416edb2af\Microsoft.Transactions.Bridge.dll

+ 2009-08-10 19:28 . 2008-06-20 01:17 397312 c:\windows\winsxs\msil_microsoft.transactions.bridge_b03f5f7f11d50a3a_6.0.6000.16708_none_c80

68fb7fd4c2123\Microsoft.Transactions.Bridge.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 168968 c:\windows\winsxs\msil_comsvcconfig_b03f5f7f11d50a3a_6.0.6001.22208_none_d4ba1a7aee429661\ComSvcConfig.exe

+ 2009-08-10 19:28 . 2008-06-20 01:14 168968 c:\windows\winsxs\msil_comsvcconfig_b03f5f7f11d50a3a_6.0.6001.18096_none_eb90f188d492e6d7\ComSvcConfig.exe

+ 2009-08-10 19:28 . 2008-06-20 01:12 168968 c:\windows\winsxs\msil_comsvcconfig_b03f5f7f11d50a3a_6.0.6000.20864_none_d4e47b8eedebbb90\ComSvcConfig.exe

+ 2009-08-10 19:28 . 2008-06-20 01:17 168968 c:\windows\winsxs\msil_comsvcconfig_b03f5f7f11d50a3a_6.0.6000.16708_none_ebabc572d44a2a04\ComSvcConfig.exe

+ 2009-08-10 19:27 . 2008-06-20 01:14 301568 c:\windows\System32\XPSViewer\XPSViewer.exe

+ 2008-12-17 00:00 . 2009-08-11 23:24 423690 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2006-11-02 10:33 . 2009-08-11 16:41 598588 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-08-08 19:08 598588 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-08-08 19:08 102194 c:\windows\System32\perfc009.dat

+ 2006-11-02 10:33 . 2009-08-11 16:41 102194 c:\windows\System32\perfc009.dat

+ 2009-08-08 18:45 . 2009-07-18 16:04 146432 c:\windows\System32\occache.dll

- 2009-06-10 22:48 . 2009-04-24 16:03 671232 c:\windows\System32\mstime.dll

+ 2009-08-08 18:45 . 2009-07-18 16:03 671232 c:\windows\System32\mstime.dll

+ 2009-08-08 18:45 . 2009-07-18 16:02 458240 c:\windows\System32\msfeeds.dll

- 2009-06-10 22:48 . 2009-04-24 16:03 458240 c:\windows\System32\msfeeds.dll

+ 2009-08-08 18:45 . 2009-07-18 16:01 270848 c:\windows\System32\iertutil.dll

- 2009-06-10 22:48 . 2009-04-24 16:02 270848 c:\windows\System32\iertutil.dll

- 2009-06-10 22:48 . 2009-04-24 16:02 389120 c:\windows\System32\iedkcs32.dll

+ 2009-08-08 18:45 . 2009-07-18 16:01 389120 c:\windows\System32\iedkcs32.dll

+ 2009-08-08 18:45 . 2009-07-18 16:01 230400 c:\windows\System32\ieaksie.dll

- 2009-06-10 22:48 . 2009-04-24 16:02 230400 c:\windows\System32\ieaksie.dll

+ 2008-07-30 03:40 . 2008-07-30 03:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe

+ 2008-07-30 03:40 . 2008-07-30 03:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi

+ 2008-07-29 22:47 . 2008-07-29 22:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

+ 2008-07-29 22:47 . 2008-07-29 22:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll

+ 2008-07-30 03:15 . 2008-07-30 03:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat

+ 2008-07-30 03:40 . 2008-07-30 03:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll

+ 2008-07-30 03:40 . 2008-07-30 03:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 132120 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe

+ 2009-08-10 19:27 . 2008-06-20 01:14 966656 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

+ 2009-08-10 19:28 . 2008-06-20 01:14 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 181264 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe

+ 2009-08-10 19:28 . 2008-06-20 01:14 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe

+ 2009-08-10 19:27 . 2008-06-20 01:14 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll

- 2008-01-21 02:25 . 2008-01-21 02:25 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

+ 2009-08-10 19:28 . 2008-06-20 01:14 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe

+ 2009-08-09 15:24 . 2009-08-09 15:24 248832 c:\windows\Installer\56701.msi

+ 2009-08-10 19:33 . 2009-08-10 19:33 648192 c:\windows\Installer\142d044.msi

+ 2008-12-25 22:21 . 2009-08-09 15:30 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe

- 2008-12-25 22:21 . 2009-06-15 12:11 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-12-25 22:21 . 2009-08-09 15:30 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe

- 2008-12-25 22:21 . 2009-06-15 12:11 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe

- 2008-12-25 22:21 . 2009-06-15 12:11 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-12-25 22:21 . 2009-08-09 15:30 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-12-25 22:21 . 2009-08-09 15:30 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe

- 2008-12-25 22:21 . 2009-06-15 12:11 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-12-25 22:21 . 2009-08-09 15:30 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe

- 2008-12-25 22:21 . 2009-06-15 12:11 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe

+ 2009-03-17 21:49 . 2009-08-09 15:30 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe

- 2009-03-17 21:49 . 2009-06-15 12:10 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe

- 2009-03-17 21:49 . 2009-06-15 12:10 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe

+ 2009-03-17 21:49 . 2009-08-09 15:30 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe

+ 2009-03-17 21:49 . 2009-08-09 15:30 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe

- 2009-03-17 21:49 . 2009-06-15 12:10 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe

+ 2009-03-17 21:49 . 2009-08-09 15:30 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe

- 2009-03-17 21:49 . 2009-06-15 12:10 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe

+ 2009-03-17 21:49 . 2009-08-09 15:30 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe

- 2009-03-17 21:49 . 2009-06-15 12:10 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe

- 2009-03-17 21:49 . 2009-06-15 12:10 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe

+ 2009-03-17 21:49 . 2009-08-09 15:30 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe

+ 2009-08-11 01:21 . 2009-08-11 01:21 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\8875e6d61ff95b1ab9801156ea795373\WsatConfig.ni.exe

+ 2009-08-11 05:12 . 2009-08-11 05:12 239616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\93e9637d1e5c69baa89c5a47dc44153f\WindowsFormsIntegration.ni.dll

+ 2009-08-11 01:21 . 2009-08-11 01:21 284160 c:\windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\aa07a05aa56b83678a351cf2185b342e\VistaBridgeLibrary.ni.dll

+ 2009-08-10 19:35 . 2009-08-10 19:35 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\817d652893fb93c34428b1b4206a2803\UIAutomationTypes.ni.dll

+ 2009-08-11 05:12 . 2009-08-11 05:12 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\eb6190745392522b3c1b508bd2517096\UIAutomationClient.ni.dll

+ 2009-08-11 05:12 . 2009-08-11 05:12 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\8c0d96269480bdd3de8a825f0215308d\System.Xml.Linq.ni.dll

+ 2009-08-11 05:12 . 2009-08-11 05:12 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\18e1acd6761195389db42bab83169fd2\System.Web.Routing.ni.dll

+ 2009-08-11 05:12 . 2009-08-11 05:12 858112 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f288f2cb75465c0f45154079365af9e8\System.Web.Extensions.Design.ni.dll

+ 2009-08-11 05:12 . 2009-08-11 05:12 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bbdc5cb2f2f92fd610de7331d748193a\System.Web.Entity.ni.dll

+ 2009-08-11 05:12 . 2009-08-11 05:12 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ca1ce755bb49324c7d275c426188a28f\System.Web.Entity.Design.ni.dll

+ 2009-08-11 05:12 . 2009-08-11 05:12 542720 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4dfde90e4704b0d504ddde88045ba036\System.Web.DynamicData.ni.dll

+ 2009-08-11 05:12 . 2009-08-11 05:12 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\fbe60d84b9f1ab74e396fb1507f69615\System.Web.Abstractions.ni.dll

+ 2009-08-11 05:12 . 2009-08-11 05:12 620032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\eabe1915c13467e1e66e2b073bcb842f\System.Net.ni.dll

+ 2009-08-11 05:12 . 2009-08-11 05:12 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1db9deebde7c96b2874b4ffccac2f48e\System.Management.Instrumentation.ni.dll

+ 2009-08-11 01:21 . 2009-08-11 01:21 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\a5b71b6ba2b4405280bdc407f16d8cbe\System.IO.Log.ni.dll

+ 2009-08-11 01:21 . 2009-08-11 01:21 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b64d64ef6bfef132fdc1db886bfdff\System.IdentityModel.Selectors.ni.dll

+ 2009-08-11 05:12 . 2009-08-11 05:12 880640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c205bbbb88bfa4bd5e274f43ea0013cb\System.DirectoryServices.AccountManagement.ni.dll

+ 2009-08-11 05:12 . 2009-08-11 05:12 939520 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d3aed340a6562196ca40978556fb29d1\System.Data.Services.Client.ni.dll

+ 2009-08-11 05:12 . 2009-08-11 05:12 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3cb9c5203e50cb6af99b163522e9357c\System.Data.Services.Design.ni.dll

+ 2009-08-11 05:12 . 2009-08-11 05:12 755200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\9867484f25281882e61f61066fa651a3\System.Data.Entity.Design.ni.dll

+ 2009-08-11 01:22 . 2009-08-11 01:22 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4f4ddae492a4a4ce4a2961f3d72d9399\System.Data.DataSetExtensions.ni.dll

+ 2009-08-11 01:22 . 2009-08-11 01:22 632832 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\b01721205312c6c18df033cc47b60e5c\System.AddIn.ni.dll

+ 2009-08-11 01:21 . 2009-08-11 01:21 365056 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\614c3b7c48bdb5ec34f8e30de4abc8d4\SMSvcHost.ni.exe

+ 2009-08-11 01:21 . 2009-08-11 01:21 255488 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a0cb977cf742634cf54dfe5b81c1b400\SMDiagnostics.ni.dll

+ 2009-08-11 01:21 . 2009-08-11 01:21 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\6f93937288d32bef8b8fdfb383b37b6e\ServiceModelReg.ni.exe

+ 2009-08-10 19:36 . 2009-08-10 19:36 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc4446ba40b28fe87388a738d7551b21\PresentationFramework.Royale.ni.dll

+ 2009-08-10 19:36 . 2009-08-10 19:36 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fa0fda2540c243cd2de25db559086942\PresentationFramework.Classic.ni.dll

+ 2009-08-10 19:36 . 2009-08-10 19:36 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bd6a1460174d0ea2996aa9b11a82333b\PresentationFramework.Luna.ni.dll

+ 2009-08-10 19:36 . 2009-08-10 19:36 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9ad65537fa3d6b3c9c01a98586acfa28\PresentationFramework.Aero.ni.dll

+ 2009-08-11 01:22 . 2009-08-11 01:22 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\87c84ffaaad81d8d106a9aa9d68b5926\MSBuild.ni.exe

+ 2009-08-11 01:21 . 2009-08-11 01:21 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\e5eb97b14d58d58eb1c6a2e282f28532\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2009-08-11 01:22 . 2009-08-11 01:22 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\28eede53267524df58362a75a668cf86\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2009-08-11 01:22 . 2009-08-11 01:22 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c5c4db4f9bc7a454e9cfc2548a9d45a5\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2009-08-11 01:21 . 2009-08-11 01:21 409600 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\440a41a4d597095a5c8406bddf80cee2\ComSvcConfig.ni.exe

+ 2009-08-10 19:28 . 2008-06-20 01:14 152576 c:\windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe

+ 2009-08-10 19:28 . 2008-06-20 01:14 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 225280 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 966656 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

- 2008-01-21 02:25 . 2008-01-21 02:25 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

- 2008-01-21 02:25 . 2008-01-21 02:25 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

- 2008-01-21 02:25 . 2008-01-21 02:25 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 132096 c:\windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe

+ 2009-08-10 19:28 . 2008-06-20 01:14 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 156688 c:\windows\assembly\GAC_MSIL\ServiceModelReg\3.0.0.0__b03f5f7f11d50a3a\ServiceModelReg.exe

+ 2009-08-10 19:28 . 2008-06-20 01:14 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll

- 2008-01-21 02:25 . 2008-01-21 02:25 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

- 2008-01-21 02:25 . 2008-01-21 02:25 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll

Link to post
Share on other sites

ComboFix Pt. 3

+ 2009-08-10 19:28 . 2008-06-20 01:14 168968 c:\windows\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a\ComSvcConfig.exe

+ 2009-08-10 19:28 . 2008-06-20 01:14 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 1630208 c:\windows\winsxs\x86_wwf-system.workflow.componentmodel_31bf3856ad364e35_6.0.6001.22208_none_8c75ba7a272c

1073\System.Workflow.ComponentModel.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 1630208 c:\windows\winsxs\x86_wwf-system.workflow.componentmodel_31bf3856ad364e35_6.0.6001.18096_none_8b88cbe90e59

3c4d\System.Workflow.ComponentModel.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 1630208 c:\windows\winsxs\x86_wwf-system.workflow.componentmodel_31bf3856ad364e35_6.0.6000.20864_none_8a4a9b242a39

c1cc\System.Workflow.ComponentModel.dll

+ 2009-08-10 19:28 . 2008-06-20 01:18 1630208 c:\windows\winsxs\x86_wwf-system.workflow.componentmodel_31bf3856ad364e35_6.0.6000.16708_none_8a05df0910e7

dfb8\System.Workflow.ComponentModel.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 1138688 c:\windows\winsxs\x86_wwf-system.workflow.activities_31bf3856ad364e35_6.0.6001.22208_none_32f793e391151502\System.Workflow.Activities.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 1138688 c:\windows\winsxs\x86_wwf-system.workflow.activities_31bf3856ad364e35_6.0.6001.18096_none_320aa552784240dc\System.Workflow.Activities.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 1138688 c:\windows\winsxs\x86_wwf-system.workflow.activities_31bf3856ad364e35_6.0.6000.20864_none_30cc748d9422c65b\System.Workflow.Activities.dll

+ 2009-08-10 19:28 . 2008-06-20 01:18 1138688 c:\windows\winsxs\x86_wwf-system.workflow.activities_31bf3856ad364e35_6.0.6000.16708_none_3087b8727ad0e447\System.Workflow.Activities.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 1245184 c:\windows\winsxs\x86_wpf-windowsbase_31bf3856ad364e35_6.0.6001.22208_none_57feade560dc8728\WindowsBase.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 1245184 c:\windows\winsxs\x86_wpf-windowsbase_31bf3856ad364e35_6.0.6001.18096_none_5711bf544809b302\WindowsBase.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 1245184 c:\windows\winsxs\x86_wpf-windowsbase_31bf3856ad364e35_6.0.6000.20864_none_55d38e8f63ea3881\WindowsBase.dll

+ 2009-08-10 19:28 . 2008-06-20 01:18 1245184 c:\windows\winsxs\x86_wpf-windowsbase_31bf3856ad364e35_6.0.6000.16708_none_558ed2744a98566d\WindowsBase.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 5283840 c:\windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6001.22208_none_6f17fd076f0ccf52\PresentationFramework.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 5283840 c:\windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6001.18096_none_6e2b0e765639fb2c\PresentationFramework.dll

+ 2009-08-10 19:27 . 2008-06-20 01:12 5283840 c:\windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6000.20864_none_6cecddb1721a80ab\PresentationFramework.dll

+ 2009-08-10 19:27 . 2008-06-20 01:18 5283840 c:\windows\winsxs\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6000.16708_none_6ca8219658c89e97\PresentationFramework.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 5931008 c:\windows\winsxs\x86_wcf-system.servicemodel_b03f5f7f11d50a3a_6.0.6001.22208_none_fe2a5a5f051cb345\System.ServiceModel.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 5931008 c:\windows\winsxs\x86_wcf-system.servicemodel_b03f5f7f11d50a3a_6.0.6001.18096_none_1501316ceb6d03bb\System.ServiceModel.dll

+ 2009-08-10 19:27 . 2008-06-20 01:12 5931008 c:\windows\winsxs\x86_wcf-system.servicemodel_b03f5f7f11d50a3a_6.0.6000.20864_none_fe54bb7304c5d874\System.ServiceModel.dll

+ 2009-08-10 19:27 . 2008-06-20 01:17 5931008 c:\windows\winsxs\x86_wcf-system.servicemodel_b03f5f7f11d50a3a_6.0.6000.16708_none_151c0556eb2446e8\System.ServiceModel.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 1738760 c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6001.22208_none_acc2b340a90ab125\wpfgfx_v0300.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 4210688 c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6001.22208_none_acc2b340a90ab125\PresentationCore.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 1738760 c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6001.18096_none_abd5c4af9037dcff\wpfgfx_v0300.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 4210688 c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6001.18096_none_abd5c4af9037dcff\PresentationCore.dll

+ 2009-08-10 19:27 . 2008-06-20 01:12 1738760 c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6000.20864_none_aa9793eaac18627e\wpfgfx_v0300.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 4210688 c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6000.20864_none_aa9793eaac18627e\PresentationCore.dll

+ 2009-08-10 19:27 . 2008-06-20 01:18 1738760 c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6000.16708_none_aa52d7cf92c6806a\wpfgfx_v0300.dll

+ 2009-08-10 19:28 . 2008-06-20 01:18 4210688 c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6000.16708_none_aa52d7cf92c6806a\PresentationCore.dll

+ 2009-08-08 18:47 . 2009-06-17 08:02 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22160_none_f4b74f0181eee730\OESpamFilter.dat

+ 2009-08-08 18:47 . 2009-06-17 07:35 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18056_none_f43e83de68c3c37f\OESpamFilter.dat

+ 2009-08-08 18:47 . 2009-06-17 07:30 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22459_none_f2e4af9f84b85a2a\OESpamFilter.dat

+ 2009-08-08 18:47 . 2009-06-17 07:35 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18278_none_f24470cc6babdbc4\OESpamFilter.dat

+ 2009-08-08 18:47 . 2009-06-17 07:35 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21074_none_f0e3a5eb87a6b883\OESpamFilter.dat

+ 2009-08-08 18:47 . 2009-06-17 07:36 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16876_none_f05c31926e871825\OESpamFilter.dat

+ 2009-08-08 18:45 . 2009-07-18 11:45 6081024 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22180_none_66bc01a4c4a3d534\ieframe.dll

+ 2009-08-08 18:45 . 2009-07-18 11:32 6079488 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18071_none_663e350fab7d32d0\ieframe.dll

+ 2009-08-08 18:45 . 2009-07-18 09:55 6072832 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22475_none_64e5611ac770e2d2\ieframe.dll

+ 2009-08-08 18:45 . 2009-07-18 16:01 6069248 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18294_none_64452247ae64646c\ieframe.dll

+ 2009-08-08 18:46 . 2009-07-18 12:09 6070784 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21089_none_62f829ecca4f0949\ieframe.dll

+ 2009-08-08 18:46 . 2009-07-18 12:10 6067200 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16890_none_625ae279b1416e1f\ieframe.dll

+ 2009-08-08 18:46 . 2009-07-18 11:45 3600384 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22180_none_155ca7a138ae4707\mshtml.dll

+ 2009-08-08 18:46 . 2009-07-18 11:33 3599360 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18071_none_14dedb0c1f87a4a3\mshtml.dll

+ 2009-08-08 18:45 . 2009-07-18 11:54 3584512 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22475_none_138607173b7b54a5\mshtml.dll

+ 2009-08-08 18:45 . 2009-07-18 16:02 3583488 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18294_none_12e5c844226ed63f\mshtml.dll

+ 2009-08-08 18:46 . 2009-07-18 12:12 3600384 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21089_none_1198cfe93e597b1c\mshtml.dll

+ 2009-08-08 18:46 . 2009-07-18 12:13 3597824 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16890_none_10fb8876254bdff2\mshtml.dll

+ 2009-08-08 18:46 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21089_none_f9e7d3a487ee8c39\ieapfltr.dat

+ 2009-08-08 18:46 . 2009-06-18 06:57 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16890_none_f94a8c316ee0f10f\ieapfltr.dat

+ 2009-08-08 18:45 . 2009-07-18 11:47 1167872 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22180_none_b6fcace0ed4eb73e\urlmon.dll

+ 2009-08-08 18:45 . 2009-07-18 11:34 1167872 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18071_none_b67ee04bd42814da\urlmon.dll

+ 2009-08-08 18:45 . 2009-07-18 11:56 1166848 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22475_none_b5260c56f01bc4dc\urlmon.dll

+ 2009-08-08 18:45 . 2009-07-18 16:06 1166336 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18294_none_b485cd83d70f4676\urlmon.dll

+ 2009-08-08 18:45 . 2009-07-18 12:16 1163264 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21089_none_b338d528f2f9eb53\urlmon.dll

+ 2009-08-08 18:45 . 2009-07-18 12:16 1159680 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16890_none_b29b8db5d9ec5029\urlmon.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 1245184 c:\windows\winsxs\msil_windowsbase_31bf3856ad364e35_6.0.6001.22208_none_97b08b7448b9ff5f\WindowsBase.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 1245184 c:\windows\winsxs\msil_windowsbase_31bf3856ad364e35_6.0.6001.18096_none_96c39ce32fe72b39\WindowsBase.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 1245184 c:\windows\winsxs\msil_windowsbase_31bf3856ad364e35_6.0.6000.20864_none_95856c1e4bc7b0b8\WindowsBase.dll

+ 2009-08-10 19:28 . 2008-06-20 01:18 1245184 c:\windows\winsxs\msil_windowsbase_31bf3856ad364e35_6.0.6000.16708_none_9540b0033275cea4\WindowsBase.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 1630208 c:\windows\winsxs\msil_system.workflow.componentmodel_31bf3856ad364e35_6.0.6001.22208_none_e9

0a0d4ae97e2ccb\System.Workflow.ComponentModel.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 1630208 c:\windows\winsxs\msil_system.workflow.componentmodel_31bf3856ad364e35_6.0.6001.18096_none_e8

1d1eb9d0ab58a5\System.Workflow.ComponentModel.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 1630208 c:\windows\winsxs\msil_system.workflow.componentmodel_31bf3856ad364e35_6.0.6000.20864_none_e6

deedf4ec8bde24\System.Workflow.ComponentModel.dll

+ 2009-08-10 19:28 . 2008-06-20 01:18 1630208 c:\windows\winsxs\msil_system.workflow.componentmodel_31bf3856ad364e35_6.0.6000.16708_none_e6

9a31d9d339fc10\System.Workflow.ComponentModel.dll

+ 2009-08-10 19:28 . 2008-06-20 01:13 1138688 c:\windows\winsxs\msil_system.workflow.activities_31bf3856ad364e35_6.0.6001.22208_none_293330

886c8121bc\System.Workflow.Activities.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 1138688 c:\windows\winsxs\msil_system.workflow.activities_31bf3856ad364e35_6.0.6001.18096_none_284641

f753ae4d96\System.Workflow.Activities.dll

+ 2009-08-10 19:28 . 2008-06-20 01:12 1138688 c:\windows\winsxs\msil_system.workflow.activities_31bf3856ad364e35_6.0.6000.20864_none_270811

326f8ed315\System.Workflow.Activities.dll

+ 2009-08-10 19:28 . 2008-06-20 01:18 1138688 c:\windows\winsxs\msil_system.workflow.activities_31bf3856ad364e35_6.0.6000.16708_none_26c355

17563cf101\System.Workflow.Activities.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 5931008 c:\windows\winsxs\msil_system.servicemodel_b77a5c561934e089_6.0.6001.22208_none_8e1bf2cea44da

c8d\System.ServiceModel.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 5931008 c:\windows\winsxs\msil_system.servicemodel_b77a5c561934e089_6.0.6001.18096_none_a4f2c9dc8a9df

d03\System.ServiceModel.dll

+ 2009-08-10 19:27 . 2008-06-20 01:12 5931008 c:\windows\winsxs\msil_system.servicemodel_b77a5c561934e089_6.0.6000.20864_none_8e4653e2a3f6d

1bc\System.ServiceModel.dll

+ 2009-08-10 19:27 . 2008-06-20 01:17 5931008 c:\windows\winsxs\msil_system.servicemodel_b77a5c561934e089_6.0.6000.16708_none_a50d9dc68a554

030\System.ServiceModel.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 5931008 c:\windows\winsxs\msil_system.servicemodel.ref_b77a5c561934e089_6.0.6001.22208_none_559775022

c5c3394\System.ServiceModel.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 5931008 c:\windows\winsxs\msil_system.servicemodel.ref_b77a5c561934e089_6.0.6001.18096_none_6c6e4c101

2ac840a\System.ServiceModel.dll

+ 2009-08-10 19:27 . 2008-06-20 01:12 5931008 c:\windows\winsxs\msil_system.servicemodel.ref_b77a5c561934e089_6.0.6000.20864_none_55c1d6162

c0558c3\System.ServiceModel.dll

+ 2009-08-10 19:27 . 2008-06-20 01:17 5931008 c:\windows\winsxs\msil_system.servicemodel.ref_b77a5c561934e089_6.0.6000.16708_none_6c891ffa1

263c737\System.ServiceModel.dll

+ 2009-08-10 19:27 . 2008-06-20 01:13 5283840 c:\windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.0.6001.22208_none_774937060d1

32321\PresentationFramework.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 5283840 c:\windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.0.6001.18096_none_765c4874f44

04efb\PresentationFramework.dll

+ 2009-08-10 19:27 . 2008-06-20 01:12 5283840 c:\windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.0.6000.20864_none_751e17b0102

0d47a\PresentationFramework.dll

+ 2009-08-10 19:27 . 2008-06-20 01:18 5283840 c:\windows\winsxs\msil_presentationframework_31bf3856ad364e35_6.0.6000.16708_none_74d95b94f6c

ef266\PresentationFramework.dll

+ 2009-08-08 18:45 . 2009-07-18 16:06 1166336 c:\windows\System32\urlmon.dll

- 2009-06-10 22:48 . 2009-04-24 16:05 1166336 c:\windows\System32\urlmon.dll

+ 2006-11-02 10:22 . 2009-08-11 05:48 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2006-11-02 10:22 . 2009-08-08 18:53 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-08-08 18:45 . 2009-07-18 16:02 3583488 c:\windows\System32\mshtml.dll

+ 2009-08-08 18:45 . 2009-07-18 16:01 6069248 c:\windows\System32\ieframe.dll

- 2009-06-10 22:48 . 2009-04-24 16:02 6069248 c:\windows\System32\ieframe.dll

+ 2006-11-02 12:47 . 2009-08-09 17:36 2318144 c:\windows\System32\FNTCACHE.DAT

- 2006-11-02 12:47 . 2009-06-22 17:24 2318144 c:\windows\System32\FNTCACHE.DAT

+ 2008-07-30 03:40 . 2008-07-30 03:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe

+ 2008-07-29 22:47 . 2008-07-29 22:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll

+ 2008-07-29 22:47 . 2008-07-29 22:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll

+ 2008-07-30 03:40 . 2008-07-30 03:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe

+ 2009-08-10 19:27 . 2008-06-20 01:14 1738760 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll

+ 2009-05-26 22:54 . 2009-05-26 22:54 4192768 c:\windows\Installer\56741.msp

+ 2009-07-02 20:23 . 2009-07-02 20:23 5027328 c:\windows\Installer\56715.msp

+ 2008-12-25 22:21 . 2009-08-09 15:30 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe

- 2008-12-25 22:21 . 2009-06-15 12:11 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-12-25 22:21 . 2009-08-09 15:30 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe

- 2008-12-25 22:21 . 2009-06-15 12:11 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe

- 2009-03-17 21:49 . 2009-06-15 12:10 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe

+ 2009-03-17 21:49 . 2009-08-09 15:30 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe

- 2009-03-17 21:49 . 2009-06-15 12:10 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe

+ 2009-03-17 21:49 . 2009-08-09 15:30 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe

+ 2009-08-10 19:35 . 2009-08-10 19:35 3311104 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\400510870f710fd409ee7fc71b4a69aa\WindowsBase.ni.dll

+ 2009-08-11 05:12 . 2009-08-11 05:12 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\c8b13dcfc97e24405e4fc0475ce6f8f6\UIAutomationClientsideProviders.ni.dll

+ 2009-08-11 05:12 . 2009-08-11 05:12 1355264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\2deca0680ab84ffa0d02529e6008c3af\System.WorkflowServices.ni.dll

+ 2009-08-10 19:36 . 2009-08-10 19:36 1904128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5d6b641086cce5fdc858845791bceb39\System.Workflow.Runtime.ni.dll

+ 2009-08-10 19:36 . 2009-08-10 19:36 4510720 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\4ebf9425af71d1715702beddca876205\System.Workflow.ComponentModel.ni.dll

+ 2009-08-10 19:36 . 2009-08-10 19:36 2989568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\9a3bbad437aad5decc858ca4ff6aa95e\System.Workflow.Activities.ni.dll

+ 2009-08-11 05:12 . 2009-08-11 05:12 2400256 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7a2ff61712242ed5a8ed3e2051913d8a\System.Web.Extensions.ni.dll

+ 2009-08-11 05:12 . 2009-08-11 05:12 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9cd971129846bdc7b4d6f4de75d0d56f\System.ServiceModel.Web.ni.dll

+ 2009-08-11 01:21 . 2009-08-11 01:21 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\6a0e6b429befa7ae3195cfc8c92ea2cc\System.Runtime.Serialization.ni.dll

+ 2009-08-11 01:22 . 2009-08-11 01:22 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\828c0797125f0e89f76c00c87708cd08\System.Printing.ni.dll

+ 2009-08-11 01:21 . 2009-08-11 01:21 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\833aa4f13464ecb314a27adbcfca1e22\System.IdentityModel.ni.dll

+ 2009-08-11 05:12 . 2009-08-11 05:12 1326080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\41610b6770b86d583f850fe48761ff0c\System.Data.Services.ni.dll

+ 2009-08-10 19:36 . 2009-08-10 19:36 2510848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\f38eb6cd3804a40cbff2d1103f541776\System.Data.Linq.ni.dll

+ 2009-08-11 05:11 . 2009-08-11 05:11 9903104 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\dd4ce78d33fde0033fa5bd50e24c8fbc\System.Data.Entity.ni.dll

+ 2009-08-10 19:36 . 2009-08-10 19:36 2294784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\6c69930d05c557da70144bcc0add7065\System.Core.ni.dll

+ 2009-08-11 01:22 . 2009-08-11 01:22 2126336 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\87d2215a3b6b8ebec883f6bf82b6b781\ReachFramework.ni.dll

+ 2009-08-11 01:21 . 2009-08-11 01:21 1656832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\4746ed9ba78a700176711accdea55be1\PresentationUI.ni.dll

+ 2009-08-11 01:22 . 2009-08-11 01:22 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\4425dd4db3b0530d0a9369b7b259088b\PresentationBuildTasks.ni.dll

+ 2009-08-11 01:21 . 2009-08-11 01:21 1092608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\88b610bb7a660a1b06385d595a72d272\Microsoft.Transactions.Bridge.ni.dll

+ 2009-08-11 01:22 . 2009-08-11 01:22 1965568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cd6eeb3d7ea1f65c28a43e665db38644\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2009-08-11 01:22 . 2009-08-11 01:22 1886208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ce984d7bbd9a6d5d3cca28c4e5038020\Microsoft.Build.Engine.ni.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 1245184 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

+ 2009-08-10 19:33 . 2009-08-10 19:33 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

+ 2009-08-10 19:27 . 2008-06-20 01:14 1738760 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll

+ 2009-08-10 19:28 . 2008-06-20 01:14 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2009-06-13 07:01 . 2009-08-10 19:32 77842451 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin

+ 2006-11-02 10:24 . 2009-07-07 15:10 24539592 c:\windows\System32\mrt.exe

+ 2009-08-11 01:21 . 2009-08-11 01:21 17313792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8916ab751fafa7245dc9dfa6cfac3cfc\System.ServiceModel.ni.dll

+ 2009-08-10 19:36 . 2009-08-10 19:36 14320128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2606f840d6783c9c2307965650735ada\PresentationFramework.ni.dll

+ 2009-08-10 19:35 . 2009-08-10 19:35 12213248 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9895974a8ff48335614f44603ff16a9d\PresentationCore.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-16 39408]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-07-17 442433]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-18 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-18 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-18 145944]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-16 30192]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240]

"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]

"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-06-24 91432]

c:\users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2006-1-21 118784]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC}"= "c:\users\Brandon\Documents\Downloads\Compressed\AveFolderBg\32bits\VistaFolderBackground.dll" [2008-09-17 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

SetupExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{83EBE4D4-420E-4770-A6EA-72C1B6139ACC}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"{5DA30AFC-D792-46F0-AAD1-B06D75914C5C}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect

"{3276E660-7CEC-4959-AD16-340C5B4CDDF1}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{63B77538-D270-49E2-BDB7-E26C92616C65}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{E2D0029C-0CDF-4081-9401-68CF7AF8732E}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"{D05DE99F-D323-4130-963F-6181DBABB181}"= UDP:c:\program files\Dell Remote Access\ezi_ra.exe:Dell Remote Access

"{AFEA741D-E902-42A5-AEB6-77F5762AD625}"= TCP:c:\program files\Dell Remote Access\ezi_ra.exe:Dell Remote Access

"{5BF27FD1-310A-42DA-B3B6-48FAF15C1F11}"= UDP:c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe:Advanced Networking Service

"{FED72049-7622-4DDB-87EC-7B84366DD52A}"= TCP:c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe:Advanced Networking Service

"{02B4B086-FA54-473E-831E-A7FB64D1501B}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed

"{C688789D-9D25-4278-A4B7-2FFC86A4C565}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed

"{D33E9505-6F0A-491E-A514-5E255FAF86AF}"= UDP:c:\program files\uTorrent\uTorrent.exe:

Link to post
Share on other sites

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:10:04 PM, on 8/11/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18294)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\CyberLink\Shared Files\brs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\Explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll

O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)

O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

O22 - SharedTaskScheduler: Ave's FolderBg - {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - C:\Users\Brandon\Documents\Downloads\Compressed\AveFolderBg\32bits\VistaFolderBackground.dll

O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: dldt_device - - C:\Windows\system32\dldtcoms.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--

End of file - 13382 bytes

P.S. - FireFox is working fine now :(

Link to post
Share on other sites

Some final items:

Follow these steps to uninstall Combofix and all of its files and components.

  • Click START then RUN
  • Now type Combo-Fix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Cleanup.png

It's a good idea to Flush your System Restore after removing malware and create a new restore point.

For help with Vista visit: http://www.bleepingcomputer.com/tutorials/tutorial143.html

Here is some useful information on keeping your computer clean:

  1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
  2. Here are two great Preventive programs

:

  1. SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
  2. Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.
  1. Red for Warning
  2. Yellow for Use Caution
  3. Green for Safe
  4. Grey for Unknown

Here are the link to install SiteAdisor in Internet Explorer and Firefox

Now you should Clean up your PC

Here are some additional links for you to check out to help you with your computer security.

How did I get infected in the first place.

Secunia software inspector & update checker

Malware And Spyware Tips

It was a pleasure working with you I3randon.

Kenny

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.