Malware Is Causing Browser Re-Directs Please Help

franki · June 12, 2010

I have ran malwarebytes and it removed the files or so I thought. Now I am getting browser redirects to different websites at random when using IE. My computer is also randomly locking up. Please help me. I don't want to format my hard drive but I am getting close to doing it.

Thanks you in advance for any help that can be provided. Log from most previous scan that had a trojan is attached as well as another scan that had a registry key infected. If I scan now it shows it is clean but I am still getting the browser redirects

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4188

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/11/2010 8:17:51 AM

mbam-log-2010-06-11 (08-17-51).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 52522

Time elapsed: 14 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\William Trantham\My Documents\Flash.Player.HD.v10.0.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4188

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/11/2010 8:02:08 AM

mbam-log-2010-06-11 (08-02-08).txt

Scan type: Quick scan

Objects scanned: 142065

Time elapsed: 9 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Maniac · June 12, 2010

Hello franki! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

The process of cleaning your system may take some time, so please be patient.
Follow my instructions step by step if there is a problem somewhere, stop and tell me I then I'll tell you what to do.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
If you don't know or can't understand something please ask.
Do not install or uninstall any software or hardware, while work on.
Keep me informed of any changes.

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
- Open Tools -> Options -> Main tab
- Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------

Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

franki · June 12, 2010

I have completed the combo-fix scan. Last night while I was asleep symantec found more trojans in my system restore folder as well. I will not run any new scans until instructed to do so at this point.

ComboFix 10-06-11.01 - William Trantham 06/12/2010 6:12.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1255 [GMT -4:00]

Running from: c:\documents and settings\William Trantham\Desktop\Combo-Fix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\William Trantham\Local Settings\Application Data\{2B7DD5EE-57C5-4E08-8896-87B7CA150B40}

c:\documents and settings\William Trantham\Local Settings\Application Data\{2B7DD5EE-57C5-4E08-8896-87B7CA150B40}\chrome.manifest

c:\documents and settings\William Trantham\Local Settings\Application Data\{2B7DD5EE-57C5-4E08-8896-87B7CA150B40}\chrome\content\_cfg.js

c:\documents and settings\William Trantham\Local Settings\Application Data\{2B7DD5EE-57C5-4E08-8896-87B7CA150B40}\chrome\content\c.js

c:\documents and settings\William Trantham\Local Settings\Application Data\{2B7DD5EE-57C5-4E08-8896-87B7CA150B40}\chrome\content\overlay.xul

c:\documents and settings\William Trantham\Local Settings\Application Data\{2B7DD5EE-57C5-4E08-8896-87B7CA150B40}\install.rdf

.

((((((((((((((((((((((((( Files Created from 2010-05-12 to 2010-06-12 )))))))))))))))))))))))))))))))

.

2010-06-12 04:05 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-12 03:15 . 2010-06-12 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-06-12 03:15 . 2010-06-12 03:15 -------- d-----w- c:\program files\NOS

2010-06-12 01:46 . 2010-06-12 01:46 -------- d-----w- c:\program files\Common Files\Java

2010-06-12 01:45 . 2010-06-12 01:45 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-12 01:24 . 2010-06-12 01:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-06-11 11:51 . 2010-06-11 11:51 -------- d-----w- c:\documents and settings\William Trantham\Application Data\Malwarebytes

2010-06-11 11:50 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-11 11:50 . 2010-06-11 11:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-11 11:50 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-11 11:50 . 2010-06-11 11:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-11 02:14 . 2010-06-11 02:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec

2010-06-11 02:14 . 2010-06-11 02:14 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-06-10 07:12 . 2010-06-10 07:13 -------- d-----w- C:\NBRT

2010-06-09 23:02 . 2010-06-09 23:02 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-06-09 23:01 . 2010-06-09 23:01 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache

2010-06-09 22:54 . 2010-06-09 01:55 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-06-09 01:55 . 2010-06-09 01:54 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-06-09 01:55 . 2010-06-09 01:55 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-06-09 01:52 . 2010-06-09 01:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-06-09 01:52 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe

2010-06-05 11:59 . 2010-06-05 11:59 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-06-04 16:34 . 2010-06-04 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-06-04 16:11 . 2010-06-04 16:11 -------- d-----w- c:\windows\system32\wbem\Repository

2010-06-04 16:11 . 2010-06-04 16:11 -------- d-----w- c:\documents and settings\William Trantham\Application Data\MySpace

2010-06-04 16:11 . 2010-06-04 16:11 -------- d-----w- c:\documents and settings\William Trantham\Application Data\Leadertech

2010-06-04 16:11 . 2010-06-04 16:11 -------- d-----w- c:\documents and settings\William Trantham\Application Data\.Torrent Swapper

2010-06-04 15:50 . 2010-06-10 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-06-04 15:46 . 2010-06-07 14:15 -------- d-----w- c:\documents and settings\William Trantham\Local Settings\Application Data\NPE

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-12 10:11 . 2008-04-28 02:04 -------- d-----w- c:\program files\Symantec AntiVirus

2010-06-12 07:17 . 2006-01-01 04:32 -------- d-----w- c:\program files\Steam

2010-06-12 01:22 . 2006-11-30 01:26 -------- d-----w- c:\program files\Java

2010-06-09 01:52 . 2009-04-05 17:45 -------- d-----w- c:\program files\Lavasoft

2010-06-09 01:52 . 2009-04-05 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-06-08 00:41 . 2009-04-07 01:34 -------- d-----w- c:\program files\CCleaner

2010-06-08 00:38 . 2006-04-10 04:59 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-06-05 14:33 . 2009-08-31 19:39 -------- d-----w- c:\program files\Microsoft Silverlight

2010-05-06 10:41 . 2006-01-09 18:02 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2005-10-06 00:06 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-21 00:05 . 2007-08-16 02:40 -------- d-----w- c:\documents and settings\William Trantham\Application Data\Apple Computer

2010-04-20 05:30 . 2004-08-10 20:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-14 21:47 . 2010-04-14 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-04-14 21:45 . 2010-04-14 21:45 -------- d-----w- c:\program files\QuickTime

2010-04-14 21:42 . 2010-04-14 21:42 -------- d-----w- c:\program files\Bonjour

2004-08-10 20:00 . 2004-08-10 20:00 94784 --sh--w- c:\windows\twain.dll

2008-04-14 00:12 . 2004-08-10 20:00 50688 --sh--w- c:\windows\twain_32.dll

2008-04-14 00:11 . 2004-08-10 20:00 1028096 --sha-w- c:\windows\system32\mfc42.dll

2008-04-14 00:12 . 2004-08-10 20:00 57344 --sh--w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12 . 2004-08-10 20:00 413696 --sha-w- c:\windows\system32\msvcp60.dll

2008-04-14 00:12 . 2004-08-10 20:00 551936 --sh--w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12 . 2004-08-10 20:00 84992 --sha-w- c:\windows\system32\olepro32.dll

2008-04-14 00:12 . 2004-08-10 20:00 11776 --sh--w- c:\windows\system32\regsvr32.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-06-12_03.47.47 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-06-12 07:17 . 2010-06-12 07:17 16384 c:\windows\temp\Perflib_Perfdata_984.dat

+ 2010-06-12 07:17 . 2010-06-12 07:17 16384 c:\windows\temp\Perflib_Perfdata_2a8.dat

- 2006-05-05 12:09 . 2010-05-30 19:37 72780 c:\windows\system32\perfc009.dat

+ 2006-05-05 12:09 . 2010-06-12 04:14 72780 c:\windows\system32\perfc009.dat

+ 2009-11-06 02:17 . 2009-11-06 02:17 11600 c:\windows\system32\mui\0409\mscorees.dll

- 2006-11-08 02:03 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll

+ 2006-11-08 02:03 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll

- 2004-08-10 20:00 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll

+ 2004-08-10 20:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll

+ 2009-07-08 01:12 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll

- 2009-07-08 01:12 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2007-05-08 23:59 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2007-05-08 23:59 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2004-08-10 20:00 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2004-08-10 20:00 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2004-08-10 20:00 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll

+ 2004-08-10 20:00 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll

+ 2010-04-08 03:48 . 2010-04-08 03:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll

- 2008-07-29 23:16 . 2008-07-29 23:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll

+ 2010-03-23 09:31 . 2010-03-23 09:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2010-04-01 15:42 . 2010-04-01 15:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll

- 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

+ 2010-03-31 18:51 . 2010-03-31 18:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

+ 2010-03-31 18:51 . 2010-03-31 18:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

- 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

+ 2010-03-31 18:51 . 2010-03-31 18:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

- 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

+ 2010-03-31 19:32 . 2010-03-31 19:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

- 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2010-03-31 19:32 . 2010-03-31 19:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll

- 2003-02-21 02:19 . 2003-02-21 02:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll

+ 2004-07-20 01:54 . 2010-02-09 22:22 81920 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Security.dll

- 2007-07-13 01:34 . 2010-05-13 07:03 23040 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2007-07-13 01:34 . 2010-06-12 04:09 23040 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2007-07-13 01:34 . 2010-06-12 04:09 61440 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2007-07-13 01:34 . 2010-05-13 07:03 61440 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2007-07-13 01:34 . 2010-05-13 07:03 27136 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2007-07-13 01:34 . 2010-06-12 04:09 27136 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2007-07-13 01:34 . 2010-06-12 04:09 11264 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2007-07-13 01:34 . 2010-05-13 07:03 11264 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2007-07-13 01:34 . 2010-06-12 04:09 86016 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2007-07-13 01:34 . 2010-05-13 07:03 86016 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2007-07-13 01:34 . 2010-06-12 04:09 12288 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2007-07-13 01:34 . 2010-05-13 07:03 12288 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2010-06-12 04:09 . 2010-06-12 04:09 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

- 2010-04-14 07:04 . 2010-04-14 07:04 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2007-03-23 00:13 . 2007-03-23 00:13 23904 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\IPDMCTRL.DLL

+ 2010-06-12 04:18 . 2010-02-25 06:24 12800 c:\windows\ie8updates\KB982381-IE8\xpshims.dll

+ 2010-06-12 04:18 . 2010-02-25 06:24 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll

+ 2010-06-12 04:18 . 2010-02-25 06:24 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll

+ 2010-06-12 04:13 . 2010-06-12 04:13 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_0217a2e8\System.Drawing.Design.dll

+ 2010-06-12 04:13 . 2010-06-12 04:13 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_887063e8\CustomMarshalers.dll

+ 2010-06-12 04:25 . 2010-06-12 04:25 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\1c1629f536fa9874ef08d09fb19ab0f0\System.Windows.Presentation.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll

+ 2010-06-12 04:15 . 2010-06-12 04:15 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e67992626a30603458b0df22841c2423\PresentationFontCache.ni.exe

+ 2010-06-12 04:15 . 2010-06-12 04:15 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\6be27d744e6e2bfc4b0e25bd2998ef7c\PresentationCFFRasterizer.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2010-06-12 04:15 . 2010-06-12 04:15 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

- 2009-08-08 07:04 . 2009-08-08 07:04 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2010-06-12 04:12 . 2010-06-12 04:12 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll

+ 2010-06-12 04:17 . 2010-06-12 04:17 81920 c:\windows\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2007-07-13 01:34 . 2010-05-13 07:03 4096 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2007-07-13 01:34 . 2010-06-12 04:09 4096 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2010-06-12 04:14 . 2010-06-12 04:14 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2009-10-16 07:08 . 2009-10-16 07:08 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2006-05-05 12:09 . 2010-05-30 19:37 445700 c:\windows\system32\perfh009.dat

+ 2006-05-05 12:09 . 2010-06-12 04:14 445700 c:\windows\system32\perfh009.dat

+ 2004-08-10 20:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll

- 2004-08-10 20:00 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll

+ 2006-01-09 18:02 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll

- 2006-01-09 18:02 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll

+ 2006-11-08 02:03 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll

- 2006-01-09 18:01 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll

+ 2006-01-09 18:01 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll

- 2004-08-10 20:00 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll

+ 2004-08-10 20:00 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll

+ 2004-08-10 20:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe

- 2004-08-10 20:00 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe

+ 2006-05-05 12:05 . 2010-06-12 07:16 280536 c:\windows\system32\FNTCACHE.DAT

- 2006-05-05 12:05 . 2009-11-12 00:11 280536 c:\windows\system32\FNTCACHE.DAT

+ 2006-01-09 18:02 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll

- 2006-01-09 18:02 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll

+ 2004-08-10 20:00 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll

- 2004-08-10 20:00 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll

- 2006-01-09 18:02 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll

+ 2006-01-09 18:02 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll

+ 2007-05-08 23:59 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll

+ 2009-07-08 01:12 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll

- 2009-07-08 01:12 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2006-01-09 18:01 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll

- 2006-01-09 18:01 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2004-08-10 20:00 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll

- 2004-08-10 20:00 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2004-08-10 20:00 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe

- 2004-08-10 20:00 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe

+ 2010-04-20 05:30 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll

+ 2010-04-08 03:48 . 2010-04-08 03:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll

- 2008-07-29 23:16 . 2008-07-29 23:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll

+ 2010-04-08 03:48 . 2010-04-08 03:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll

+ 2010-03-23 09:31 . 2010-03-23 09:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2010-02-09 16:22 . 2010-02-09 16:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll

- 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll

+ 2010-03-31 18:51 . 2010-03-31 18:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

- 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

- 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

+ 2010-03-31 18:49 . 2010-03-31 18:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

+ 2010-03-31 19:32 . 2010-03-31 19:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

- 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2010-02-25 04:14 . 2010-02-25 04:14 543232 c:\windows\Installer\b3156.msp

+ 2007-07-13 01:34 . 2010-06-12 04:09 409600 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2007-07-13 01:34 . 2010-05-13 07:03 409600 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2007-07-13 01:34 . 2010-06-12 04:09 286720 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2007-07-13 01:34 . 2010-05-13 07:03 286720 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2007-07-13 01:34 . 2010-06-12 04:09 249856 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2007-07-13 01:34 . 2010-05-13 07:03 249856 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2007-07-13 01:34 . 2010-05-13 07:03 794624 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2007-07-13 01:34 . 2010-06-12 04:09 794624 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2007-07-13 01:34 . 2010-05-13 07:03 135168 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2007-07-13 01:34 . 2010-06-12 04:09 135168 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2007-07-13 01:34 . 2010-05-13 07:03 593920 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2007-07-13 01:34 . 2010-06-12 04:09 593920 c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2008-01-02 01:30 . 2008-01-02 01:30 103776 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\IPATHPIA.DLL

+ 2010-06-12 04:18 . 2010-02-25 06:24 916480 c:\windows\ie8updates\KB982381-IE8\wininet.dll

+ 2010-06-12 04:18 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll

+ 2010-06-12 04:18 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe

+ 2010-06-12 04:18 . 2010-02-25 06:24 206848 c:\windows\ie8updates\KB982381-IE8\occache.dll

+ 2010-06-12 04:18 . 2010-02-25 06:24 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll

+ 2010-06-12 04:18 . 2010-02-25 06:24 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll

+ 2010-06-12 04:18 . 2010-02-25 06:24 247808 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll

+ 2010-06-12 04:18 . 2010-02-25 06:24 184320 c:\windows\ie8updates\KB982381-IE8\iepeers.dll

+ 2010-06-12 04:18 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll

+ 2010-06-12 04:18 . 2010-02-25 06:24 387584 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll

+ 2010-06-12 04:18 . 2010-02-24 09:54 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe

+ 2010-06-12 04:13 . 2010-06-12 04:13 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6cc4ef63\System.Drawing.dll

+ 2010-06-12 04:13 . 2010-06-12 04:13 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b837152f\System.Drawing.Design.dll

+ 2010-06-12 04:13 . 2010-06-12 04:13 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_c02bde0f\CustomMarshalers.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe

+ 2010-06-12 04:17 . 2010-06-12 04:17 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a7c702f75d47bf841b9587e582c2d0b2\WindowsFormsIntegration.ni.dll

+ 2010-06-12 04:17 . 2010-06-12 04:17 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\3a78043c85333d5af49a0d958912ae4a\UIAutomationClient.ni.dll

+ 2010-06-12 04:25 . 2010-06-12 04:25 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll

+ 2010-06-12 04:22 . 2010-06-12 04:22 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll

+ 2010-06-12 04:16 . 2010-06-12 04:16 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe

+ 2010-06-12 04:23 . 2010-06-12 04:23 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe

+ 2010-06-12 04:16 . 2010-06-12 04:16 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae733e4062edba3a33bb0a632bef66bf\PresentationFramework.Royale.ni.dll

+ 2010-06-12 04:16 . 2010-06-12 04:16 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3ffad524016f0aba7b11a8aa33301a65\PresentationFramework.Aero.ni.dll

+ 2010-06-12 04:16 . 2010-06-12 04:16 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\201968d038a23a4688310fed1eeaddaa\PresentationFramework.Classic.ni.dll

+ 2010-06-12 04:16 . 2010-06-12 04:16 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ead87ca8eb84c595c77c70e3b2df88d\PresentationFramework.Luna.ni.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe

+ 2010-06-12 04:23 . 2010-06-12 04:23 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe

+ 2010-06-12 04:23 . 2010-06-12 04:23 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2010-06-12 04:15 . 2010-06-12 04:15 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2010-06-12 04:15 . 2010-06-12 04:15 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2009-08-08 07:04 . 2009-08-08 07:04 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll

+ 2010-06-12 04:15 . 2010-06-12 04:15 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2010-06-12 04:07 . 2010-06-12 04:07 111624 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll

+ 2005-08-04 01:29 . 2010-04-06 08:52 2462720 c:\windows\system32\WMVCore.dll

- 2006-01-09 18:02 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll

+ 2006-01-09 18:02 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll

+ 2005-08-30 04:13 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll

- 2005-08-30 04:13 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll

+ 2006-02-01 02:59 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll

+ 2006-10-17 16:57 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll

- 2006-10-17 16:57 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll

+ 2005-08-04 01:29 . 2010-04-06 08:52 2462720 c:\windows\system32\dllcache\WMVCore.dll

+ 2008-10-15 17:43 . 2010-05-02 05:22 1851264 c:\windows\system32\dllcache\win32k.sys

+ 2006-01-09 18:02 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll

- 2006-01-09 18:02 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll

- 2008-05-07 05:12 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll

+ 2008-05-07 05:12 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll

+ 2006-02-01 02:59 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll

+ 2007-05-08 23:59 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll

- 2007-05-08 23:59 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll

+ 2010-04-08 03:48 . 2010-04-08 03:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll

+ 2010-03-23 09:32 . 2010-03-23 09:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

- 2008-11-25 08:59 . 2008-11-25 08:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2010-04-01 15:42 . 2010-04-01 15:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

- 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

- 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

+ 2010-04-01 15:42 . 2010-04-01 15:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

+ 2010-03-31 18:50 . 2010-03-31 18:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

- 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

+ 2010-03-31 18:50 . 2010-03-31 18:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

+ 2010-04-01 15:42 . 2010-04-01 15:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

- 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

+ 2010-04-12 02:17 . 2010-04-12 02:17 2607104 c:\windows\Installer\b3181.msp

+ 2010-04-12 02:17 . 2010-04-12 02:17 4210688 c:\windows\Installer\b3180.msp

+ 2010-04-24 21:10 . 2010-04-24 21:10 8486400 c:\windows\Installer\b3149.msp

+ 2010-05-05 02:25 . 2010-05-05 02:25 7681024 c:\windows\Installer\b3121.msp

+ 2010-05-03 20:11 . 2010-05-03 20:11 4149760 c:\windows\Installer\b310b.msp

+ 2010-03-30 16:34 . 2010-03-30 16:34 3826688 c:\windows\Installer\b30f5.msp

+ 2010-05-03 20:27 . 2010-05-03 20:27 6825472 c:\windows\Installer\b30df.msp

+ 2010-05-03 20:06 . 2010-05-03 20:06 5053952 c:\windows\Installer\b30c9.msp

+ 2010-05-10 21:17 . 2010-05-10 21:17 5520896 c:\windows\Installer\b30b3.msp

+ 2007-04-30 19:57 . 2007-04-30 19:57 7084384 c:\windows\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.8173\INFOPATH.EXE

+ 2010-06-12 04:18 . 2010-02-25 06:24 1209344 c:\windows\ie8updates\KB982381-IE8\urlmon.dll

+ 2010-06-12 04:18 . 2010-02-25 06:24 5944832 c:\windows\ie8updates\KB982381-IE8\mshtml.dll

+ 2010-06-12 04:18 . 2010-02-25 06:24 1985536 c:\windows\ie8updates\KB982381-IE8\iertutil.dll

+ 2009-10-16 07:03 . 2009-10-16 07:03 1966080 c:\windows\assembly\temp\V9B2C22HU7\System.dll

+ 2009-10-16 07:03 . 2009-10-16 07:03 3391488 c:\windows\assembly\temp\T4TNC1G21V\mscorlib.dll

+ 2009-10-16 07:03 . 2009-10-16 07:03 1232896 c:\windows\assembly\temp\ASECA8Y40R\System.dll

+ 2010-06-12 04:13 . 2010-06-12 04:13 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b88ef546\System.dll

+ 2010-06-12 04:13 . 2010-06-12 04:13 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_53f62113\System.dll

+ 2010-06-12 04:13 . 2010-06-12 04:13 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_d577704b\System.Xml.dll

+ 2010-06-12 04:13 . 2010-06-12 04:13 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_6546de3c\System.Xml.dll

+ 2010-06-12 04:13 . 2010-06-12 04:13 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_4b06242b\System.Windows.Forms.dll

+ 2010-06-12 04:13 . 2010-06-12 04:13 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_380c27f9\System.Windows.Forms.dll

+ 2010-06-12 04:13 . 2010-06-12 04:13 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_d4db55a6\System.Drawing.dll

+ 2010-06-12 04:13 . 2010-06-12 04:13 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_9e2ab156\System.Design.dll

+ 2010-06-12 04:13 . 2010-06-12 04:13 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_3b33193b\System.Design.dll

+ 2010-06-12 04:13 . 2010-06-12 04:13 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7fd57af5\mscorlib.dll

+ 2010-06-12 04:13 . 2010-06-12 04:13 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3723a507\mscorlib.dll

+ 2010-06-12 04:15 . 2010-06-12 04:15 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f231461883859922a040002dddfb7b12\WindowsBase.ni.dll

+ 2010-06-12 04:17 . 2010-06-12 04:17 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\48b66876f72f472db62de48ae4369406\UIAutomationClientsideProviders.ni.dll

+ 2010-06-12 04:15 . 2010-06-12 04:15 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll

+ 2010-06-12 04:17 . 2010-06-12 04:17 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll

+ 2010-06-12 04:25 . 2010-06-12 04:25 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll

+ 2010-06-12 04:25 . 2010-06-12 04:25 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll

+ 2010-06-12 04:25 . 2010-06-12 04:25 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll

+ 2010-06-12 04:25 . 2010-06-12 04:25 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll

+ 2010-06-12 04:17 . 2010-06-12 04:17 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll

+ 2010-06-12 04:22 . 2010-06-12 04:22 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll

+ 2010-06-12 04:17 . 2010-06-12 04:17 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\161b423dc4e86e569af019e838d39de5\System.Printing.ni.dll

+ 2010-06-12 04:22 . 2010-06-12 04:22 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll

+ 2010-06-12 04:16 . 2010-06-12 04:16 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll

+ 2010-06-12 04:16 . 2010-06-12 04:16 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll

+ 2010-06-12 04:16 . 2010-06-12 04:16 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll

+ 2010-06-12 04:16 . 2010-06-12 04:16 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll

+ 2010-06-12 04:16 . 2010-06-12 04:16 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\fc373f0a8dbd173c63b6b95551b1c673\ReachFramework.ni.dll

+ 2010-06-12 04:16 . 2010-06-12 04:16 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\ead93b6a4f0101cb99d09f3e3fc6491c\PresentationUI.ni.dll

+ 2010-06-12 04:15 . 2010-06-12 04:15 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2010-06-12 04:15 . 2010-06-12 04:15 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2009-10-16 07:08 . 2009-10-16 07:08 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2010-06-12 04:14 . 2010-06-12 04:14 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

- 2009-10-16 07:03 . 2009-10-16 07:03 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

+ 2010-06-12 04:13 . 2010-06-12 04:13 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

- 2009-10-16 07:03 . 2009-10-16 07:03 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

+ 2010-06-12 04:13 . 2010-06-12 04:13 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

- 2006-12-01 02:54 . 2010-05-28 16:37 32472008 c:\windows\system32\MRT.exe

+ 2006-12-01 02:54 . 2010-05-28 19:37 32472008 c:\windows\system32\MRT.exe

+ 2006-11-08 02:03 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll

+ 2007-05-08 23:59 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll

+ 2010-04-02 23:29 . 2010-04-02 23:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp

+ 2010-04-12 02:17 . 2010-04-12 02:17 14599680 c:\windows\Installer\b3190.msp

+ 2010-04-02 16:30 . 2010-04-02 16:30 17456640 c:\windows\Installer\b3175.msp

+ 2010-04-24 21:09 . 2010-04-24 21:09 11750912 c:\windows\Installer\b3140.msp

+ 2010-05-11 15:30 . 2010-05-11 15:30 11194880 c:\windows\Installer\b3137.msp

+ 2010-06-12 04:18 . 2010-02-25 15:54 11070976 c:\windows\ie8updates\KB982381-IE8\ieframe.dll

+ 2010-06-12 04:17 . 2010-06-12 04:17 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll

+ 2010-06-12 04:24 . 2010-06-12 04:24 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll

+ 2010-06-12 04:23 . 2010-06-12 04:23 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll

+ 2010-06-12 04:16 . 2010-06-12 04:16 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll

+ 2010-06-12 04:16 . 2010-06-12 04:16 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ca898d942e4d85af4c3d5f14a77c359a\PresentationFramework.ni.dll

+ 2010-06-12 04:15 . 2010-06-12 04:15 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ba8f917fd89d7afa8885c2a326379f03\PresentationCore.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\steam\steam.exe" [2006-01-01 1238352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-14 125632]

"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\William Trantham\Start Menu\Programs\Startup\

Snapfish Picture Mover.lnk - c:\program files\Snapfish Picture Mover\SnapfishPictureMover.exe [2007-1-30 442368]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Snapfish Picture Mover.lnk - c:\program files\Snapfish Picture Mover\SnapfishPictureMover.exe [2007-1-30 442368]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk

backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer WLAN 11g USB Dongle.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer WLAN 11g USB Dongle.lnk

backup=c:\windows\pss\Acer WLAN 11g USB Dongle.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk

backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk

backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^William Trantham^Start Menu^Programs^Startup^PMB Media Check Tool.lnk]

path=c:\documents and settings\William Trantham\Start Menu\Programs\Startup\PMB Media Check Tool.lnk

backup=c:\windows\pss\PMB Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]

Alaunch [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]

2006-04-19 03:54 49152 ----a-w- c:\windows\system32\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]

2010-06-09 01:54 864112 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]

2000-08-22 17:20 32768 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DACSMiniApp]

2008-03-13 16:05 128256 ----a-w- c:\program files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-09-29 22:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]

2006-04-29 00:43 401408 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

2003-12-22 16:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-02-17 04:11 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2003-12-04 12:44 176128 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]

2004-02-02 08:41 495616 ----a-w- c:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]

2003-11-12 13:23 49152 ----a-w- c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPIJetSend]

2000-08-22 17:24 585728 ----a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImageItEncrypt]

2005-12-30 22:02 40960 ----a-w- c:\windows\system32\ImageItEncrypt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2004-08-10 20:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

2004-08-10 20:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]

2005-05-12 01:15 45056 ----a-w- c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2004-08-10 20:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2004-08-10 20:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2004-11-03 03:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2005-06-07 02:40 544768 ----a-w- c:\windows\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2005-09-22 16:42 90112 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2006-01-01 04:36 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall Adobe Download Manager]

2010-03-29 12:51 68000 ----a-w- c:\program files\NOS\bin\getPlus_Helper.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Hewlett-Packard\\PhotoSmart\\Photo Imaging\\Hpi_JetSend.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Steam\\steamapps\\trantwd\\half-life 2 deathmatch\\hl2.exe"=

"c:\\Program Files\\Steam\\steamapps\\trantwd\\zombie panic! source\\hl2.exe"=

"c:\\Program Files\\Steam\\steamapps\\trantwd\\insurgency\\hl2.exe"=

"c:\\Program Files\\Steam\\steam.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Steam\\steamapps\\trantwd\\half-life\\hl.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\r.u.s.e. beta\\Ruse.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/8/2010 9:55 PM 64288]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 8:02 PM 102448]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352320]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 7:48 PM 116416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2010-06-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 01:54]

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

DPF: {1FA44E01-A60B-4449-BF97-66CDAA200433} - hxxps://mysmartoffice2.ez-data.com/downloads/SOConfig6.cab

DPF: {D22621D3-E219-4B03-AF3E-5E8AEF7CC70B} - hxxps://mysmartoffice2.ez-data.com/downloads/SmartOfficeLink6.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-12 06:17

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-659982787-1598851146-1861264994-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

- - - - - - - > 'lsass.exe'(852)

c:\windows\system32\nvappfilter.dll

.

Completion time: 2010-06-12 06:18:54

ComboFix-quarantined-files.txt 2010-06-12 10:18

ComboFix2.txt 2010-06-12 03:49

Pre-Run: 61,433,925,632 bytes free

Post-Run: 61,427,425,280 bytes free

- - End Of File - - 38B27B7E16A669CFD0F1278D32D66CC8

Maniac · June 12, 2010

Please read the following through carefully so that you understand what to do.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
It may ask you to reboot the computer to complete the process. Allow it to do so.
When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

franki · June 12, 2010

i have completed the requested scan.

06:39:03:093 3700 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

06:39:03:093 3700 ================================================================================

06:39:03:093 3700 SystemInfo:

06:39:03:093 3700 OS Version: 5.1.2600 ServicePack: 3.0

06:39:03:093 3700 Product type: Workstation

06:39:03:093 3700 ComputerName: ACER-A7A471A2C7

06:39:03:093 3700 UserName: William Trantham

06:39:03:093 3700 Windows directory: C:\WINDOWS

06:39:03:093 3700 Processor architecture: Intel x86

06:39:03:093 3700 Number of processors: 2

06:39:03:093 3700 Page size: 0x1000

06:39:03:093 3700 Boot type: Normal boot

06:39:03:093 3700 ================================================================================

06:39:03:312 3700 Initialize success

06:39:03:312 3700

06:39:03:312 3700 Scanning Services ...

06:39:03:421 3700 Raw services enum returned 376 services

06:39:03:421 3700

06:39:03:421 3700 Scanning Drivers ...

06:39:04:015 3700 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

06:39:04:046 3700 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

06:39:04:093 3700 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

06:39:04:140 3700 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

06:39:04:187 3700 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys

06:39:04:343 3700 ALCXWDM (93f93a8e3e14cbbf1ce9a5af1a70c095) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

06:39:04:406 3700 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

06:39:04:453 3700 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

06:39:04:531 3700 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

06:39:04:578 3700 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

06:39:04:765 3700 ati2mtag (e43a7639be410b67059e48d3dd0ad405) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

06:39:04:953 3700 AtiHdmiService (d9bc8892b9440a2551b8148c57aa039e) C:\WINDOWS\system32\drivers\AtiHdmi.sys

06:39:05:000 3700 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

06:39:05:046 3700 audstub (55f9fe9cf703607a5ffd7d46687bac57) C:\WINDOWS\system32\DRIVERS\audstub.sys

06:39:05:093 3700 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

06:39:05:265 3700 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

06:39:05:328 3700 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

06:39:05:375 3700 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

06:39:05:437 3700 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

06:39:05:500 3700 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

06:39:05:562 3700 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

06:39:05:625 3700 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

06:39:05:640 3700 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

06:39:05:671 3700 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

06:39:05:687 3700 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

06:39:05:796 3700 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

06:39:05:812 3700 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

06:39:05:937 3700 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

06:39:05:968 3700 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

06:39:05:984 3700 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

06:39:06:000 3700 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

06:39:06:046 3700 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

06:39:06:093 3700 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

06:39:06:125 3700 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

06:39:06:156 3700 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

06:39:06:218 3700 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

06:39:06:234 3700 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

06:39:06:281 3700 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

06:39:06:296 3700 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

06:39:06:343 3700 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

06:39:06:390 3700 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

06:39:06:453 3700 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

06:39:06:484 3700 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

06:39:06:593 3700 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys

06:39:06:640 3700 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

06:39:06:656 3700 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

06:39:06:703 3700 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

06:39:06:734 3700 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

06:39:06:781 3700 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

06:39:06:843 3700 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

06:39:06:859 3700 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

06:39:06:890 3700 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys

06:39:06:937 3700 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

06:39:06:953 3700 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

06:39:06:968 3700 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

06:39:07:000 3700 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys

06:39:07:046 3700 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

06:39:07:078 3700 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

06:39:07:109 3700 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

06:39:07:156 3700 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

06:39:07:171 3700 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

06:39:07:218 3700 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

06:39:07:265 3700 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

06:39:07:312 3700 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

06:39:07:343 3700 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

06:39:07:390 3700 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

06:39:07:406 3700 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

06:39:07:437 3700 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

06:39:07:468 3700 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

06:39:07:515 3700 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

06:39:07:531 3700 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

06:39:07:562 3700 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

06:39:07:593 3700 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

06:39:07:640 3700 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

06:39:07:781 3700 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100611.003\naveng.sys

06:39:07:828 3700 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100611.003\navex15.sys

06:39:07:921 3700 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

06:39:07:953 3700 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

06:39:07:968 3700 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

06:39:07:984 3700 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

06:39:08:015 3700 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

06:39:08:046 3700 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

06:39:08:078 3700 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

06:39:08:125 3700 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

06:39:08:140 3700 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

06:39:08:171 3700 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

06:39:08:187 3700 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys

06:39:08:203 3700 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

06:39:08:250 3700 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys

06:39:08:281 3700 nvatabus (11d1ad7e946538e02f9ef6a6e1792061) C:\WINDOWS\system32\drivers\nvatabus.sys

06:39:08:328 3700 NVENETFD (b9333604527e02cd2223f200c0bae7e0) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

06:39:08:375 3700 nvnetbus (5e9e55f7ee644c7c5fd78a206fbe37ab) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

06:39:08:390 3700 nvraid (3bc8b9d8a744df75698fe35d52f18a0a) C:\WINDOWS\system32\drivers\nvraid.sys

06:39:08:421 3700 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

06:39:08:437 3700 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

06:39:08:453 3700 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

06:39:08:484 3700 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

06:39:08:500 3700 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

06:39:08:531 3700 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

06:39:08:546 3700 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

06:39:08:578 3700 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

06:39:08:593 3700 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

06:39:08:734 3700 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

06:39:10:953 3700 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys

06:39:11:375 3700 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

06:39:11:812 3700 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

06:39:12:250 3700 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

06:39:12:531 3700 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

06:39:12:609 3700 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

06:39:12:843 3700 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

06:39:12:875 3700 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

06:39:12:906 3700 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

06:39:12:953 3700 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

06:39:12:984 3700 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

06:39:13:031 3700 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

06:39:13:078 3700 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

06:39:13:125 3700 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

06:39:13:171 3700 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

06:39:13:203 3700 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

06:39:13:281 3700 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys

06:39:13:296 3700 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

06:39:13:343 3700 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

06:39:13:375 3700 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

06:39:13:406 3700 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

06:39:13:437 3700 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

06:39:13:500 3700 smserial (544763e5ef4d8ef4c880bdfa7b7c5383) C:\WINDOWS\system32\DRIVERS\smserial.sys

06:39:13:546 3700 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

06:39:13:656 3700 SPBBCDrv (ef9760a364d836a0ce6149ebdf71524d) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

06:39:13:687 3700 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

06:39:13:734 3700 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

06:39:13:781 3700 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

06:39:13:812 3700 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

06:39:13:859 3700 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

06:39:13:937 3700 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

06:39:13:968 3700 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

06:39:14:015 3700 SYMREDRV (626f733be7f951116c5c0804b068666c) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

06:39:14:078 3700 SYMTDI (cb7cc4ddbe09e224d4cd876760ba982c) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

06:39:14:140 3700 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

06:39:14:171 3700 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

06:39:14:187 3700 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

06:39:14:218 3700 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

06:39:14:250 3700 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

06:39:14:312 3700 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys

06:39:14:328 3700 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

06:39:14:375 3700 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

06:39:14:421 3700 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

06:39:14:437 3700 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

06:39:14:468 3700 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

06:39:14:484 3700 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

06:39:14:500 3700 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

06:39:14:546 3700 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

06:39:14:578 3700 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

06:39:14:593 3700 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

06:39:14:625 3700 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

06:39:14:656 3700 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

06:39:14:687 3700 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

06:39:14:734 3700 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

06:39:14:750 3700 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

06:39:14:781 3700 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

06:39:14:812 3700 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

06:39:14:843 3700 ZD1211BU(ZyDAS) (478b4415dfb3a45b6fe61ec781e07d7b) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys

06:39:14:890 3700 ZD1211U(ZyDAS) (3c185892dd5c13975966e8d1c2a65290) C:\WINDOWS\system32\DRIVERS\zd1211u.sys

06:39:14:906 3700 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys

06:39:14:906 3700

06:39:14:906 3700 Completed

06:39:14:921 3700

06:39:14:921 3700 Results:

06:39:14:921 3700 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

06:39:14:921 3700 File objects infected / cured / cured on reboot: 0 / 0 / 0

06:39:14:921 3700

06:39:14:921 3700 KLMD(ARK) unloaded successfully

Maniac · June 12, 2010

Still redirect?

franki · June 12, 2010

Still redirect?

i have not gotten a redirect yet but I am still getting virus notices from norton av that i have backdoor trojans on my system. it is showing they are on one of my system restore points. i am going to disable system restore and do a full scan with norton.

i would be happy to compile the log and post what norton av is showing me but i don't know how to compile a log from norton

i really appreciate your help.

Maniac · June 12, 2010

Yes, it should work. Just let me know about how are things.

franki · June 12, 2010

Should I delete the diagnostic tools I downloaded to help with this infection so my AV program stops reporting them as trojans when I do a virus scan? And if I should remove them is there a command to do so that won't cause problems with my computer?

I have combofix (ran it once before I should have before contacting you via this forum), combo-fix and tdsskiller on my computer. Norton was showing a program in a folder called Qoobox as a trojan. I know that this is a false positive but I don't want to mess up anything on my system by removing something I should not.

Thanks.

Also, the scan of the computer with system restore turned off did not show any further trojan activity.

Maniac · June 12, 2010

Step 1

* Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step 2

Please manually delete TDSSKiller.

Step 3

Some malware preventions:

http://miekiemoes.blogspot.com/2008/02/how...nt-malware.html

Safe surfing!

franki · June 12, 2010

Thank you very kindly for your help. My system appears to be running fine now. I will post in a new topic if things change. This appears to have taken care of my browser redirects.

Once again, thank you very much for your time and help.

Maniac · June 12, 2010

You're welcome!

Malware Is Causing Browser Re-Directs Please Help

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information