Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Cid Popups


  • Please log in to reply
12 replies to this topic

#1 Cyrus420

Cyrus420

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 11 September 2008 - 07:52 PM

Everytime my Internet Explorer or Mozilla is open, I get flooded by CiD popups. I have to use Opera in order to navigate freely.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:47, on 2008-09-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\All Users\Application Data\xspaboxc\pwdsrmha.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\pepgfeta.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Opera 9\Opera.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\Winamp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [6c4efb0c] rundll32.exe "C:\WINDOWS\system32\vlgeukay.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [inter the] C:\DOCUME~1\HP_ADM~1\APPLIC~1\PLAYSE~1\Default Heck.exe
O4 - HKCU\..\Run: [oogljutc] C:\WINDOWS\system32\pepgfeta.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Jk7L9m0e6b] C:\Documents and Settings\All Users\Application Data\xspaboxc\pwdsrmha.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Link Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Download List Of Files Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_list.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS/Podcast Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.blogtv.ca//chatobject/launcher.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3D752E2-77C7-471A-9CA0-06D8604C0083}: NameServer = 24.200.241.37,24.201.245.77
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SageTV - SageTV, LLC - C:\Program Files\SageTV\SageTV\SageTVService.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 14074 bytes

Thanks!

BC AdBot (Login to Remove)

 


m

#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 12 September 2008 - 06:36 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.

Post that in your next reply with a fresh HijackThis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 Cyrus420

Cyrus420
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 19 September 2008 - 09:44 AM

HERE IS THE COMBOFIX LOG
ComboFix 08-09-16.05 - HP_Administrator 2008-09-19 10:27:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.532 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@insightexpressai[2].txt
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-08-19 to 2008-09-19 )))))))))))))))))))))))))))))))
.

2008-09-17 12:33 . 2008-09-17 13:20 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-17 12:30 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-09-17 12:30 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-11 20:50 . 2008-09-11 20:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-09 19:23 . 2008-09-09 19:28 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport
2008-09-01 22:28 . 2008-09-01 22:28 111,168 --a------ C:\WINDOWS\system32\vlrwofsh.dll
2008-09-01 22:28 . 2008-09-01 22:28 111,168 --a------ C:\WINDOWS\system32\psghmo.dll
2008-08-25 10:09 . 2008-08-25 11:36 3,284 --a------ C:\WINDOWS\system32\ANIWZCS{0FD9E6CE-4D6B-4183-93EC-92DDA0F79E25}
2008-08-21 19:25 . 2008-08-21 19:25 <DIR> d-------- C:\Program Files\DIFX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 04:00 --------- d-----w C:\Program Files\mIRC
2008-09-18 11:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-17 22:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-09-17 16:09 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2008-09-15 17:36 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-03 22:24 --------- d-----w C:\Program Files\FlashFXP
2008-08-30 05:23 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\SWiSHvideo
2008-08-25 04:58 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\dvdcss
2008-08-22 18:14 --------- d-----w C:\Program Files\Steam
2008-08-18 15:14 3,532 ----a-w C:\drmHeader.bin
2008-08-18 05:01 --------- d-----w C:\Program Files\QuickTime Alternative
2008-08-18 05:01 --------- d-----w C:\Program Files\Media Player Classic
2008-08-18 05:01 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-08-18 05:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-18 04:50 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\U3
2008-08-18 04:30 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\MPEG Streamclip
2008-08-15 04:28 111,680 ----a-w C:\WINDOWS\system32\blibcxra.dll
2008-08-15 04:28 111,680 ----a-w C:\WINDOWS\system32\aeeqvz.dll
2008-08-14 04:26 111,168 ----a-w C:\WINDOWS\system32\qeovvn.dll
2008-08-14 04:26 111,168 ----a-w C:\WINDOWS\system32\jvgjfhbn.dll
2008-08-14 03:51 --------- d-----w C:\Program Files\iTunes
2008-08-14 03:51 --------- d-----w C:\Program Files\iPod
2008-08-14 03:47 --------- d-----w C:\Program Files\Bonjour
2008-08-14 03:39 --------- d-----w C:\Program Files\Apple Software Update
2008-08-14 01:20 111,168 ----a-w C:\WINDOWS\system32\xaxhun.dll
2008-08-14 01:20 111,168 ----a-w C:\WINDOWS\system32\uvrnstcp.dll
2008-08-13 01:20 111,168 ----a-w C:\WINDOWS\system32\ofzyif.dll
2008-08-13 01:20 111,168 ----a-w C:\WINDOWS\system32\hyjxniuj.dll
2008-08-12 01:20 111,168 ----a-w C:\WINDOWS\system32\vcybsx.dll
2008-08-12 01:20 111,168 ----a-w C:\WINDOWS\system32\abihwuhl.dll
2008-08-10 22:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-10 22:04 --------- d-----w C:\Program Files\Dark Basic Software
2008-08-09 22:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-09 22:37 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2008-08-08 22:11 111,680 ----a-w C:\WINDOWS\system32\mnqmfi.dll
2008-08-08 22:11 111,680 ----a-w C:\WINDOWS\system32\cqlrahvr.dll
2008-08-07 11:09 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Vso
2008-08-06 22:07 111,168 ----a-w C:\WINDOWS\system32\ymauff.dll
2008-08-06 22:07 111,168 ----a-w C:\WINDOWS\system32\fxumlwhb.dll
2008-08-02 01:54 111,680 ----a-w C:\WINDOWS\system32\xhejnwrc.dll
2008-08-02 01:54 111,680 ----a-w C:\WINDOWS\system32\njiqfi.dll
2008-07-30 01:54 111,680 ----a-w C:\WINDOWS\system32\xplhgp.dll
2008-07-30 01:54 111,680 ----a-w C:\WINDOWS\system32\eiqrqyog.dll
2008-07-29 01:52 111,680 ----a-w C:\WINDOWS\system32\xbmmpt.dll
2008-07-29 01:52 111,680 ----a-w C:\WINDOWS\system32\bjfmefwp.dll
2008-07-29 00:52 111,680 ----a-w C:\WINDOWS\system32\juhxrqrc.dll
2008-07-29 00:52 111,680 ----a-w C:\WINDOWS\system32\fstrgp.dll
2008-07-25 00:44 111,168 ----a-w C:\WINDOWS\system32\yojpvjls.dll
2008-07-25 00:44 111,168 ----a-w C:\WINDOWS\system32\jrwiww.dll
2008-07-24 05:54 111,680 ----a-w C:\WINDOWS\system32\ulimjcew.dll
2008-07-24 05:54 111,680 ----a-w C:\WINDOWS\system32\iaxdnv.dll
2008-07-23 05:51 111,680 ----a-w C:\WINDOWS\system32\tocdan.dll
2008-07-23 05:51 111,680 ----a-w C:\WINDOWS\system32\qdwgfbsq.dll
2008-07-21 05:48 111,680 ----a-w C:\WINDOWS\system32\xxveot.dll
2008-07-21 05:48 111,680 ----a-w C:\WINDOWS\system32\hyfwevxp.dll
2008-07-20 05:48 111,680 ----a-w C:\WINDOWS\system32\mngpht.dll
2008-07-20 05:48 111,680 ----a-w C:\WINDOWS\system32\cqrmalgw.dll
2008-07-10 15:00 111,680 ----a-w C:\WINDOWS\system32\tsevvxrw.dll
2008-07-10 15:00 111,680 ----a-w C:\WINDOWS\system32\rmrnve.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 14:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-05-11 14:59 47,360 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys
2007-11-21 05:56 81,920 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\ezpinst.exe
2007-08-16 05:37 74,904 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-02-20 05:38 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-09-17_12.37.53.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-26 11:48:44 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
+ 2008-07-07 20:06:43 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
+ 2006-08-16 12:08:32 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
- 2007-07-18 07:02:05 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-09-17 16:34:40 69,120 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2007-07-18 07:02:12 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-09-17 16:35:13 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2007-07-18 07:02:13 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-09-17 16:33:25 4,444,160 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-07-18 07:02:14 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-09-17 16:35:26 483,840 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-07-18 07:02:10 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-09-17 16:34:12 3,036,160 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2007-07-18 07:02:01 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-09-17 16:35:40 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-07-18 07:02:01 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-09-17 16:35:40 113,664 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2007-07-18 07:02:18 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-09-17 16:35:15 261,120 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2007-07-18 07:02:07 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-09-17 16:34:02 5,431,296 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-07-18 07:02:04 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-09-17 16:34:30 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2007-07-18 07:02:01 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-09-17 16:34:06 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2007-07-18 07:02:02 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-09-17 16:34:38 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2007-07-18 07:02:11 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-09-17 16:34:54 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-07-18 07:02:12 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-09-17 16:35:02 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-07-18 07:02:12 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-09-17 16:35:03 6,656 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2007-07-18 07:02:03 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-09-17 16:35:44 348,160 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2007-07-18 07:02:03 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-09-17 16:35:46 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2007-07-18 07:02:04 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-09-17 16:35:51 655,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2007-07-18 07:02:04 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-09-17 16:35:54 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2007-07-18 07:02:03 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-09-17 16:35:07 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-07-18 07:02:19 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-09-17 16:34:58 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-07-18 07:02:19 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-09-17 16:34:51 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2007-07-18 07:02:00 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-09-17 16:35:29 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2007-07-18 07:02:19 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-09-17 16:34:47 671,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-07-18 07:02:20 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-09-17 16:33:43 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2007-07-18 07:02:01 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-09-17 16:35:35 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-07-18 07:02:00 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-09-17 16:34:44 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2007-07-18 07:02:00 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-09-17 16:34:42 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2007-07-18 07:02:16 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-09-17 16:35:08 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2007-07-18 07:02:05 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-09-17 16:35:10 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2007-07-18 07:02:16 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-09-17 16:34:09 425,984 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2007-07-18 07:02:15 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-09-17 16:34:15 741,376 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2007-07-18 07:02:02 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-09-17 16:34:19 933,888 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2007-07-18 07:02:11 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-09-17 16:35:57 5,070,848 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-07-18 07:02:06 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-09-17 16:35:48 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2007-07-18 07:02:06 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-09-17 16:34:32 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-07-18 07:02:06 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-09-17 16:35:32 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2007-07-18 07:02:17 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-09-17 16:33:47 630,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-07-18 07:02:15 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-09-17 16:35:37 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-07-18 07:02:18 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-09-17 16:35:30 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-07-18 07:02:15 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-09-17 16:35:21 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-07-18 07:02:16 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-09-17 16:35:17 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-07-18 07:02:05 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-09-17 16:33:51 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-07-18 07:02:07 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-09-17 16:33:53 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-07-18 07:02:18 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-09-17 16:34:26 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-07-18 07:02:08 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-09-17 16:34:28 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-07-18 07:02:08 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-09-17 16:34:24 839,680 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-07-18 07:02:09 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-09-17 16:34:35 5,013,504 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-07-18 07:02:09 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-09-17 16:33:58 2,068,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2007-07-18 07:02:17 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-09-17 16:34:21 3,076,096 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-09-17 16:44:51 27,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
+ 2008-09-17 16:45:10 884,736 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
+ 2008-09-17 16:46:49 503,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\373d5acced35e392e1f413a69042340d\ComSvcConfig.ni.exe
+ 2008-09-17 16:58:44 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
+ 2008-09-17 16:46:45 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
+ 2008-09-17 16:58:46 876,544 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
+ 2008-09-17 16:58:47 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2008-09-17 16:58:56 1,695,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
+ 2008-09-17 16:58:56 167,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
+ 2008-09-17 16:56:22 1,114,112 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\019a85babfbe02cecdbb63a65d391aba\Microsoft.Transactions.Bridge.ni.dll
+ 2008-09-17 16:56:25 401,408 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\cb8d7b6cc6827e9f2d66c4d7ef9b5d54\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2008-09-17 16:59:06 1,740,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
+ 2008-09-17 16:57:18 17,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\cd0730694ba5927a6efd32129783e1b4\Microsoft.VisualC.ni.dll
+ 2008-09-17 16:41:33 11,722,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
+ 2008-09-17 16:59:10 1,564,672 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\41bd82648d480ec304ea0c04034787bc\PresentationBuildTasks.ni.dll
+ 2008-09-17 16:58:43 40,448 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\9385f2c37b2e00e06ec3f57153f63a2d\PresentationCFFRasterizer.ni.dll
+ 2008-09-17 16:57:52 11,980,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\7e413273e9d6710be8a39dcce2e45c2c\PresentationCore.ni.dll
+ 2008-09-17 16:56:55 48,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\599806acdd6dc0aeed19ebf9d622dcad\PresentationFontCache.ni.exe
+ 2008-09-17 17:00:38 552,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0766df362854f0330a4a45179773657e\PresentationFramework.Luna.ni.dll
+ 2008-09-17 17:00:39 274,432 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8aaa2b56f733902cc1ba9d8300d2a0e3\PresentationFramework.Royale.ni.dll
+ 2008-09-17 17:00:36 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d87c2740add3b0f86833159ce57c71ec\PresentationFramework.Classic.ni.dll
+ 2008-09-17 17:00:07 14,659,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\de20226274a5739a4b42d8e26b546180\PresentationFramework.ni.dll
+ 2008-09-17 17:00:35 393,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e389aa7f3dd4eb1ee585724f130a79cb\PresentationFramework.Aero.ni.dll
+ 2008-09-17 17:00:15 1,986,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI\f97ac4e9c402e98d2b5b7114e4fbbd2a\PresentationUI.ni.dll
+ 2008-09-17 17:00:22 2,416,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework\1fe0f79dd0d47e4d1eb474f98a1949fb\ReachFramework.ni.dll
+ 2008-09-17 16:56:31 139,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\0bcc4abbe0c5c3feeda7f711304ac4a0\ServiceModelReg.ni.exe
+ 2008-09-17 16:56:33 286,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\5e3765ee346151c26a3793ddf3a8d6d7\SMDiagnostics.ni.dll
+ 2008-09-17 16:56:39 323,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\c6f33f28f5bb403981ac148da447e3c5\SMSvcHost.ni.exe
+ 2008-09-17 17:00:54 262,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sysglobl\6a075eb8e0f13de87d1278aa8562d51e\sysglobl.ni.dll
+ 2008-09-17 16:57:12 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c46625ea87db53ccf6194fe17ee05c19\System.Configuration.Install.ni.dll
+ 2008-09-17 16:57:02 1,011,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
+ 2008-09-17 16:58:40 1,183,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1abdb47765d0696a2fc0a1095bac0249\System.Data.OracleClient.ni.dll
+ 2008-09-17 16:57:10 2,756,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504af41afab5e04681af951d9b302\System.Data.SqlXml.ni.dll
+ 2008-09-17 16:42:17 7,049,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
+ 2008-09-17 16:57:17 1,798,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
+ 2008-09-17 16:42:48 10,969,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll
+ 2008-09-17 16:57:58 1,224,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
+ 2008-09-17 16:58:42 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
+ 2008-09-17 16:42:52 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll
+ 2008-09-17 16:42:51 1,667,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
+ 2008-09-17 16:57:56 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
+ 2008-09-17 16:57:56 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2008-09-17 16:45:23 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\dd8f551c39409fa95b0c22cf2ee48b65\System.IdentityModel.Selectors.ni.dll
+ 2008-09-17 16:45:21 978,944 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\581d8571e61ebe24154ae912624c3c9d\System.IdentityModel.ni.dll
+ 2008-09-17 16:45:25 417,792 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\86cd41998dc72b213d9464b56fe245b9\System.IO.Log.ni.dll
+ 2008-09-17 17:03:01 655,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Messaging\00e3750e478bac4913ee7a6c3b7cd392\System.Messaging.ni.dll
+ 2008-09-17 17:00:25 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing\690a965457e274ad13f6b1f9ac2bad4e\System.Printing.ni.dll
+ 2008-09-17 16:58:01 815,104 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0898f6c1de8cb89413d206e3d6a3ce1d\System.Runtime.Remoting.ni.dll
+ 2008-09-17 16:57:14 339,968 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5cf8178029f5b959a9af75cb8cfedb\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2008-09-17 16:45:32 2,351,104 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c4838d300f677f34c9d44ead84b8603b\System.Runtime.Serialization.ni.dll
+ 2008-09-17 16:57:11 733,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
+ 2008-09-17 16:46:31 17,354,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7a2bc3302a133e235ec99193c56a0571\System.ServiceModel.ni.dll
+ 2008-09-17 16:56:59 233,472 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
+ 2008-09-17 17:00:53 2,039,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\d38908d5c6a11dd7dceaf9bd34adb437\System.Speech.ni.dll
+ 2008-09-17 16:57:54 679,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
+ 2008-09-17 17:01:06 2,342,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2008-09-17 16:58:41 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
+ 2008-09-17 16:58:32 1,986,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
+ 2008-09-17 16:58:27 12,509,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
+ 2008-09-17 16:43:16 13,193,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
+ 2008-09-17 17:02:01 2,994,176 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\5e0df5685ce40f838eea52a5f1454b68\System.Workflow.Activities.ni.dll
+ 2008-09-17 17:02:34 4,587,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\2689e361e42d0bb9e3d19f1ecd30c26a\System.Workflow.ComponentModel.ni.dll
+ 2008-09-17 17:02:58 2,093,056 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\41b6c3a0c115c43c53697efa1607fe49\System.Workflow.Runtime.ni.dll
+ 2008-09-17 16:43:30 5,771,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
+ 2008-09-17 16:41:59 8,265,728 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
+ 2008-09-17 17:03:41 483,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\f61803ded1c123ed9ed5849e7dcebf25\UIAutomationClient.ni.dll
+ 2008-09-17 17:03:43 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\679889309b57024e8abbe80c6c7d48bc\UIAutomationClientsideProviders.ni.dll
+ 2008-09-17 16:58:42 50,688 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\9865738a916ad3664dd374582b9ea873\UIAutomationProvider.ni.dll
+ 2008-09-17 16:58:42 196,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\71605ce631809dcbfba38842fdf59acf\UIAutomationTypes.ni.dll
+ 2008-09-17 16:57:25 3,260,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\50652bfd061ead84841e6c9bfffacfb1\WindowsBase.ni.dll
+ 2008-09-17 17:03:52 270,336 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\2c96738a6ba8ff9e88889f331590e181\WindowsFormsIntegration.ni.dll
+ 2008-09-17 16:56:42 380,928 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\02436080d129210828823210ce879fd8\WsatConfig.ni.exe
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll
+ 2008-03-01 13:06:21 347,136 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll
+ 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
+ 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2008-03-01 22:36:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll
+ 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll
+ 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll
+ 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll
+ 2008-03-01 13:06:29 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll
+ 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
- 2005-09-23 11:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2007-10-24 05:47:38 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
- 2005-09-23 11:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2007-10-24 05:47:38 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
- 2005-09-23 11:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2007-10-24 05:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2005-09-23 11:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2007-10-24 05:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
- 2005-09-23 11:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
+ 2007-10-24 05:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
- 2005-09-23 11:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2007-10-24 05:47:38 97,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
- 2005-09-23 11:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2007-10-24 05:47:26 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
- 2005-09-23 11:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2007-10-24 05:47:30 145,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
- 2005-09-23 11:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2007-10-24 05:47:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2005-09-23 11:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2007-10-24 05:47:48 193,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
- 2005-09-23 11:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2007-10-24 05:47:20 218,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2005-09-23 11:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2007-10-24 05:47:40 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2005-09-23 11:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2007-10-24 05:47:42 147,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
- 2005-09-23 11:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2007-10-24 05:47:26 99,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2007-04-13 07:21:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2007-10-24 05:47:42 59,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- 2005-09-23 11:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2007-10-24 05:47:22 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2007-04-13 07:20:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-10-24 05:47:22 22,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2007-04-13 07:20:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-10-24 05:47:22 17,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2007-04-13 07:20:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-10-24 05:47:22 33,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
- 2007-04-13 07:20:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-10-24 05:47:22 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2005-09-23 11:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2007-10-24 05:47:22 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- 2007-04-13 07:20:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-10-24 05:47:22 32,776 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2005-09-23 11:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2007-10-24 05:47:22 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2007-04-13 07:20:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-10-24 05:47:22 33,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- 2007-04-13 07:20:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-10-24 05:47:22 33,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2007-04-13 07:20:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-10-24 05:47:22 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 11:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2007-10-24 05:47:40 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2007-04-13 07:21:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2007-10-24 05:47:40 101,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
- 2005-09-23 11:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2007-10-24 05:47:30 80,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
- 2005-09-23 11:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2007-10-24 05:47:30 1,162,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
- 2005-09-23 11:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2007-10-24 05:47:30 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2005-09-23 11:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2007-10-24 05:47:42 27,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 11:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2007-10-24 05:47:40 69,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
- 2005-09-23 11:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2007-10-24 05:47:30 35,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- 2005-09-23 11:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2007-10-24 05:47:28 66,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
- 2007-04-13 07:20:58 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2007-10-24 05:47:28 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2005-09-23 11:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2007-10-24 05:47:54 572,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2005-09-23 11:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2007-10-24 05:47:40 798,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
- 2005-09-23 11:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2007-10-24 05:47:36 18,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
- 2007-04-13 07:21:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2007-10-24 05:47:40 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 11:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2007-10-24 05:47:40 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 11:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2007-10-24 05:47:40 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2005-09-23 11:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2007-10-24 05:47:40 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2007-04-13 07:21:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-10-24 05:47:40 230,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2007-04-13 07:21:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2007-10-24 05:47:40 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 11:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2007-10-24 05:47:40 65,032 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 11:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2007-10-24 05:47:40 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2005-09-23 11:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2007-10-24 05:47:34 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2007-04-13 07:21:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2007-10-24 05:47:36 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2005-09-23 11:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2007-10-24 05:47:36 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2007-04-13 07:21:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2007-10-24 05:47:36 655,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2005-09-23 11:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2007-10-24 05:47:36 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2007-04-13 07:21:08 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2007-10-24 05:47:34 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2005-09-23 11:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2007-10-24 05:47:52 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2005-09-23 11:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2007-10-24 05:47:52 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 11:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2007-10-24 05:47:50 671,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2005-09-23 11:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2007-10-24 05:47:20 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2005-09-23 11:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2007-10-24 05:47:52 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2005-09-23 11:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2007-10-24 05:47:20 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 11:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-10-24 05:47:20 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 11:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2007-10-24 05:47:20 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2007-04-13 07:20:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2007-10-24 05:47:22 97,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 11:28:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2007-10-24 05:47:36 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2007-04-13 07:21:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2007-10-24 05:47:40 822,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2005-09-23 11:28:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2007-10-24 05:47:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2005-09-23 11:28:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2007-10-24 05:47:40 308,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
- 2007-04-13 07:21:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2007-10-24 05:47:40 47,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
- 2007-04-13 07:21:16 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2007-10-24 05:47:40 348,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2005-09-23 11:28:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2007-10-24 05:47:40 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
- 2007-04-13 07:21:16 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-10-24 05:47:40 4,444,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2007-04-13 07:21:16 102,912 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2007-10-24 05:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
- 2005-09-23 11:29:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2007-10-24 05:47:44 340,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
- 2005-09-23 11:28:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2007-10-24 05:47:40 77,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
- 2005-09-23 11:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2007-10-24 05:47:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
- 2007-04-13 07:21:18 227,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-10-24 05:47:40 242,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
- 2007-04-13 07:21:18 68,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2007-10-24 05:47:40 70,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2005-09-23 11:28:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2007-10-24 05:47:40 19,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
- 2007-04-13 07:21:12 5,634,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2007-10-24 05:47:36 5,814,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2005-09-23 11:29:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2007-10-24 05:47:44 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
- 2007-04-13 07:21:16 99,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-10-24 05:47:40 101,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- 2007-04-13 07:21:18 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2007-10-24 05:47:40 24,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2005-09-23 11:28:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2007-10-24 05:47:40 89,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
- 2007-04-13 07:21:12 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2007-10-24 05:47:36 144,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
- 2005-09-23 11:28:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2007-10-24 05:47:40 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 11:28:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2007-10-24 05:47:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 11:29:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2007-10-24 05:47:46 61,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 11:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2007-10-24 05:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2005-09-23 11:28:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2007-10-24 05:47:40 119,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
- 2005-09-23 11:29:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2007-10-24 05:47:44 95,232 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
- 2007-04-13 07:21:18 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2007-10-24 05:47:40 392,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2007-04-13 07:21:18 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2007-10-24 05:47:40 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2007-04-13 07:21:18 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2007-10-24 05:47:42 425,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 11:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2007-10-24 05:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2007-04-13 07:21:16 2,902,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-10-24 05:47:40 3,036,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
- 2007-04-13 07:21:18 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-10-24 05:47:40 483,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
- 2007-04-13 07:21:18 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-10-24 05:47:40 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
- 2007-04-13 07:20:58 888,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2007-10-24 05:47:28 933,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
- 2007-04-13 07:21:16 5,001,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2007-10-24 05:47:40 5,070,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2005-09-23 11:28:56 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2007-10-24 05:47:40 401,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
- 2007-04-13 07:21:18 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-10-24 05:47:40 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2007-04-13 07:21:16 2,940,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2007-10-24 05:47:40 3,076,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2005-09-23 11:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2007-10-24 05:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2007-04-13 07:21:16 577,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2007-10-24 05:47:40 630,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2007-04-13 07:21:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-10-24 05:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2007-04-13 07:21:18 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2007-10-24 05:47:40 57,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2007-04-13 07:21:18 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2007-10-24 05:47:40 113,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2007-04-13 07:21:16 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2007-10-24 05:47:40 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
- 2005-09-23 11:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2007-10-24 05:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2007-04-13 07:21:16 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2007-10-24 05:47:40 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 11:28:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-10-24 05:47:40 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
- 2005-09-23 11:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2007-10-24 05:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 11:28:56 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2007-10-24 05:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2007-04-13 07:21:18 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2007-10-24 05:47:40 261,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2007-04-13 07:21:16 5,156,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2007-10-24 05:47:40 5,431,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2005-09-23 11:28:56 835,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2007-10-24 05:47:40 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
- 2005-09-23 11:28:56 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2007-10-24 05:47:40 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
- 2005-09-23 11:28:56 823,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2007-10-24 05:47:40 839,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
- 2007-04-13 07:21:16 5,152,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2007-10-24 05:47:40 5,013,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2007-04-13 07:21:16 2,027,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2007-10-24 05:47:40 2,068,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
- 2005-09-23 11:28:56 71,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2007-10-24 05:47:40 81,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
- 2007-04-13 07:21:28 1,166,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2007-10-24 05:47:48 1,172,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- 2007-04-13 07:20:50 1,330,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2007-10-24 05:47:20 1,344,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
- 2007-04-13 07:20:52 406,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2007-10-24 05:47:22 434,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2005-09-23 11:28:56 28,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2007-10-24 05:47:40 37,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2005-09-23 11:28:38 83,456 ----a-w C:\WINDOWS\system32\dfshim.dll
+ 2007-10-24 05:47:28 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2004-08-10 12:00:00 561,179 ----a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 ----a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 16:57:27 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-06-23 16:57:29 383,488 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-06-23 16:57:33 6,066,176 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-06-23 16:57:33 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-10 12:00:00 331,776 ----a-w C:\WINDOWS\system32\dllcache\msadce.dll
+ 2008-05-01 14:30:33 331,776 ----a-w C:\WINDOWS\system32\dllcache\msadce.dll
- 2004-08-10 12:00:00 294,400 ----a-w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\dllcache\msctf.dll
- 2004-08-10 12:00:00 512,029 ----a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-08-10 12:00:00 319,517 ----a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-10 12:00:00 1,507,356 ----a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-08-10 12:00:00 358,976 ----a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-08-10 12:00:00 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2004-08-10 12:00:00 53,279 ----a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-08-10 12:00:00 241,693 ----a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2004-08-10 12:00:00 213,023 ----a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2004-08-10 12:00:00 348,189 ----a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-06-23 16:57:39 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2004-08-10 12:00:00 421,919 ----a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2004-08-10 12:00:00 315,423 ----a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2004-08-10 12:00:00 552,989 ----a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2004-08-10 12:00:00 258,077 ----a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-10 12:00:00 831,519 ----a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2004-08-10 12:00:00 614,429 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2004-08-10 12:00:00 348,189 ----a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-06-23 16:57:40 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-06-23 16:57:41 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 16:57:41 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-10 12:00:00 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
- 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 16:57:27 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-06-23 09:20:25 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-06-23 16:57:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-06-23 16:57:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-06-23 16:57:33 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-04-13 07:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2007-10-24 05:47:38 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
- 2005-09-23 11:28:52 150,016 ----a-w C:\WINDOWS\system32\mscorier.dll
+ 2007-10-24 05:47:38 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
- 2005-09-23 11:28:52 74,240 ----a-w C:\WINDOWS\system32\mscories.dll
+ 2007-10-24 05:47:38 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
- 2004-08-10 12:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2004-08-10 12:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-10 12:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-06-24 14:57:40 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-10 12:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-08-11 02:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-10 12:00:00 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
+ 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
- 2004-08-10 12:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-10 12:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-10 12:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-10 12:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-06-23 16:57:39 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-10 12:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-10 12:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-10 12:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-10 12:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-10 12:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-10 12:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-10 12:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2006-12-22 17:02:36 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
+ 2007-10-24 05:47:44 15,360 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
- 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-06-23 16:57:40 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-05-11 00:12:59 70,796 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-17 16:36:19 71,980 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-11 00:12:59 437,702 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-17 16:36:19 442,966 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
- 2006-10-16 21:10:58 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-11-13 11:31:11 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ----a-w C:\WINDOWS\system32\tzchange.exe
- 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-06-23 16:57:41 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-06-23 16:57:41 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-09-17 16:34:54 8,192 ----a-w C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2007-10-24 05:47:56 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll
+ 2007-10-24 05:47:56 558,080 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll
+ 2007-10-24 05:47:56 635,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
- 2007-07-18 07:02:01 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-09-17 16:35:40 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2007-07-18 07:02:01 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2008-09-17 16:35:40 113,664 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"inter the"="C:\DOCUME~1\HP_ADM~1\APPLIC~1\PLAYSE~1\Default Heck.exe" [2008-07-10 510464]
"oogljutc"="C:\WINDOWS\system32\pepgfeta.exe" [2008-04-14 90112]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-10 61440]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-08 49768]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [2005-03-29 22656]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-18 180269]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-01-11 100056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-10 158208]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 86016]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 C:\WINDOWS\arpwrmsg.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Jk7L9m0e6b"="C:\Documents and Settings\All Users\Application Data\xspaboxc\pwdsrmha.exe" [2008-04-14 36864]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-10 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"vidc.X264"= x264vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-04-27 17:17 50736 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
--a------ 2005-11-30 10:35 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WDA-1320]
--a------ 2005-12-14 15:56 2711552 C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2007-12-29 08:05 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadStudio]
--a------ 2008-01-22 16:00 127640 C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-12-15 11:18 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2005-02-26 01:34 245760 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2005-05-10 20:50 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 17:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Noun Internet Plan Seek]
--a------ 2008-09-18 21:10 5272576 C:\Documents and Settings\All Users\Application Data\Close upload noun internet\STUPID RECT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2004-10-25 18:17 90112 C:\WINDOWS\system32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-04-02 10:31 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
--a------ 2006-05-12 01:32 86016 C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-08-25 466880]
S3 ATIXPGAA;ATIXPGAA;C:\pcdr5\ATIXPGAA.SYS [ ]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]
S3 SageTV;SageTV;C:\Program Files\SageTV\SageTV\SageTVService.exe [2007-04-17 782336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73de1e8c-ef2c-11dc-97b3-0015f20b0f3a}]
\Shell\AutoRun\command - G:\EXPLORER.EXE
\Shell\explore\Command - G:\EXPLORER.EXE
\Shell\open\Command - G:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9b0711a-b68e-11da-8523-806d6172696f}]
\Shell\AutoRun\command - E:\HPUpdate.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\38v004v1.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 10:33:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-09-19 10:36:19
ComboFix-quarantined-files.txt 2008-09-19 14:35:15
ComboFix2.txt 2008-09-17 16:38:51

Pre-Run: 808,198,144 bytes free
Post-Run: 825,184,256 bytes free

1029 --- E O F --- 2008-09-18 07:03:34



HIJACK THIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:30 AM, on 9/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\All Users\Application Data\xspaboxc\pwdsrmha.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\system32\pepgfeta.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Opera 9\Opera.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [inter the] C:\DOCUME~1\HP_ADM~1\APPLIC~1\PLAYSE~1\Default Heck.exe
O4 - HKCU\..\Run: [oogljutc] C:\WINDOWS\system32\pepgfeta.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Jk7L9m0e6b] C:\Documents and Settings\All Users\Application Data\xspaboxc\pwdsrmha.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Link Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Download List Of Files Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_list.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS/Podcast Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.blogtv.ca//chatobject/launcher.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3D752E2-77C7-471A-9CA0-06D8604C0083}: NameServer = 24.200.241.37,24.201.245.77
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SageTV - SageTV, LLC - C:\Program Files\SageTV\SageTV\SageTVService.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13530 bytes

#4 Cyrus420

Cyrus420
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 24 September 2008 - 10:19 PM

Please, anyone?

#5 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 25 September 2008 - 03:17 PM

I'm sorry about the delay; I didn't get an email to say you'd responded. Can I have a new HJT and Combofix log please?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#6 Cyrus420

Cyrus420
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 26 September 2008 - 06:21 PM

It's in my last reply.

#7 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 28 September 2008 - 01:56 PM

I am aware of that. But logs change, so I'd like a more recent one.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#8 Cyrus420

Cyrus420
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 03 October 2008 - 01:52 PM

Alright, here it is:

COMBOFIX followed by HIJACK THIS.

ComboFix 08-09-16.05 - HP_Administrator 2008-10-03 14:25:49.3 - NTFSx86
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.

2008-09-25 20:14 . 2008-09-25 20:14 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Media Player Classic
2008-09-24 11:23 . 2008-09-24 11:23 <DIR> d-------- C:\Program Files\Extreme Thumbnail Generator
2008-09-24 11:23 . 2008-09-24 11:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Extreme Thumbnail Generator
2008-09-23 08:02 . 2008-10-03 11:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-23 08:02 . 2008-09-23 08:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-17 12:33 . 2008-09-17 13:20 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-17 12:30 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-09-17 12:30 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-11 20:50 . 2008-09-11 20:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-09 19:23 . 2008-09-09 19:28 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\ShoppingReport

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 18:26 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2008-10-02 03:26 --------- d-----w C:\Program Files\FlashFXP
2008-10-02 02:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-01 22:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-10-01 15:58 3,532 ----a-w C:\drmHeader.bin
2008-09-26 05:50 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\SWiSHvideo
2008-09-25 04:12 108,936 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-09-23 01:16 --------- d-----w C:\Program Files\mIRC
2008-09-15 17:36 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-02 02:28 111,168 ----a-w C:\WINDOWS\system32\vlrwofsh.dll
2008-09-02 02:28 111,168 ----a-w C:\WINDOWS\system32\psghmo.dll
2008-08-25 04:58 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\dvdcss
2008-08-22 18:14 --------- d-----w C:\Program Files\Steam
2008-08-21 23:25 --------- d-----w C:\Program Files\DIFX
2008-08-18 05:01 --------- d-----w C:\Program Files\QuickTime Alternative
2008-08-18 05:01 --------- d-----w C:\Program Files\Media Player Classic
2008-08-18 05:01 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-08-18 05:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-18 04:50 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\U3
2008-08-18 04:30 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\MPEG Streamclip
2008-08-15 04:28 111,680 ----a-w C:\WINDOWS\system32\blibcxra.dll
2008-08-15 04:28 111,680 ----a-w C:\WINDOWS\system32\aeeqvz.dll
2008-08-14 04:26 111,168 ----a-w C:\WINDOWS\system32\qeovvn.dll
2008-08-14 04:26 111,168 ----a-w C:\WINDOWS\system32\jvgjfhbn.dll
2008-08-14 03:51 --------- d-----w C:\Program Files\iTunes
2008-08-14 03:51 --------- d-----w C:\Program Files\iPod
2008-08-14 03:47 --------- d-----w C:\Program Files\Bonjour
2008-08-14 03:39 --------- d-----w C:\Program Files\Apple Software Update
2008-08-14 01:20 111,168 ----a-w C:\WINDOWS\system32\xaxhun.dll
2008-08-14 01:20 111,168 ----a-w C:\WINDOWS\system32\uvrnstcp.dll
2008-08-13 01:20 111,168 ----a-w C:\WINDOWS\system32\ofzyif.dll
2008-08-13 01:20 111,168 ----a-w C:\WINDOWS\system32\hyjxniuj.dll
2008-08-12 01:20 111,168 ----a-w C:\WINDOWS\system32\vcybsx.dll
2008-08-12 01:20 111,168 ----a-w C:\WINDOWS\system32\abihwuhl.dll
2008-08-10 22:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-10 22:04 --------- d-----w C:\Program Files\Dark Basic Software
2008-08-09 22:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-09 22:37 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2008-08-08 22:11 111,680 ----a-w C:\WINDOWS\system32\mnqmfi.dll
2008-08-08 22:11 111,680 ----a-w C:\WINDOWS\system32\cqlrahvr.dll
2008-08-07 11:09 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Vso
2008-08-06 22:07 111,168 ----a-w C:\WINDOWS\system32\ymauff.dll
2008-08-06 22:07 111,168 ----a-w C:\WINDOWS\system32\fxumlwhb.dll
2008-08-02 01:54 111,680 ----a-w C:\WINDOWS\system32\xhejnwrc.dll
2008-08-02 01:54 111,680 ----a-w C:\WINDOWS\system32\njiqfi.dll
2008-07-30 01:54 111,680 ----a-w C:\WINDOWS\system32\xplhgp.dll
2008-07-30 01:54 111,680 ----a-w C:\WINDOWS\system32\eiqrqyog.dll
2008-07-29 01:52 111,680 ----a-w C:\WINDOWS\system32\xbmmpt.dll
2008-07-29 01:52 111,680 ----a-w C:\WINDOWS\system32\bjfmefwp.dll
2008-07-29 00:52 111,680 ----a-w C:\WINDOWS\system32\juhxrqrc.dll
2008-07-29 00:52 111,680 ----a-w C:\WINDOWS\system32\fstrgp.dll
2008-07-25 00:44 111,168 ----a-w C:\WINDOWS\system32\yojpvjls.dll
2008-07-25 00:44 111,168 ----a-w C:\WINDOWS\system32\jrwiww.dll
2008-07-24 05:54 111,680 ----a-w C:\WINDOWS\system32\ulimjcew.dll
2008-07-24 05:54 111,680 ----a-w C:\WINDOWS\system32\iaxdnv.dll
2008-07-23 05:51 111,680 ----a-w C:\WINDOWS\system32\tocdan.dll
2008-07-23 05:51 111,680 ----a-w C:\WINDOWS\system32\qdwgfbsq.dll
2008-07-21 05:48 111,680 ----a-w C:\WINDOWS\system32\xxveot.dll
2008-07-21 05:48 111,680 ----a-w C:\WINDOWS\system32\hyfwevxp.dll
2008-07-20 05:48 111,680 ----a-w C:\WINDOWS\system32\mngpht.dll
2008-07-20 05:48 111,680 ----a-w C:\WINDOWS\system32\cqrmalgw.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-10 15:00 111,680 ----a-w C:\WINDOWS\system32\tsevvxrw.dll
2008-07-10 15:00 111,680 ----a-w C:\WINDOWS\system32\rmrnve.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-05-11 14:59 47,360 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys
2007-11-21 05:56 81,920 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\ezpinst.exe
2007-02-20 05:38 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot_2008-09-19_10.34.52.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-19 02:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-19 02:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"inter the"="C:\DOCUME~1\HP_ADM~1\APPLIC~1\PLAYSE~1\Default Heck.exe" [2008-07-10 510464]
"oogljutc"="C:\WINDOWS\system32\pepgfeta.exe" [2008-04-14 90112]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-10 61440]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-08 49768]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [2005-03-29 22656]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-18 180269]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-01-11 100056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 86016]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 C:\WINDOWS\arpwrmsg.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Jk7L9m0e6b"="C:\Documents and Settings\All Users\Application Data\xspaboxc\pwdsrmha.exe" [2008-04-14 36864]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-10 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"vidc.X264"= x264vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-04-27 17:17 50736 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
--a------ 2005-11-30 10:35 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WDA-1320]
--a------ 2005-12-14 15:56 2711552 C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2007-12-29 08:05 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadStudio]
--a------ 2008-01-22 16:00 127640 C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-12-15 11:18 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2005-02-26 01:34 245760 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2005-05-10 20:50 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 17:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Noun Internet Plan Seek]
--a------ 2008-10-03 10:04 5915136 C:\Documents and Settings\All Users\Application Data\Close upload noun internet\STUPID RECT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2004-10-25 18:17 90112 C:\WINDOWS\system32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-04-02 10:31 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
--a------ 2006-05-12 01:32 86016 C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-08-25 466880]
S3 ATIXPGAA;ATIXPGAA;C:\pcdr5\ATIXPGAA.SYS [ ]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]
S3 SageTV;SageTV;C:\Program Files\SageTV\SageTV\SageTVService.exe [2007-04-17 782336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73de1e8c-ef2c-11dc-97b3-0015f20b0f3a}]
\Shell\AutoRun\command - G:\EXPLORER.EXE
\Shell\explore\Command - G:\EXPLORER.EXE
\Shell\open\Command - G:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d90c2ec-8c16-11dd-8d57-0015f20b0f3a}]
\Shell\Shell00\Command - G:\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9b0711a-b68e-11da-8523-806d6172696f}]
\Shell\AutoRun\command - E:\HPUpdate.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\38v004v1.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 14:28:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-03 14:41:36
ComboFix-quarantined-files.txt 2008-10-03 18:41:07
ComboFix2.txt 2008-09-19 14:36:20
ComboFix3.txt 2008-09-17 16:38:51

Pre-Run: 36,298,031,104 bytes free
Post-Run: 36,463,366,144 bytes free

278 --- E O F --- 2008-09-18 07:03:34










HIJACK THIS!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:51:51 PM, on 10/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\All Users\Application Data\xspaboxc\pwdsrmha.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\system32\pepgfeta.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Opera 9\Opera.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &DownloadStudio - {CB789373-04D5-4ef4-9C16-871463FD0830} - C:\Program Files\Conceiva\DownloadStudio\WebDLBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [inter the] C:\DOCUME~1\HP_ADM~1\APPLIC~1\PLAYSE~1\Default Heck.exe
O4 - HKCU\..\Run: [oogljutc] C:\WINDOWS\system32\pepgfeta.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Jk7L9m0e6b] C:\Documents and Settings\All Users\Application Data\xspaboxc\pwdsrmha.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Link Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Download List Of Files Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_list.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS/Podcast Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
O9 - Extra 'Tools' menuitem: &DownloadStudio - {4D0C4820-53F7-4d79-A2E1-5252683CF69C} - C:\Program Files\Conceiva\DownloadStudio\DownloadStudio.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.blogtv.ca//chatobject/launcher.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3D752E2-77C7-471A-9CA0-06D8604C0083}: NameServer = 24.200.241.37,24.201.245.77
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SageTV - SageTV, LLC - C:\Program Files\SageTV\SageTV\SageTVService.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13651 bytes

#9 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 03 October 2008 - 02:43 PM

Open Notepad - don't use any other text editor or the script will fail.
Copy and paste the text in the quote box below into the document:

File::
C:\Documents and Settings\HP_Administrator\Application Data\GDIPFONTCACHEV1.DAT
C:\WINDOWS\system32\vlrwofsh.dll
C:\WINDOWS\system32\psghmo.dll
C:\WINDOWS\system32\blibcxra.dll
C:\WINDOWS\system32\aeeqvz.dll
C:\WINDOWS\system32\qeovvn.dll
C:\WINDOWS\system32\jvgjfhbn.dll
C:\WINDOWS\system32\xaxhun.dll
C:\WINDOWS\system32\uvrnstcp.dll
C:\WINDOWS\system32\ofzyif.dll
C:\WINDOWS\system32\hyjxniuj.dll
C:\WINDOWS\system32\vcybsx.dll
C:\WINDOWS\system32\abihwuhl.dll
C:\WINDOWS\system32\mnqmfi.dll
C:\WINDOWS\system32\cqlrahvr.dll
C:\WINDOWS\system32\ymauff.dll
C:\WINDOWS\system32\fxumlwhb.dll
C:\WINDOWS\system32\xhejnwrc.dll
C:\WINDOWS\system32\njiqfi.dll
C:\WINDOWS\system32\xplhgp.dll
C:\WINDOWS\system32\eiqrqyog.dll
C:\WINDOWS\system32\xbmmpt.dll
C:\WINDOWS\system32\bjfmefwp.dll
C:\WINDOWS\system32\juhxrqrc.dll
C:\WINDOWS\system32\fstrgp.dll
C:\WINDOWS\system32\yojpvjls.dll
C:\WINDOWS\system32\jrwiww.dll
C:\WINDOWS\system32\ulimjcew.dll
C:\WINDOWS\system32\iaxdnv.dll
C:\WINDOWS\system32\tocdan.dll
C:\WINDOWS\system32\qdwgfbsq.dll
C:\WINDOWS\system32\xxveot.dll
C:\WINDOWS\system32\hyfwevxp.dll
C:\WINDOWS\system32\mngpht.dll
C:\WINDOWS\system32\cqrmalgw.dll
C:\WINDOWS\system32\tsevvxrw.dll
C:\WINDOWS\system32\rmrnve.dll
C:\WINDOWS\system32\pepgfeta.exe

Folder::
C:\Documents and Settings\All Users\Application Data\xspaboxc

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"inter the"=-
"oogljutc"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Jk7L9m0e6b"=-


Save this as txtfile CFScript .
Then drag the CFScript into ComboFix.exe as you see in the screenshot below:

Posted Image

This will start ComboFix again.
A new log will be created, which I would like to see in your reply.

Please download NoLop to your Desktop.
First close any other programs you have running; this will need you to reboot.
Double click NoLop.exe to run it
Now click the button labelled Search and Destroy
<<Your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, click OK.
Now click the REBOOT button.
A message should popup from NoLop. If not, double click the program again and it will finish. Please post the contents of C:\NoLop.log in your next reply.

In your next post I'd like the NoLOP log, Combofix log and a new HijackThis log.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#10 Cyrus420

Cyrus420
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 09 October 2008 - 10:46 AM

There it is. Thanks for helping :thumbsup:

Attached Files



#11 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 12 October 2008 - 03:02 PM

Quick question: how are things running for you at the moment?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#12 Cyrus420

Cyrus420
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 22 October 2008 - 07:37 PM

It's all cleared now. IE is working without popups. Thanks alot! :thumbsup:

#13 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 23 October 2008 - 03:56 PM

Great job! Now that you're free from malware, please follow these simple steps to decrease the likelihood of getting re-infected again:

Set your system to not show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Do not show hidden files and folders".
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.
Either enable 'Automatic Updates' under Start | Control Panel | Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

In order to protect yourself against spyware, you should consider installing and running the following free programmes:
Ad-Aware 2008
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.
Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.
SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.
Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

Please also read Tony Klein's excellent article: How I got Infected in the First Place.
Thanks and happy computing,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users