Multiple problems started with Windows Police Pro!

salp · October 21, 2009

DDS should have created two logs; please run it again and post both.
-screen317

Here is one of today's DDS logs --

DDS (Ver_09-10-13.01) - NTFSx86

Run by JC Surveillance Inc at 12:14:25.15 on Wed 10/21/2009

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1526.975 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\stsystra.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\system32\opeia.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\FastNetSrv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\lsm32.sys

G:\dds.pif

============== Pseudo HJT Report ===============

mStart Page = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [EPSON Stylus C84 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB002" /M "Stylus C84"

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jcsurv~1\applic~1\mozilla\firefox\profiles\0evo8ztb.default\

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: XUL Cache: {3507B79D-BAEB-4E98-B24C-B9BD25991D82} - c:\documents and settings\jc surveillance inc\local settings\application data\{3507B79D-BAEB-4E98-B24C-B9BD25991D82}

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-12 64160]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-9-29 51984]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-9-29 59664]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-26 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-26 108552]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-26 297752]

R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]

R2 fastnetsrv;fastnetsrv Service;c:\windows\system32\FastNetSrv.exe [2004-8-4 94720]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]

R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2009-7-26 362944]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-9-26 908056]

S2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-8-14 17149]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-9-29 33552]

=============== Created Last 30 ================

2009-10-20 10:53 195,440 -------- c:\windows\system32\MpSigStub.exe

2009-10-17 16:16 <DIR> a-dshr-- C:\cmdcons

2009-10-17 16:11 236,544 a------- c:\windows\PEV.exe

2009-10-17 16:11 161,792 a------- c:\windows\SWREG.exe

2009-10-17 16:11 98,816 a------- c:\windows\sed.exe

2009-10-17 16:09 <DIR> --d----- C:\salp.exe

2009-10-13 15:33 0 a------- c:\documents and settings\jc surveillance inc\EXE

2009-10-13 12:33 40,960 a------- c:\windows\system32\t1p0_448018884120.b1k

2009-10-13 11:54 1,011,572 a------- c:\windows\system32\rolivepa.exe

2009-10-11 11:54 1,011,348 a------- c:\windows\system32\yaruvofo.exe

2009-10-11 11:25 40,960 a------- c:\windows\system32\t1p0_214933469392.b1k

2009-10-08 10:56 1,011,246 a------- c:\windows\system32\jivigupi.exe

2009-10-06 22:28 39,424 a------- c:\windows\system32\hugeloko.dll

2009-10-06 14:01 4,128 a------- C:\INFCACHE.1

2009-10-05 22:28 39,424 a------- c:\windows\system32\gibegovu.dll

2009-10-05 00:05 46,592 a------- c:\windows\system32\t1p0_384298420280.b1k

2009-10-04 10:39 <DIR> --d----- c:\docume~1\jcsurv~1\applic~1\1041402358

2009-09-29 20:22 59,664 a------- c:\windows\system32\drivers\TfSysMon.sys

2009-09-29 20:22 51,984 a------- c:\windows\system32\drivers\TfFsMon.sys

2009-09-29 20:22 33,552 a------- c:\windows\system32\drivers\TfNetMon.sys

2009-09-29 20:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools

2009-09-27 15:00 <DIR> --d----- c:\program files\winlogin.exe

2009-09-27 14:04 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware2

==================== Find3M ====================

2009-10-18 15:37 15,688 a------- c:\windows\system32\lsdelete.exe

2009-10-12 00:25 39,424 a--sh--- c:\windows\system32\zumububo.dll

2009-10-11 12:25 39,424 a--sh--- c:\windows\system32\kahowuhi.dll

2009-10-11 12:25 28,160 a--sh--- c:\windows\system32\vakumene.dll

2009-10-08 11:32 39,424 a--sh--- c:\windows\system32\wufajojo.dll

2009-10-07 10:32 39,424 a--sh--- c:\windows\system32\puwudeta.dll

2009-10-06 10:32 91,136 a--sh--- c:\windows\system32\parewote.dll

2009-10-05 10:31 90,624 a--sh--- c:\windows\system32\gipafula.dll

2009-10-05 10:31 38,912 a--sh--- c:\windows\system32\biferopa.dll

2009-10-04 22:31 38,912 a--sh--- c:\windows\system32\viliwesi.dll

2009-10-04 10:31 38,912 a--sh--- c:\windows\system32\gowaheke.dll

2009-10-03 22:31 1,048,099 a--sh--- c:\windows\system32\kowatapi.exe

2009-10-03 22:31 38,912 a--sh--- c:\windows\system32\nesirona.dll

2009-10-03 12:37 3,350 ac-sh--- c:\windows\system32\KGyGaAvL.sys

2009-10-03 10:31 52,224 a--sh--- c:\windows\system32\yiralujo.dll

2009-10-03 10:30 90,112 a--sh--- c:\windows\system32\fowajitu.dll

2009-10-03 10:30 38,912 a--sh--- c:\windows\system32\nokiyubu.dll

2009-10-02 22:30 90,624 a--sh--- c:\windows\system32\rahobeto.dll

2009-10-02 10:30 91,136 a--sh--- c:\windows\system32\rasawofu.dll

2009-10-02 10:30 39,424 a--sh--- c:\windows\system32\sohibesi.dll

2009-10-02 10:30 28,160 a--sh--- c:\windows\system32\jevetedo.dll

2009-09-11 10:03 136,192 a------- c:\windows\system32\msv1_0.dll

2009-09-11 10:03 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll

2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys

2009-09-04 16:45 58,880 a------- c:\windows\system32\msasn1.dll

2009-09-04 16:45 58,880 -------- c:\windows\system32\dllcache\msasn1.dll

2009-09-04 08:59 19,395 a------- c:\program files\common files\inucaf.sys

2009-09-04 08:59 17,797 a------- c:\docume~1\jcsurv~1\applic~1\ufovev.exe

2009-09-04 08:59 17,544 a------- c:\program files\common files\hiden.dat

2009-09-04 08:59 16,815 a------- c:\docume~1\alluse~1\applic~1\evabanol.com

2009-09-04 08:59 16,060 a------- c:\docume~1\jcsurv~1\applic~1\byvozuvisa.com

2009-09-04 08:59 14,896 a------- c:\program files\common files\elexuk.exe

2009-09-04 08:59 13,452 a------- c:\program files\common files\erug.ban

2009-09-04 08:59 12,945 a------- c:\program files\common files\cypizamaq._sy

2009-09-04 08:59 11,407 a------- c:\docume~1\alluse~1\applic~1\yhywekyb.com

2009-09-04 08:59 11,017 a------- c:\windows\awepynu.sys

2009-09-04 08:59 10,744 a------- c:\windows\system32\qixumavaqe.com

2009-08-28 09:50 335,240 a------- c:\windows\system32\drivers\avgldx86.sys

2009-08-28 09:50 11,952 a------- c:\windows\system32\avgrsstx.dll

2009-08-26 04:16 247,326 a------- c:\windows\system32\strmdll.dll

2009-08-26 04:16 247,326 a------- c:\windows\system32\dllcache\strmdll.dll

2009-08-21 05:46 450,560 -------- c:\windows\system32\dllcache\jscript.dll

2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-08-05 05:11 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll

2009-08-04 08:51 2,185,984 -------- c:\windows\system32\dllcache\ntoskrnl.exe

2009-08-04 08:49 2,142,720 -------- c:\windows\system32\ntoskrnl.exe

2009-08-04 08:49 2,142,720 -------- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-08-04 08:02 2,062,976 -------- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-08-04 08:02 2,020,864 -------- c:\windows\system32\ntkrnlpa.exe

2009-08-04 08:02 2,020,864 -------- c:\windows\system32\dllcache\ntkrpamp.exe

2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll

2009-02-20 12:01 148 a------- c:\docume~1\jcsurv~1\applic~1\wklnhst.dat

2007-06-08 22:45 88 -c-shr-- c:\windows\system32\F1D74CB742.sys

2009-07-10 17:27 8 ---shr-- c:\windows\system32\FCF4F4C102.sys

2009-07-06 10:32 3 a--sh--- c:\windows\system32\weyalomi.dll

============= FINISH: 12:14:54.79 ===============

salp · October 21, 2009

Here is one of today's DDS logs --
DDS (Ver_09-10-13.01) - NTFSx86
Run by JC Surveillance Inc at 12:14:25.15 on Wed 10/21/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1526.975 [GMT -4:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\opeia.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\FastNetSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\lsm32.sys
G:\dds.pif
============== Pseudo HJT Report ===============
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [sigmatelSysTrayApp] stsystra.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [EPSON Stylus C84 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB002" /M "Stylus C84"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jcsurv~1\applic~1\mozilla\firefox\profiles\0evo8ztb.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {3507B79D-BAEB-4E98-B24C-B9BD25991D82} - c:\documents and settings\jc surveillance inc\local settings\application data\{3507B79D-BAEB-4E98-B24C-B9BD25991D82}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-12 64160]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-9-29 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-9-29 59664]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-26 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-26 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-26 297752]
R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
R2 fastnetsrv;fastnetsrv Service;c:\windows\system32\FastNetSrv.exe [2004-8-4 94720]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2009-7-26 362944]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-9-26 908056]
S2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-8-14 17149]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-9-29 33552]
=============== Created Last 30 ================
2009-10-20 10:53 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-10-17 16:16 <DIR> a-dshr-- C:\cmdcons
2009-10-17 16:11 236,544 a------- c:\windows\PEV.exe
2009-10-17 16:11 161,792 a------- c:\windows\SWREG.exe
2009-10-17 16:11 98,816 a------- c:\windows\sed.exe
2009-10-17 16:09 <DIR> --d----- C:\salp.exe
2009-10-13 15:33 0 a------- c:\documents and settings\jc surveillance inc\EXE
2009-10-13 12:33 40,960 a------- c:\windows\system32\t1p0_448018884120.b1k
2009-10-13 11:54 1,011,572 a------- c:\windows\system32\rolivepa.exe
2009-10-11 11:54 1,011,348 a------- c:\windows\system32\yaruvofo.exe
2009-10-11 11:25 40,960 a------- c:\windows\system32\t1p0_214933469392.b1k
2009-10-08 10:56 1,011,246 a------- c:\windows\system32\jivigupi.exe
2009-10-06 22:28 39,424 a------- c:\windows\system32\hugeloko.dll
2009-10-06 14:01 4,128 a------- C:\INFCACHE.1
2009-10-05 22:28 39,424 a------- c:\windows\system32\gibegovu.dll
2009-10-05 00:05 46,592 a------- c:\windows\system32\t1p0_384298420280.b1k
2009-10-04 10:39 <DIR> --d----- c:\docume~1\jcsurv~1\applic~1\1041402358
2009-09-29 20:22 59,664 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-09-29 20:22 51,984 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-09-29 20:22 33,552 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-09-29 20:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-27 15:00 <DIR> --d----- c:\program files\winlogin.exe
2009-09-27 14:04 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware2
==================== Find3M ====================
2009-10-18 15:37 15,688 a------- c:\windows\system32\lsdelete.exe
2009-10-12 00:25 39,424 a--sh--- c:\windows\system32\zumububo.dll
2009-10-11 12:25 39,424 a--sh--- c:\windows\system32\kahowuhi.dll
2009-10-11 12:25 28,160 a--sh--- c:\windows\system32\vakumene.dll
2009-10-08 11:32 39,424 a--sh--- c:\windows\system32\wufajojo.dll
2009-10-07 10:32 39,424 a--sh--- c:\windows\system32\puwudeta.dll
2009-10-06 10:32 91,136 a--sh--- c:\windows\system32\parewote.dll
2009-10-05 10:31 90,624 a--sh--- c:\windows\system32\gipafula.dll
2009-10-05 10:31 38,912 a--sh--- c:\windows\system32\biferopa.dll
2009-10-04 22:31 38,912 a--sh--- c:\windows\system32\viliwesi.dll
2009-10-04 10:31 38,912 a--sh--- c:\windows\system32\gowaheke.dll
2009-10-03 22:31 1,048,099 a--sh--- c:\windows\system32\kowatapi.exe
2009-10-03 22:31 38,912 a--sh--- c:\windows\system32\nesirona.dll
2009-10-03 12:37 3,350 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2009-10-03 10:31 52,224 a--sh--- c:\windows\system32\yiralujo.dll
2009-10-03 10:30 90,112 a--sh--- c:\windows\system32\fowajitu.dll
2009-10-03 10:30 38,912 a--sh--- c:\windows\system32\nokiyubu.dll
2009-10-02 22:30 90,624 a--sh--- c:\windows\system32\rahobeto.dll
2009-10-02 10:30 91,136 a--sh--- c:\windows\system32\rasawofu.dll
2009-10-02 10:30 39,424 a--sh--- c:\windows\system32\sohibesi.dll
2009-10-02 10:30 28,160 a--sh--- c:\windows\system32\jevetedo.dll
2009-09-11 10:03 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 10:03 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-04 16:45 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 16:45 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-09-04 08:59 19,395 a------- c:\program files\common files\inucaf.sys
2009-09-04 08:59 17,797 a------- c:\docume~1\jcsurv~1\applic~1\ufovev.exe
2009-09-04 08:59 17,544 a------- c:\program files\common files\hiden.dat
2009-09-04 08:59 16,815 a------- c:\docume~1\alluse~1\applic~1\evabanol.com
2009-09-04 08:59 16,060 a------- c:\docume~1\jcsurv~1\applic~1\byvozuvisa.com
2009-09-04 08:59 14,896 a------- c:\program files\common files\elexuk.exe
2009-09-04 08:59 13,452 a------- c:\program files\common files\erug.ban
2009-09-04 08:59 12,945 a------- c:\program files\common files\cypizamaq._sy
2009-09-04 08:59 11,407 a------- c:\docume~1\alluse~1\applic~1\yhywekyb.com
2009-09-04 08:59 11,017 a------- c:\windows\awepynu.sys
2009-09-04 08:59 10,744 a------- c:\windows\system32\qixumavaqe.com
2009-08-28 09:50 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 09:50 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-26 04:16 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 04:16 247,326 a------- c:\windows\system32\dllcache\strmdll.dll
2009-08-21 05:46 450,560 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:11 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 08:51 2,185,984 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 08:49 2,142,720 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 08:49 2,142,720 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 08:02 2,062,976 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-08-04 08:02 2,020,864 -------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 08:02 2,020,864 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-02-20 12:01 148 a------- c:\docume~1\jcsurv~1\applic~1\wklnhst.dat
2007-06-08 22:45 88 -c-shr-- c:\windows\system32\F1D74CB742.sys
2009-07-10 17:27 8 ---shr-- c:\windows\system32\FCF4F4C102.sys
2009-07-06 10:32 3 a--sh--- c:\windows\system32\weyalomi.dll
============= FINISH: 12:14:54.79 ===============

Here is the second of today's DDS log --

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 5/20/2007 4:37:09 PM

System Uptime: 10/21/2009 11:55:25 AM (1 hours ago)

Motherboard: Dell Inc. | | 0HJ054

Processor: Intel® Pentium® D CPU 2.66GHz | Microprocessor | 2660/533mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 71 GiB total, 59.44 GiB free.

D: is CDROM ()

F: is CDROM (CDFS)

G: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel® PRO/100 VE Network Connection

Device ID: PCI\VEN_8086&DEV_27DC&SUBSYS_01AB1028&REV_01\4&5855BE9&0&40F0

Manufacturer: Intel

Name: Intel® PRO/100 VE Network Connection

PNP Device ID: PCI\VEN_8086&DEV_27DC&SUBSYS_01AB1028&REV_01\4&5855BE9&0&40F0

Service: E100B

==== System Restore Points ===================

RP1: 10/18/2009 11:53:38 AM - System Checkpoint

RP2: 10/20/2009 10:17:13 AM - Software Distribution Service 3.0

RP3: 10/20/2009 10:53:31 AM - Software Distribution Service 3.0

RP4: 10/21/2009 11:58:42 AM - Avg8 Update

RP5: 10/21/2009 11:59:19 AM - Software Distribution Service 3.0

RP6: 10/21/2009 12:11:35 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Ad-Aware

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Reader 7.0.9

AOLIcon

AVG 8.5

Bounce Bully

BurnAware Free 2.3.3

CCleaner (remove only)

CDDRV_Installer

Corel Photo Album 6

Coupon Printer for Windows

Critical Update for Windows Media Player 11 (KB959772)

Dell CinePlayer

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Support Center (Support Software)

Dell System Restore

Digital Content Portal

EPSON Printer Software

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB896256)

Hotfix for Windows XP (KB906569)

Hotfix for Windows XP (KB908673)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

Intel® PROSet for Wired Connections

J2SE Runtime Environment 5.0 Update 6

Java 6 Update 15

KhalInstallWrapper

Learn2 Player (Uninstall Only)

Logitech SetPoint

MCU

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Office Outlook 2003 with Business Contact Manager Update

Microsoft Office Small Business Edition 2003

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Mozilla Firefox (3.0.10)

Mozilla Thunderbird (2.0.0.23)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 6 Service Pack 2 (KB954459)

OpenOffice.org Installer 1.0

PC Pitstop Driver Alert 1.0.0.13

Qualxserve Service Agreement

QuickTime

RealPlayer

SearchAssist

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929969)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931768)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB941644)

Security Update for Windows XP (KB941693)

Security Update for Windows XP (KB942615)

Security Update for Windows XP (KB943055)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB943485)

Security Update for Windows XP (KB944338)

Security Update for Windows XP (KB944533)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB945553)

Security Update for Windows XP (KB946026)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB947864)

Security Update for Windows XP (KB948590)

Security Update for Windows XP (KB948881)

Security Update for Windows XP (KB950749)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

SimCopter

Sonic Activation Module

Spybot - Search & Destroy

SUPERAntiSpyware Free Edition

TBS WMP Plug-in

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB912945)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Update for Windows XP (KB942840)

Update for Windows XP (KB946627)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB973815)

URL Assistant

Viewpoint Media Player

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebCyberCoach 3.2 Dell

WebFldrs XP

Windows Defender

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Installer Clean Up

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB889673

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

==== Event Viewer Messages From Past Week ========

10/20/2009 10:53:49 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.67.940.0).

10/20/2009 10:25:20 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

10/20/2009 10:03:46 AM, error: Service Control Manager [7034] - The MSSQL$MICROSOFTSMLBIZ service terminated unexpectedly. It has done this 1 time(s).

10/17/2009 4:53:01 PM, error: PlugPlayManager [11] - The device Root\LEGACY_MDTDISK\0000 disappeared from the system without first being prepared for removal.

10/17/2009 4:52:53 PM, error: PlugPlayManager [12] - The device 'WAN Miniport (PPTP)' (Root\MS_PPTPMINIPORT\0000) disappeared from the system without first being prepared for removal.

10/17/2009 4:52:53 PM, error: PlugPlayManager [12] - The device 'Video Codecs' (Root\MEDIA\MS_MMVID) disappeared from the system without first being prepared for removal.

10/17/2009 4:52:53 PM, error: PlugPlayManager [12] - The device 'Plug and Play Software Device Enumerator' (Root\SYSTEM\0000) disappeared from the system without first being prepared for removal.

10/17/2009 4:52:53 PM, error: PlugPlayManager [12] - The device 'Microsoft System Management BIOS Driver' (Root\SYSTEM\0002) disappeared from the system without first being prepared for removal.

10/17/2009 4:52:53 PM, error: PlugPlayManager [12] - The device 'Microcode Update Device' (Root\SYSTEM\0001) disappeared from the system without first being prepared for removal.

10/17/2009 4:52:53 PM, error: PlugPlayManager [12] - The device 'Media Control Devices' (Root\MEDIA\MS_MMMCI) disappeared from the system without first being prepared for removal.

10/17/2009 4:52:53 PM, error: PlugPlayManager [12] - The device 'Legacy Video Capture Devices' (Root\MEDIA\MS_MMVCD) disappeared from the system without first being prepared for removal.

10/17/2009 4:52:53 PM, error: PlugPlayManager [12] - The device 'Legacy Audio Drivers' (Root\MEDIA\MS_MMDRV) disappeared from the system without first being prepared for removal.

10/17/2009 4:52:53 PM, error: PlugPlayManager [12] - The device 'Audio Codecs' (Root\MEDIA\MS_MMACM) disappeared from the system without first being prepared for removal.

10/17/2009 4:45:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.

10/17/2009 4:45:32 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).

10/17/2009 4:45:32 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

10/17/2009 4:44:59 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.

10/17/2009 4:44:59 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: Access is denied.

10/17/2009 4:44:59 PM, error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: Access is denied.

10/17/2009 4:44:59 PM, error: Service Control Manager [7000] - The ThreatFire service failed to start due to the following error: The system cannot find the file specified.

10/17/2009 4:44:59 PM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: Access is denied.

10/17/2009 4:44:56 PM, error: SRService [104] - The System Restore initialization process failed.

10/17/2009 4:07:47 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

10/17/2009 3:43:08 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

10/17/2009 3:43:08 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/17/2009 3:42:14 PM, error: DCOM [10000] - Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}. The error: "%5" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

10/17/2009 3:42:07 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00184D340B6A. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

10/14/2009 12:03:50 AM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).

10/14/2009 12:03:50 AM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

==== End Of File ===========================

screen317 · October 24, 2009

Hi,

My apologies for the delay.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Run it and post its log.

-screen317

salp · October 24, 2009

Hi,
My apologies for the delay.
Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Run it and post its log.
-screen317

Screen317 - NO apologies necessary - you're the one helping me out of this disaster! I'll paste the new ComboFix log below, in the meantime is it o/k to delete all the Win32 & Avenger stuff?

ComboFix 09-10-23.01 - JC Surveillance Inc 10/24/2009 14:06.2.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1526.1016 [GMT -4:00]

Running from: G:\Pats.exe.exe

AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\FInstall.sys

c:\windows\system32\Install.txt

c:\windows\TEMP\mta13187.dll

.

((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))

.

2009-10-20 14:53 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe

2009-10-17 20:09 . 2009-10-17 21:04 -------- d-----w- C:\salp.exe

2009-10-13 15:54 . 2009-10-13 16:38 1011572 ----a-w- c:\windows\system32\rolivepa.exe

2009-10-11 15:54 . 2009-10-11 16:30 1011348 ----a-w- c:\windows\system32\yaruvofo.exe

2009-10-08 14:56 . 2009-10-08 15:41 1011246 ----a-w- c:\windows\system32\jivigupi.exe

2009-10-07 02:28 . 2009-10-07 02:37 39424 ----a-w- c:\windows\system32\hugeloko.dll

2009-10-06 02:28 . 2009-10-06 02:41 39424 ----a-w- c:\windows\system32\gibegovu.dll

2009-10-04 14:39 . 2009-10-04 15:09 -------- d-----w- c:\documents and settings\JC Surveillance Inc\Application Data\1041402358

2009-09-30 00:23 . 2009-09-30 00:23 65584 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-30 00:22 . 2009-09-23 12:07 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys

2009-09-30 00:22 . 2009-09-23 12:07 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys

2009-09-30 00:22 . 2009-09-23 12:07 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys

2009-09-30 00:22 . 2009-09-30 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-09-30 00:03 . 2009-09-30 00:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2009-09-29 17:37 . 2009-09-29 17:37 -------- d-s---w- c:\documents and settings\LocalService\UserData

2009-09-28 15:45 . 2009-09-28 15:46 -------- d-----w- c:\program files\Windows Live Safety Center

2009-09-27 19:00 . 2009-09-27 19:00 -------- d-----w- c:\program files\winlogin.exe

2009-09-27 18:04 . 2009-10-11 17:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2

2009-09-27 17:43 . 2009-10-20 16:11 -------- d-----w- c:\documents and settings\JC Surveillance Inc\Local Settings\Application Data\Deployment

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-20 15:03 . 2008-10-20 20:52 -------- d-----w- c:\program files\Mozilla Thunderbird

2009-10-18 19:37 . 2009-04-12 20:57 15688 ----a-w- c:\windows\system32\lsdelete.exe

2009-10-12 04:25 . 2009-07-12 04:25 39424 --sha-w- c:\windows\system32\zumububo.dll

2009-10-11 17:47 . 2009-02-13 15:59 -------- d-----w- c:\program files\bytes

2009-10-11 16:25 . 2009-07-11 16:25 39424 --sha-w- c:\windows\system32\kahowuhi.dll

2009-10-11 16:25 . 2009-07-11 16:25 28160 --sha-w- c:\windows\system32\vakumene.dll

2009-10-11 15:47 . 2008-10-19 16:53 -------- d-----w- c:\documents and settings\JC Surveillance Inc\Application Data\U3

2009-10-08 15:32 . 2009-07-08 15:32 39424 --sha-w- c:\windows\system32\wufajojo.dll

2009-10-07 14:32 . 2009-07-07 14:32 39424 --sha-w- c:\windows\system32\puwudeta.dll

2009-10-06 14:32 . 2009-07-06 14:32 91136 --sha-w- c:\windows\system32\parewote.dll

2009-10-05 14:31 . 2009-07-05 14:31 90624 --sha-w- c:\windows\system32\gipafula.dll

2009-10-05 14:31 . 2009-07-05 14:31 38912 --sha-w- c:\windows\system32\biferopa.dll

2009-10-05 04:58 . 2007-06-10 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-10-05 02:31 . 2009-07-05 02:31 38912 --sha-w- c:\windows\system32\viliwesi.dll

2009-10-04 14:31 . 2009-07-04 14:31 38912 --sha-w- c:\windows\system32\gowaheke.dll

2009-10-04 02:31 . 2009-07-04 02:31 1048099 --sha-w- c:\windows\system32\kowatapi.exe

2009-10-04 02:31 . 2009-07-04 02:31 38912 --sha-w- c:\windows\system32\nesirona.dll

2009-10-03 20:26 . 2007-10-29 00:06 -------- d-----w- c:\program files\Lavasoft

2009-10-03 16:37 . 2007-06-04 00:13 3350 -csha-w- c:\windows\system32\KGyGaAvL.sys

2009-10-03 14:31 . 2009-07-03 14:30 52224 --sha-w- c:\windows\system32\yiralujo.dll

2009-10-03 14:30 . 2009-07-03 14:30 90112 --sha-w- c:\windows\system32\fowajitu.dll

2009-10-03 14:30 . 2009-07-03 14:30 38912 --sha-w- c:\windows\system32\nokiyubu.dll

2009-10-03 02:30 . 2009-07-03 02:30 90624 --sha-w- c:\windows\system32\rahobeto.dll

2009-10-02 14:30 . 2009-07-02 14:30 91136 --sha-w- c:\windows\system32\rasawofu.dll

2009-10-02 14:30 . 2009-07-02 14:30 39424 --sha-w- c:\windows\system32\sohibesi.dll

2009-10-02 14:30 . 2009-07-02 14:30 28160 --sha-w- c:\windows\system32\jevetedo.dll

2009-09-30 00:37 . 2009-01-28 14:37 -------- d-----w- c:\program files\Common Files\Download Manager

2009-09-12 22:33 . 2007-06-04 00:29 65584 -c--a-w- c:\documents and settings\JC Surveillance Inc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-11 14:03 . 2004-08-10 16:51 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-10 18:54 . 2009-02-13 15:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 18:53 . 2009-02-13 15:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-10 16:43 . 2009-09-10 16:43 -------- d-----w- c:\program files\MSBuild

2009-09-10 16:43 . 2009-09-10 16:43 -------- d-----w- c:\program files\Reference Assemblies

2009-09-10 16:40 . 2009-09-10 16:40 -------- d-----w- c:\program files\MSXML 6.0

2009-09-10 15:36 . 2008-09-26 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-09-05 16:57 . 2009-09-05 16:57 -------- d-----w- c:\program files\Coupons

2009-09-04 23:49 . 2006-09-12 17:45 -------- d-----w- c:\program files\Java

2009-09-04 20:45 . 2004-08-10 16:51 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-09-03 18:08 . 2009-07-17 21:48 -------- d-----w- c:\program files\EPSON

2009-08-28 13:50 . 2008-09-26 16:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-28 13:50 . 2008-09-26 16:36 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-28 13:50 . 2008-09-26 16:36 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-26 08:16 . 2004-08-10 16:51 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-14 03:43 . 2009-08-14 03:43 8 --sh--r- c:\windows\system32\18006624F4.sys

2009-08-05 09:11 . 2004-08-10 16:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 12:49 . 2004-08-10 16:51 2142720 ------w- c:\windows\system32\ntoskrnl.exe

2009-08-04 12:02 . 2004-08-04 02:59 2020864 ------w- c:\windows\system32\ntkrnlpa.exe

2007-06-09 02:45 . 2007-06-04 00:13 88 -csh--r- c:\windows\system32\F1D74CB742.sys

2009-07-10 21:27 . 2009-07-10 21:27 8 --sh--r- c:\windows\system32\FCF4F4C102.sys

2009-07-06 14:32 . 2009-07-06 14:32 3 --sha-w- c:\windows\system32\weyalomi.dll

.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 1CC09561E21A48A7F649A40F18235860 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys

[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-10-17_20.57.53 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-10-24 18:12 . 2009-10-24 18:12 16384 c:\windows\temp\Perflib_Perfdata_bc.dat

+ 2007-06-09 20:19 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll

- 2007-06-09 20:19 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll

+ 2004-08-10 16:51 . 2009-10-20 14:33 79484 c:\windows\system32\perfc009.dat

- 2004-08-10 16:51 . 2009-09-10 16:44 79484 c:\windows\system32\perfc009.dat

+ 2004-08-04 09:00 . 2004-08-04 09:00 61440 c:\windows\system32\lsm32.sys

+ 2009-09-04 20:45 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll

- 2007-05-20 20:33 . 2009-10-17 20:11 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2007-05-20 20:33 . 2009-10-20 14:47 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2009-10-20 14:48 . 2009-10-20 14:47 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2004-08-04 09:00 . 2004-08-04 09:00 46080 c:\windows\system32\BtwSrv.dll

+ 2008-11-25 08:59 . 2008-11-25 08:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2009-06-24 23:56 . 2009-06-24 23:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe

+ 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

- 2007-04-14 00:58 . 2007-04-14 00:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

+ 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

- 2007-04-14 00:57 . 2007-04-14 00:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

+ 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

- 2007-04-14 00:57 . 2007-04-14 00:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

+ 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

- 2007-04-14 01:30 . 2007-04-14 01:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

- 2009-01-28 15:18 . 2009-10-13 19:51 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

+ 2009-01-28 15:18 . 2009-10-20 16:13 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

- 2009-01-28 15:18 . 2009-10-13 19:51 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2009-01-28 15:18 . 2009-10-20 16:13 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2009-10-20 14:20 . 2009-10-20 14:20 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_7672af29\System.Drawing.Design.dll

+ 2009-10-20 14:20 . 2009-10-20 14:20 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_4bd56cd0\CustomMarshalers.dll

+ 2009-10-20 14:37 . 2009-10-20 14:37 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll

+ 2009-10-21 16:36 . 2009-10-21 16:36 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll

+ 2009-10-20 15:43 . 2009-10-20 15:43 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\65c2d4340bdc5275395edf958605d858\System.Windows.Presentation.ni.dll

+ 2009-10-20 15:43 . 2009-10-20 15:43 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a513f080a7444bb62e2df1873280c394\System.Web.DynamicData.Design.ni.dll

+ 2009-10-21 16:36 . 2009-10-21 16:36 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll

+ 2009-10-20 15:36 . 2009-10-20 15:36 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll

+ 2009-10-20 15:36 . 2009-10-20 15:36 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll

+ 2009-10-20 14:34 . 2009-10-20 14:34 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe

+ 2009-10-20 14:34 . 2009-10-20 14:34 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll

+ 2009-10-20 15:42 . 2009-10-20 15:42 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll

+ 2009-10-20 15:30 . 2009-10-20 15:30 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll

+ 2009-10-20 15:30 . 2009-10-20 15:30 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll

+ 2009-10-20 15:30 . 2009-10-20 15:30 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe

+ 2009-10-20 14:43 . 2009-10-20 14:43 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2009-09-10 16:42 . 2009-09-10 16:42 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2009-09-10 16:42 . 2009-09-10 16:42 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2004-08-10 16:51 . 2009-04-02 03:02 604160 c:\windows\system32\wmspdmod.dll

+ 2004-08-04 09:00 . 2004-08-04 09:00 132608 c:\windows\system32\wmdtc.exe

- 2004-08-10 16:51 . 2009-09-10 16:44 460296 c:\windows\system32\perfh009.dat

+ 2004-08-10 16:51 . 2009-10-20 14:33 460296 c:\windows\system32\perfh009.dat

+ 2004-08-04 09:00 . 2004-08-04 09:00 132608 c:\windows\system32\opeia.exe

+ 2004-08-10 16:51 . 2009-04-02 03:02 604160 c:\windows\system32\dllcache\wmspdmod.dll

- 2004-08-10 16:51 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll

+ 2004-08-10 16:51 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll

- 2009-06-25 08:17 . 2009-06-25 08:17 136192 c:\windows\system32\dllcache\msv1_0.dll

+ 2009-06-25 08:17 . 2009-09-11 14:03 136192 c:\windows\system32\dllcache\msv1_0.dll

- 2007-05-20 20:33 . 2009-10-17 20:11 983040 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2007-05-20 20:33 . 2009-10-20 14:47 983040 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-11-25 08:59 . 2008-11-25 08:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll

- 2008-07-25 15:17 . 2008-07-25 15:17 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll

+ 2008-11-25 08:59 . 2008-11-25 08:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll

+ 2008-11-25 08:59 . 2008-11-25 08:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

+ 2009-08-08 03:51 . 2009-08-08 03:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

- 2007-04-14 00:58 . 2007-04-14 00:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

- 2007-04-14 00:56 . 2007-04-14 00:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

+ 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

+ 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

- 2007-04-14 01:30 . 2007-04-14 01:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2008-12-13 13:58 . 2008-12-13 13:58 754688 c:\windows\Installer\3acbf.msp

+ 2008-02-13 23:22 . 2008-02-13 23:22 579112 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.1.8044\file_tgctlsr.dll

+ 2008-02-13 23:21 . 2008-02-13 23:21 370216 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.1.8044\file_sdcnetcheck.dll

+ 2009-10-20 14:20 . 2009-10-20 14:20 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_8ec5dc74\System.Drawing.dll

+ 2009-10-20 14:20 . 2009-10-20 14:20 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_8f71ef6e\System.Drawing.Design.dll

+ 2009-10-20 14:20 . 2009-10-20 14:20 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_ed7cfba7\CustomMarshalers.dll

+ 2009-10-20 15:30 . 2009-10-20 15:30 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe

+ 2009-10-20 14:37 . 2009-10-20 14:37 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\e3b3b45a99cf08b3eaabc145b3ab83cc\WindowsFormsIntegration.ni.dll

+ 2009-10-21 16:01 . 2009-10-21 16:01 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll

+ 2009-10-20 14:37 . 2009-10-20 14:37 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll

+ 2009-10-20 14:37 . 2009-10-20 14:37 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll

+ 2009-10-20 15:37 . 2009-10-20 15:37 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6A.tmp\System.EnterpriseServices.Wrapper.dll

+ 2009-10-20 15:43 . 2009-10-20 15:43 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll

+ 2009-10-20 15:43 . 2009-10-20 15:43 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll

+ 2009-10-20 15:43 . 2009-10-20 15:43 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll

+ 2009-10-20 15:43 . 2009-10-20 15:43 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\9fffdcf7576a55fe07e6c906eeeb676b\System.Web.Extensions.Design.ni.dll

+ 2009-10-21 16:36 . 2009-10-21 16:36 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll

+ 2009-10-21 16:36 . 2009-10-21 16:36 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll

+ 2009-10-20 15:43 . 2009-10-20 15:43 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\1b4f8a8eae3e277f79feb94e08e112b3\System.Web.Entity.ni.dll

+ 2009-10-21 16:36 . 2009-10-21 16:36 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll

+ 2009-10-20 15:43 . 2009-10-20 15:43 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\0bad23602976473fa7f0e3eb5b7a7e37\System.Web.Entity.Design.ni.dll

+ 2009-10-20 15:43 . 2009-10-20 15:43 543232 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ed08417dab2055ba3a6a0a14a02009e6\System.Web.DynamicData.ni.dll

+ 2009-10-21 16:36 . 2009-10-21 16:36 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll

+ 2009-10-20 15:43 . 2009-10-20 15:43 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll

+ 2009-10-20 15:42 . 2009-10-20 15:42 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll

+ 2009-10-20 15:42 . 2009-10-20 15:42 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll

+ 2009-10-20 15:30 . 2009-10-20 15:30 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll

+ 2009-10-20 15:42 . 2009-10-20 15:42 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2009-10-20 15:42 . 2009-10-20 15:42 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll

+ 2009-10-20 15:42 . 2009-10-20 15:42 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll

+ 2009-10-20 15:42 . 2009-10-20 15:42 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll

+ 2009-10-20 14:43 . 2009-10-20 14:43 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll

+ 2009-10-20 14:43 . 2009-10-20 14:43 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll

+ 2009-10-20 15:42 . 2009-10-20 15:42 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll

+ 2009-10-20 15:42 . 2009-10-20 15:42 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll

+ 2009-10-20 14:36 . 2009-10-20 14:36 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll

+ 2009-10-20 15:37 . 2009-10-20 15:37 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll

+ 2009-10-20 15:37 . 2009-10-20 15:37 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll

+ 2009-10-21 16:35 . 2009-10-21 16:35 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll

+ 2009-10-20 15:37 . 2009-10-20 15:37 940032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\8917ce6ff81d1053990262876a3fe189\System.Data.Services.Client.ni.dll

+ 2009-10-20 15:37 . 2009-10-20 15:37 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\270d19e65c449eb3565ea65abf5a80f9\System.Data.Services.Design.ni.dll

+ 2009-10-21 16:35 . 2009-10-21 16:35 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll

+ 2009-10-20 15:37 . 2009-10-20 15:37 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll

+ 2009-10-20 15:36 . 2009-10-20 15:36 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll

+ 2009-10-20 15:30 . 2009-10-20 15:30 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll

+ 2009-10-20 15:42 . 2009-10-20 15:42 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll

+ 2009-10-20 15:36 . 2009-10-20 15:36 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll

+ 2009-10-21 16:35 . 2009-10-21 16:35 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe

+ 2009-10-20 15:30 . 2009-10-20 15:30 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\534a906def0589c4a79777bb71d077f8\SMSvcHost.ni.exe

+ 2009-10-20 15:30 . 2009-10-20 15:30 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll

+ 2009-10-21 16:35 . 2009-10-21 16:35 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe

+ 2009-10-20 15:30 . 2009-10-20 15:30 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\70fb050baa3c5e16c33bc07a9c04d60a\ServiceModelReg.ni.exe

+ 2009-10-20 14:35 . 2009-10-20 14:35 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dfd2c8400c007d42e4c50bb30cbe674d\PresentationFramework.Aero.ni.dll

+ 2009-10-21 16:01 . 2009-10-21 16:01 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll

+ 2009-10-20 14:35 . 2009-10-20 14:35 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\923cba27f4e44590921187df24fb3fa2\PresentationFramework.Luna.ni.dll

+ 2009-10-20 14:35 . 2009-10-20 14:35 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4884f3c5d0ecba1d2c02884d3c99aba3\PresentationFramework.Classic.ni.dll

+ 2009-10-21 16:01 . 2009-10-21 16:01 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll

+ 2009-10-21 16:01 . 2009-10-21 16:01 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll

+ 2009-10-20 14:35 . 2009-10-20 14:35 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1f95d0ae45b7b1ce8ac73c4279ced2bb\PresentationFramework.Royale.ni.dll

+ 2009-10-21 16:01 . 2009-10-21 16:01 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll

+ 2009-10-20 15:30 . 2009-10-20 15:30 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe

+ 2009-10-21 16:35 . 2009-10-21 16:35 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2009-10-20 15:30 . 2009-10-20 15:30 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\638757f45f32afb0d3e64fcb1e68da83\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2009-10-20 15:36 . 2009-10-20 15:36 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll

+ 2009-10-20 15:36 . 2009-10-20 15:36 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2009-10-20 15:30 . 2009-10-20 15:30 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll

+ 2009-10-20 15:30 . 2009-10-20 15:30 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2009-10-20 15:30 . 2009-10-20 15:30 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll

+ 2009-10-21 16:35 . 2009-10-21 16:35 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe

+ 2009-10-20 15:30 . 2009-10-20 15:30 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\2cee6d8981c796289318c60a8e6dfb93\ComSvcConfig.ni.exe

+ 2009-10-20 14:43 . 2009-10-20 14:43 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2009-09-10 16:44 . 2009-09-10 16:44 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll

+ 2009-10-21 16:00 . 2009-10-21 16:00 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll

+ 2009-10-21 16:00 . 2009-10-21 16:00 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2009-10-21 16:00 . 2009-10-21 16:00 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll

- 2009-09-10 16:44 . 2009-09-10 16:44 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll

+ 2009-10-21 16:00 . 2009-10-21 16:00 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll

- 2009-09-10 16:44 . 2009-09-10 16:44 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2009-10-18 15:50 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll

- 2004-08-10 16:51 . 2006-06-22 05:06 1435648 c:\windows\system32\query.dll

+ 2004-08-10 16:51 . 2009-07-17 16:27 1435648 c:\windows\system32\query.dll

+ 2004-08-10 16:51 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll

- 2004-08-10 16:51 . 2006-06-22 05:06 1435648 c:\windows\system32\dllcache\query.dll

+ 2007-02-28 09:55 . 2009-08-04 12:51 2185984 c:\windows\system32\dllcache\ntoskrnl.exe

- 2007-02-28 09:15 . 2009-02-06 09:49 2020864 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2007-02-28 09:15 . 2009-08-04 12:02 2020864 c:\windows\system32\dllcache\ntkrpamp.exe

- 2007-02-28 09:15 . 2009-02-06 09:49 2062976 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2007-02-28 09:15 . 2009-08-04 12:02 2062976 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2007-02-28 09:53 . 2009-08-04 12:49 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe

- 2007-02-28 09:53 . 2009-02-06 10:29 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2008-12-05 23:35 . 2008-12-05 23:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll

+ 2008-12-06 00:12 . 2008-12-06 00:12 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll

- 2008-07-29 23:16 . 2008-07-29 23:16 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll

+ 2008-11-25 08:59 . 2008-11-25 08:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll

- 2008-07-25 15:17 . 2008-07-25 15:17 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll

+ 2008-11-25 08:59 . 2008-11-25 08:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2009-08-08 03:51 . 2009-08-08 03:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

- 2008-07-25 15:17 . 2008-07-25 15:17 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2009-08-08 03:51 . 2009-08-08 03:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

- 2007-04-14 01:35 . 2007-04-14 01:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

+ 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

- 2007-04-14 01:35 . 2007-04-14 01:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

- 2007-04-14 00:57 . 2007-04-14 00:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

+ 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

- 2007-04-14 00:57 . 2007-04-14 00:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

+ 2008-05-28 04:48 . 2008-05-28 04:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

- 2007-04-14 00:50 . 2007-04-14 00:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

+ 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

+ 2008-12-13 13:57 . 2008-12-13 13:57 8397824 c:\windows\Installer\fa9a8.msp

+ 2009-05-26 16:23 . 2009-05-26 16:23 3478528 c:\windows\Installer\e7fbd9.msp

+ 2007-02-28 09:55 . 2009-08-04 12:51 2185984 c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2006-09-12 17:47 . 2009-08-04 12:02 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2006-09-12 17:47 . 2009-02-06 09:49 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2007-02-28 09:15 . 2009-02-06 09:49 2062976 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2007-02-28 09:15 . 2009-08-04 12:02 2062976 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2006-09-12 17:47 . 2009-08-04 12:49 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe

- 2006-09-12 17:47 . 2009-02-06 10:29 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2009-10-20 14:20 . 2009-10-20 14:20 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_efe4da10\System.dll

+ 2009-10-20 14:20 . 2009-10-20 14:20 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_1c0128d6\System.dll

+ 2009-10-20 14:20 . 2009-10-20 14:20 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_eb8f78ae\System.Xml.dll

+ 2009-10-20 14:20 . 2009-10-20 14:20 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_8067cfa3\System.Xml.dll

+ 2009-10-20 14:20 . 2009-10-20 14:20 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_888bae61\System.Windows.Forms.dll

+ 2009-10-20 14:20 . 2009-10-20 14:20 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_1bb33f3c\System.Windows.Forms.dll

+ 2009-10-20 14:21 . 2009-10-20 14:21 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_526aefdd\System.Drawing.dll

+ 2009-10-20 14:20 . 2009-10-20 14:20 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_bc1c7c55\System.Design.dll

+ 2009-10-20 14:20 . 2009-10-20 14:20 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_3f4fb306\System.Design.dll

+ 2009-10-20 14:21 . 2009-10-20 14:21 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f6d4d52b\mscorlib.dll

+ 2009-10-20 14:20 . 2009-10-20 14:20 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a8d6f864\mscorlib.dll

+ 2009-10-20 14:34 . 2009-10-20 14:34 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll

+ 2009-10-20 14:37 . 2009-10-20 14:37 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll

+ 2009-10-20 14:34 . 2009-10-20 14:34 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll

+ 2009-10-20 14:37 . 2009-10-20 14:37 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll

+ 2009-10-21 16:36 . 2009-10-21 16:36 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll

+ 2009-10-20 15:43 . 2009-10-20 15:43 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a4ca03321ee2910671e7abc2fca9517c\System.WorkflowServices.ni.dll

+ 2009-10-20 15:43 . 2009-10-20 15:43 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll

+ 2009-10-20 15:43 . 2009-10-20 15:43 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll

+ 2009-10-20 15:43 . 2009-10-20 15:43 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll

+ 2009-10-20 15:43 . 2009-10-20 15:43 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll

+ 2009-10-20 15:43 . 2009-10-20 15:43 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll

+ 2009-10-21 16:36 . 2009-10-21 16:36 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll

+ 2009-10-20 15:43 . 2009-10-20 15:43 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\79204a00d6e93902d28176662cef1ff7\System.Web.Extensions.ni.dll

+ 2009-10-20 14:36 . 2009-10-20 14:36 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll

+ 2009-10-21 16:36 . 2009-10-21 16:36 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll

+ 2009-10-20 15:42 . 2009-10-20 15:42 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\0e4b9f06073646591612aca38f963905\System.ServiceModel.Web.ni.dll

+ 2009-10-20 14:43 . 2009-10-20 14:43 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll

+ 2009-10-21 16:01 . 2009-10-21 16:01 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll

+ 2009-10-20 14:36 . 2009-10-20 14:36 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\1d413015aeb4484bd19f76bc996bd90e\System.Printing.ni.dll

+ 2009-10-20 14:43 . 2009-10-20 14:43 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll

+ 2009-10-20 14:36 . 2009-10-20 14:36 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll

+ 2009-10-20 15:37 . 2009-10-20 15:37 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll

+ 2009-10-20 15:37 . 2009-10-20 15:37 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll

+ 2009-10-20 14:35 . 2009-10-20 14:35 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll

+ 2009-10-20 15:30 . 2009-10-20 15:30 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll

+ 2009-10-20 15:37 . 2009-10-20 15:37 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\c4d194ff668064d3c61924490fa27036\System.Data.Services.ni.dll

+ 2009-10-21 16:35 . 2009-10-21 16:35 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll

+ 2009-10-20 14:36 . 2009-10-20 14:36 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll

+ 2009-10-20 15:37 . 2009-10-20 15:37 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll

+ 2009-10-20 14:35 . 2009-10-20 14:35 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll

+ 2009-10-20 14:35 . 2009-10-20 14:35 2128384 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\9a3623e141696aaa05dc43f465bb8855\ReachFramework.ni.dll

+ 2009-10-21 16:01 . 2009-10-21 16:01 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll

+ 2009-10-21 16:01 . 2009-10-21 16:01 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll

+ 2009-10-20 14:35 . 2009-10-20 14:35 1657344 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\819b824734429d122b3d6cebab024876\PresentationUI.ni.dll

+ 2009-10-20 14:34 . 2009-10-20 14:34 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll

+ 2009-10-20 15:36 . 2009-10-20 15:36 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll

+ 2009-10-21 16:35 . 2009-10-21 16:35 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll

+ 2009-10-20 15:30 . 2009-10-20 15:30 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\e860112721d1a4cd529b96cc8707f65e\Microsoft.Transactions.Bridge.ni.dll

+ 2009-10-20 15:42 . 2009-10-20 15:42 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll

+ 2009-10-20 15:36 . 2009-10-20 15:36 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll

+ 2009-10-20 15:36 . 2009-10-20 15:36 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2009-10-20 15:30 . 2009-10-20 15:30 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2009-10-21 16:00 . 2009-10-21 16:00 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

- 2009-09-10 16:45 . 2009-09-10 16:45 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

+ 2009-10-21 15:59 . 2009-10-21 15:59 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

- 2009-09-10 16:43 . 2009-09-10 16:43 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2009-09-10 16:43 . 2009-09-10 16:43 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

+ 2009-10-21 15:59 . 2009-10-21 15:59 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2009-09-10 16:42 . 2009-09-10 16:42 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2009-10-20 14:32 . 2009-10-20 14:32 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

- 2007-07-15 04:31 . 2007-07-15 04:31 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

+ 2009-10-20 14:19 . 2009-10-20 14:19 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

+ 2009-10-20 14:19 . 2009-10-20 14:19 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

- 2007-07-15 04:31 . 2007-07-15 04:31 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

+ 2009-10-20 14:25 . 2009-10-02 15:01 25198016 c:\windows\system32\MRT.exe

+ 2009-08-11 01:08 . 2009-08-11 01:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp

+ 2009-08-15 00:32 . 2009-08-15 00:32 11110912 c:\windows\Installer\fa9ba.msp

+ 2008-12-13 14:21 . 2008-12-13 14:21 10473472 c:\windows\Installer\fa9aa.msp

+ 2009-08-10 18:09 . 2009-08-10 18:09 17254912 c:\windows\Installer\fa99a.msp

+ 2008-12-13 14:21 . 2008-12-13 14:21 10473472 c:\windows\Installer\3acb4.msp

+ 2009-10-20 14:36 . 2009-10-20 14:36 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll

+ 2009-10-20 15:43 . 2009-10-20 15:43 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll

+ 2009-10-20 15:30 . 2009-10-20 15:30 17316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\6a4cd375cd02c30aa8876bba76f4d6ad\System.ServiceModel.ni.dll

+ 2009-10-21 16:35 . 2009-10-21 16:35 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll

+ 2009-10-20 14:36 . 2009-10-20 14:36 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll

+ 2009-10-20 14:35 . 2009-10-20 14:35 14325760 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9a088230bba671035e6759dc9b63ea0e\PresentationFramework.ni.dll

+ 2009-10-21 16:01 . 2009-10-21 16:01 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll

+ 2009-10-20 14:34 . 2009-10-20 14:34 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll

+ 2009-10-20 14:33 . 2009-10-20 14:33 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-18 2025752]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-12 98304]

"EPSON Stylus C84 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE" [2003-05-27 99840]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-10-18 520024]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-19 185896]

"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-02-10 282624]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-27 805392]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-28 13:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgrsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/12/2009 3:36 PM 64160]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [9/29/2009 8:22 PM 51984]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [9/29/2009 8:22 PM 59664]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/26/2008 12:36 PM 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/26/2008 12:37 PM 108552]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 55024]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/26/2008 12:36 PM 297752]

R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 12:51 PM 14336]

R2 fastnetsrv;fastnetsrv Service;c:\windows\system32\FastNetSrv.exe [8/4/2004 5:00 AM 94720]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1028432]

R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [7/26/2009 6:02 PM 362944]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/26/2008 12:36 PM 908056]

S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [8/14/2008 7:59 PM 17149]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [9/29/2009 8:22 PM 33552]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

BtwSrv

.

Contents of the 'Scheduled Tasks' folder

2009-10-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:37]

2009-10-02 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

.

------- Supplementary Scan -------

.

mStart Page = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\JC Surveillance Inc\Application Data\Mozilla\Firefox\Profiles\0evo8ztb.default\

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: XUL Cache: {3507B79D-BAEB-4E98-B24C-B9BD25991D82} - c:\documents and settings\JC Surveillance Inc\Local Settings\Application Data\{3507B79D-BAEB-4E98-B24C-B9BD25991D82}

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-24 14:12

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ThreatFire]

"AlternateImagePath"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-477365121-4083767938-562202453-1007\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{020487CC-FC04-4B1E-863F-D9801796230B}\InProcServer32]

@DACL=(02 0000)

@="c:\\DOCUME~1\\JCSURV~1\\LOCALS~1\\Temp\\wndutl32.dll"

"ThreadingModel"="Apartment"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1760)

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\windows\system32\wbem\unsecapp.exe

c:\pats.exe\CF24238.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

c:\pats.exe\PEV.cfxxe

.

**************************************************************************

.

Completion time: 2009-10-24 14:16 - machine was rebooted

ComboFix-quarantined-files.txt 2009-10-24 18:16

Pre-Run: 63,656,734,720 bytes free

Post-Run: 63,670,804,480 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 263282052BBCDEA31B486A28F8C7C71B

screen317 · October 25, 2009

Hi,

Hold off on removing the tools we used. There is still malware here.

Next, please open Notepad. Copy and paste the text in the Code box below into Notepad:

http://www.malwarebytes.org/forums/index.php?showtopic=26594
Collect::
c:\windows\system32\rolivepa.exe
c:\windows\system32\yaruvofo.exe
c:\windows\system32\jivigupi.exe
c:\windows\system32\hugeloko.dll
c:\windows\system32\gibegovu.dll
c:\program files\winlogin.exe
c:\windows\system32\zumububo.dll
c:\windows\system32\kahowuhi.dll
c:\windows\system32\vakumene.dll
c:\windows\system32\wufajojo.dll
c:\windows\system32\puwudeta.dll
c:\windows\system32\parewote.dll
c:\windows\system32\gipafula.dll
c:\windows\system32\biferopa.dll
c:\windows\system32\viliwesi.dll
c:\windows\system32\gowaheke.dll
c:\windows\system32\kowatapi.exe
c:\windows\system32\nesirona.dll
c:\windows\system32\weyalomi.dll
c:\windows\system32\yiralujo.dll
c:\windows\system32\fowajitu.dll
c:\windows\system32\nokiyubu.dll
c:\windows\system32\rahobeto.dll
c:\windows\system32\rasawofu.dll
c:\windows\system32\sohibesi.dll
c:\windows\system32\jevetedo.dll
c:\windows\system32\lsm32.sys
c:\windows\system32\BtwSrv.dll
c:\windows\system32\FastNetSrv.exe
Dirlook::
c:\documents and settings\JC Surveillance Inc\Application Data\1041402358
KILLALL::
Suspect::
c:\windows\system32\F1D74CB742.sys
c:\windows\system32\FCF4F4C102.sys
FCOPY::
c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys | c:\windows\system32\drivers\tcpip.sys
Driver::
fastnetsrv
BtwSrv
NetSvc::
BtwSrv

Save this as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.

-screen317

salp · October 25, 2009

Hi,
Hold off on removing the tools we used. There is still malware here.
Next, please open Notepad. Copy and paste the text in the Code box below into Notepad:
http://www.malwarebytes.org/forums/index.php?showtopic=26594
Collect::
c:\windows\system32\rolivepa.exe
c:\windows\system32\yaruvofo.exe
c:\windows\system32\jivigupi.exe
c:\windows\system32\hugeloko.dll
c:\windows\system32\gibegovu.dll
c:\program files\winlogin.exe
c:\windows\system32\zumububo.dll
c:\windows\system32\kahowuhi.dll
c:\windows\system32\vakumene.dll
c:\windows\system32\wufajojo.dll
c:\windows\system32\puwudeta.dll
c:\windows\system32\parewote.dll
c:\windows\system32\gipafula.dll
c:\windows\system32\biferopa.dll
c:\windows\system32\viliwesi.dll
c:\windows\system32\gowaheke.dll
c:\windows\system32\kowatapi.exe
c:\windows\system32\nesirona.dll
c:\windows\system32\weyalomi.dll
c:\windows\system32\yiralujo.dll
c:\windows\system32\fowajitu.dll
c:\windows\system32\nokiyubu.dll
c:\windows\system32\rahobeto.dll
c:\windows\system32\rasawofu.dll
c:\windows\system32\sohibesi.dll
c:\windows\system32\jevetedo.dll
c:\windows\system32\lsm32.sys
c:\windows\system32\BtwSrv.dll
c:\windows\system32\FastNetSrv.exe
Dirlook::
c:\documents and settings\JC Surveillance Inc\Application Data\1041402358
KILLALL::
Suspect::
c:\windows\system32\F1D74CB742.sys
c:\windows\system32\FCF4F4C102.sys
FCOPY::
c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys | c:\windows\system32\drivers\tcpip.sys
Driver::
fastnetsrv
BtwSrv
NetSvc::
BtwSrv
Save this as CFScript.txt
Refering to the picture above, drag CFScript.txt into ComboFix.exe
When finished, it shall produce a log for you. Post that log in your next reply.
**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
Ensure you are connected to the internet and click OK on the message box.
-screen317

Hey Screen317 - here is the latest ComboFix log -

ComboFix 09-10-24.03 - JC Surveillance Inc 10/25/2009 10:49.3.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1526.936 [GMT -4:00]

Running from: G:\Pats.exe.exe

Command switches used :: c:\documents and settings\JC Surveillance Inc\Desktop\CFScript.lnk

AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\Install.txt

c:\windows\TEMP\mta13187.dll

c:\windows\TEMP\t4m0_34489622498.bk.old

c:\windows\TEMP\x1c91492.dll

.

((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))

.

2009-10-25 14:46 . 2009-10-25 14:46 -------- d-----w- C:\Pats.exe9727P

2009-10-25 14:40 . 2009-10-25 14:41 -------- d-----w- C:\Pats.exe