Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something is bugging me & my computer


  • This topic is locked This topic is locked
26 replies to this topic

#1 Sevenfold

Sevenfold

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 06 May 2010 - 05:59 AM

This computer had not been used for about a year when I needed it and decided to take it out from storage and start it. It's not in use because it's sluggish and obviously infected.

I am unable to save a log from Gmer after the scan is finished. It makes the computer freeze. I'm also unable to save the log with Gmer in safe mode because of low screen resolution.

There's some additional logs attached.

Here's the current DDS-log:


DDS (Ver_09-12-01.01) - FAT32x86
Run by Carsten at 11:42:18,75 on 06.05.2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.502.212 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\Programfiler\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Avira\AntiVir Desktop\sched.exe
C:\Programfiler\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\Programfiler\Avira\AntiVir Desktop\avgnt.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Carsten\Skrivebord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://f-b.no/apps/pbcs.dll/forside
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programfiler\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programfiler\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programfiler\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\programfiler\avira\antivir desktop\avgnt.exe" /min
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send til &Bluetooth-enhet... - c:\programfiler\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\carsten\progra~1\mozilla\firefox\profiles\mq8vn5fs.default\

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-3-31 28544]
R1 avgio;avgio;c:\programfiler\avira\antivir desktop\avgio.sys [2010-3-7 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programfiler\avira\antivir desktop\sched.exe [2010-3-7 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\programfiler\avira\antivir desktop\avguard.exe [2010-3-7 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-7 56816]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [2008-12-10 521786]
R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [2008-12-10 119864]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programfiler\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-4-18 47640]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [2008-12-10 36188]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2008-12-10 1088896]
S2 gsensor;gsensor;\??\c:\windows\system32\gsensor.sys --> c:\windows\system32\gsensor.sys [?]
S4 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-04-30 16:55:05 0 d-----w- C:\zcvx6521z
2010-04-28 23:04:02 1137360 ----a-w- C:\fsbl.exe
2010-04-27 16:30:42 0 d-----w- C:\VundoFix Backups
2010-04-27 11:47:01 0 d-sha-r- C:\cmdcons
2010-04-27 11:45:59 98816 ----a-w- c:\windows\sed.exe
2010-04-27 11:45:59 77312 ----a-w- c:\windows\MBR.exe
2010-04-27 11:45:59 256512 ----a-w- c:\windows\PEV.exe
2010-04-27 11:45:59 161792 ----a-w- c:\windows\SWREG.exe
2010-04-27 11:45:54 0 d-----w- C:\zcvx
2010-04-24 14:20:07 0 d-----w- c:\programfiler\Trend Micro

==================== Find3M ====================

2010-03-29 22:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-17 12:24:22 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-03-08 06:03:20 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

============= FINISH: 11:42:41,82 ===============

Attached Files


Edited by Sevenfold, 06 May 2010 - 06:17 AM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:46 PM

Posted 08 May 2010 - 08:35 PM

Hello Sevenfold,

I see several reasons this computer could be sluggish that have nothing to do with infection. I did look at the ComboFix log and saw the deletions it made. Not too much bad in it otherwise. I see you have MBAM....could you please update it and have a run, post the report? smile.gif Please also tell me if there are other behaviors besides sluggish that make you believe you are still infected. thumbup2.gif

I'm curious, exactly what language is that? Reading the logs are no problem, but I don't recognize it at a glance.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Sevenfold

Sevenfold
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 09 May 2010 - 01:00 PM

Hi, thanks for your help.

The language is Norwegian.

I ran a MBAM-quickscan some days ago and it came up with:
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

The full scan I just ran came up with absolutely nothing.

Symptoms of problems "besides" sluggish are; won't connect to wlan after hibernation and the system fan is running all the time (annoying). The laptop gets hot (even if there's low cpu/memory usage and it blows hot air constantly (the fan seems to be dust-"free"). I have previously reinstalled Windows twice over the past 3 years to make it shut up(!) as it starts wining after a while and I decided to try to figure out why it's doing that.

I have tried to get rid of Norton related software by running the removal tool (more than once), but I don't know if everything is gone.

Btw: I have no idea how that stuff Combofix deleted was installed on my system.

Edited by Sevenfold, 09 May 2010 - 01:01 PM.


#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:46 PM

Posted 09 May 2010 - 03:56 PM

Well, I'm looking at all these :


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

Even just bits and pieces....all those could have a profound effect on performance. blink.gif

I'm also looking at old versions of Java.....not that they necessarily slow things down, but they are vulnerable and take up a LOT of space.

Do this for me, please :

Download HijackThis. Choose the executable.

http://free.antivirus.com/hijackthis/

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Sevenfold

Sevenfold
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 09 May 2010 - 07:56 PM

laugh.gif

Something weird is definitely going on.

Here's the list:

Acer eDataSecurity Management 1.00.26
Acer eLock Management
Acer Empowering Technology framework
Acer eNet Management
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GraviSense
Acer GridVista
Acer OrbiCam Software
Acer Screensaver
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Avira AntiVir Personal - Free Antivirus
Citrix Program Neighborhood
Drivrutiner for Acer OrbiCam
HDAUDIO Soft Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Hurtigreparasjon for Windows XP (KB896256)
Hurtigreparasjon for Windows XP (KB914440)
Hurtigreparasjon for Windows XP (KB935448)
Hurtigreparasjon for Windows XP (KB952287)
Hurtigreparasjon for Windows XP (KB979306)
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless-programvare
Java™ 6 Update 12
Launch Manager
LogMeIn
Malwarebytes' Anti-Malware
mCore
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Norwegian Language Pack
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mMHouse
Mozilla Firefox (3.0.19)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
NetScreen-Remote
NTI Backup NOW! 4
NTI CD & DVD-Maker
Oppdatering for Windows Internet Explorer 7 (KB980182)
Oppdatering for Windows XP (KB898461)
Oppdatering for Windows XP (KB904942)
Oppdatering for Windows XP (KB955759)
Oppdatering for Windows XP (KB955839)
Oppdatering for Windows XP (KB967715)
Oppdatering for Windows XP (KB968389)
Oppdatering for Windows XP (KB971737)
Oppdatering for Windows XP (KB973687)
Oppdatering for Windows XP (KB973815)
Panda ActiveScan 2.0
PowerDVD
Realtek High Definition Audio Driver
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127-v2)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB956390)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB961260)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB963027)
Sikkerhetsoppdatering for Windows Media Player (KB952069)
Sikkerhetsoppdatering for Windows Media Player (KB954155)
Sikkerhetsoppdatering for Windows Media Player (KB968816)
Sikkerhetsoppdatering for Windows Media Player (KB973540)
Sikkerhetsoppdatering for Windows Media Player (KB979402)
Sikkerhetsoppdatering for Windows XP (KB901190)
Sikkerhetsoppdatering for Windows XP (KB923561)
Sikkerhetsoppdatering for Windows XP (KB938464)
Sikkerhetsoppdatering for Windows XP (KB944338-v2)
Sikkerhetsoppdatering for Windows XP (KB946648)
Sikkerhetsoppdatering for Windows XP (KB950762)
Sikkerhetsoppdatering for Windows XP (KB950974)
Sikkerhetsoppdatering for Windows XP (KB951066)
Sikkerhetsoppdatering for Windows XP (KB951376-v2)
Sikkerhetsoppdatering for Windows XP (KB951698)
Sikkerhetsoppdatering for Windows XP (KB951748)
Sikkerhetsoppdatering for Windows XP (KB952004)
Sikkerhetsoppdatering for Windows XP (KB952954)
Sikkerhetsoppdatering for Windows XP (KB954211)
Sikkerhetsoppdatering for Windows XP (KB954600)
Sikkerhetsoppdatering for Windows XP (KB955069)
Sikkerhetsoppdatering for Windows XP (KB956391)
Sikkerhetsoppdatering for Windows XP (KB956572)
Sikkerhetsoppdatering for Windows XP (KB956802)
Sikkerhetsoppdatering for Windows XP (KB956803)
Sikkerhetsoppdatering for Windows XP (KB956841)
Sikkerhetsoppdatering for Windows XP (KB956844)
Sikkerhetsoppdatering for Windows XP (KB957095)
Sikkerhetsoppdatering for Windows XP (KB957097)
Sikkerhetsoppdatering for Windows XP (KB958215)
Sikkerhetsoppdatering for Windows XP (KB958470)
Sikkerhetsoppdatering for Windows XP (KB958644)
Sikkerhetsoppdatering for Windows XP (KB958687)
Sikkerhetsoppdatering for Windows XP (KB958690)
Sikkerhetsoppdatering for Windows XP (KB958869)
Sikkerhetsoppdatering for Windows XP (KB959426)
Sikkerhetsoppdatering for Windows XP (KB960225)
Sikkerhetsoppdatering for Windows XP (KB960714)
Sikkerhetsoppdatering for Windows XP (KB960715)
Sikkerhetsoppdatering for Windows XP (KB960803)
Sikkerhetsoppdatering for Windows XP (KB960859)
Sikkerhetsoppdatering for Windows XP (KB961373)
Sikkerhetsoppdatering for Windows XP (KB961501)
Sikkerhetsoppdatering for Windows XP (KB969059)
Sikkerhetsoppdatering for Windows XP (KB969947)
Sikkerhetsoppdatering for Windows XP (KB970238)
Sikkerhetsoppdatering for Windows XP (KB970430)
Sikkerhetsoppdatering for Windows XP (KB971032)
Sikkerhetsoppdatering for Windows XP (KB971468)
Sikkerhetsoppdatering for Windows XP (KB971657)
Sikkerhetsoppdatering for Windows XP (KB971961)
Sikkerhetsoppdatering for Windows XP (KB972270)
Sikkerhetsoppdatering for Windows XP (KB973354)
Sikkerhetsoppdatering for Windows XP (KB973507)
Sikkerhetsoppdatering for Windows XP (KB973869)
Sikkerhetsoppdatering for Windows XP (KB973904)
Sikkerhetsoppdatering for Windows XP (KB974112)
Sikkerhetsoppdatering for Windows XP (KB974318)
Sikkerhetsoppdatering for Windows XP (KB974392)
Sikkerhetsoppdatering for Windows XP (KB974571)
Sikkerhetsoppdatering for Windows XP (KB975025)
Sikkerhetsoppdatering for Windows XP (KB975467)
Sikkerhetsoppdatering for Windows XP (KB975560)
Sikkerhetsoppdatering for Windows XP (KB975561)
Sikkerhetsoppdatering for Windows XP (KB975713)
Sikkerhetsoppdatering for Windows XP (KB977816)
Sikkerhetsoppdatering for Windows XP (KB977914)
Sikkerhetsoppdatering for Windows XP (KB978037)
Sikkerhetsoppdatering for Windows XP (KB978262)
Sikkerhetsoppdatering for Windows XP (KB978338)
Sikkerhetsoppdatering for Windows XP (KB978601)
Sikkerhetsoppdatering for Windows XP (KB978706)
Sikkerhetsoppdatering for Windows XP (KB979309)
Sikkerhetsoppdatering for Windows XP (KB979683)
Sikkerhetsoppdatering for Windows XP (KB980232)
Sikkerhetsoppdatering for Windows XP (KB981349)
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
WIDCOMM Bluetooth Software
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows XP hurtigreparasjon - KB885855
Windows XP Service Pack 3


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:46 PM

Posted 09 May 2010 - 11:24 PM

That's actually pretty good. I was expecting more than that. Before we do anything, can you confirm for me that you don't use any of those now please? smile.gif The only thing looks like Avira, but it isn't in those keys.

I'd like to do some updating and housekeeping and see if that helps. Also, open gmer and uncheck everything but "Sections" and see if it will complete and give you a report. If it will, please do post it. thumbup2.gif

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Sevenfold

Sevenfold
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 10 May 2010 - 04:54 AM

Avira is the only one installed.

GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-10 11:52:01
Windows 5.1.2600 Service Pack 2
Running: 5xwsfhph.exe; Driver: C:\DOCUME~1\Carsten\LOKALE~1\Temp\kxldypod.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF7E46DBF]

---- EOF - GMER 1.0.15 ----

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:46 PM

Posted 10 May 2010 - 11:26 AM

Hello,

That's an improvement, to get gmer to run. thumbup2.gif

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

This is really neat cleaner :

Please download ATF Cleaner by Atribune.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

QUOTE
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Please also let me know how it's running. smile.gif

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 Sevenfold

Sevenfold
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 10 May 2010 - 01:20 PM

When starting firefox again to post this, I got a box saying that firefox is not the default browser and the question to set it to default. It was default earlier today. ATF's work?

Maybe minor improvements to how it's running.
I just remembered that the computer was set to selective startup (diagnostic startup + avira + networking). It's set to normal now and the performance is not as it should be (but it's not very bad either). As I wrote earlier, it's been like this at least twice before and a windows reinstall solved it.


ComboFix 10-05-09.08 - Carsten 10.05.2010 19:25:03.3.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.502.234 [GMT 2:00]
Kjører fra: c:\documents and settings\Carsten\Skrivebord\zcvx.exe
Command switches brukt :: c:\documents and settings\Carsten\Skrivebord\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((( Filer Opprettet Fra 2010-04-10 til 2010-05-10 )))))))))))))))))))))))))))))))))
.

2010-05-10 17:15 . 2010-05-10 17:15 -------- d-----w- c:\programfiler\Java
2010-05-10 17:12 . 2010-05-10 17:12 -------- d-----w- c:\programfiler\Fellesfiler\Java
2010-05-10 16:53 . 2010-05-10 16:53 503808 ----a-w- c:\documents and settings\Carsten\Programdata\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3320e0ed-n\msvcp71.dll
2010-05-10 16:53 . 2010-05-10 16:53 499712 ----a-w- c:\documents and settings\Carsten\Programdata\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3320e0ed-n\jmc.dll
2010-05-10 16:53 . 2010-05-10 16:53 348160 ----a-w- c:\documents and settings\Carsten\Programdata\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3320e0ed-n\msvcr71.dll
2010-05-10 16:52 . 2010-05-10 16:53 61440 ----a-w- c:\documents and settings\Carsten\Programdata\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5b9490d3-n\decora-sse.dll
2010-05-10 16:52 . 2010-05-10 16:53 12800 ----a-w- c:\documents and settings\Carsten\Programdata\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5b9490d3-n\decora-d3d.dll
2010-05-10 16:52 . 2010-05-10 17:15 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-10 00:48 . 2010-05-10 00:48 -------- d-----w- C:\HJT
2010-04-30 16:55 . 2010-04-30 16:55 -------- d-----w- C:\zcvx6521z
2010-04-28 23:04 . 2010-04-28 23:04 1137360 ----a-w- C:\fsbl.exe
2010-04-27 16:30 . 2010-04-27 16:30 -------- d-----w- C:\VundoFix Backups
2010-04-27 11:45 . 2010-04-27 11:45 -------- d-----w- C:\zcvx
2010-04-27 11:40 . 2010-04-27 11:40 -------- d-----w- C:\rsit
2010-04-24 14:20 . 2010-04-24 14:20 -------- d-----w- c:\programfiler\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-09 00:01 . 2006-02-07 12:02 62390 ----a-w- c:\windows\system32\perfc014.dat
2010-05-09 00:01 . 2006-02-07 12:02 389496 ----a-w- c:\windows\system32\perfh014.dat
2010-04-29 13:39 . 2009-03-18 22:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-03-18 22:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-17 12:32 . 2010-03-04 22:23 79488 ----a-w- c:\documents and settings\Carsten\Programdata\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-17 12:24 . 2010-03-17 12:24 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-03-17 12:19 . 2010-03-17 12:18 -------- d-----w- c:\programfiler\PageDefrag
2010-03-11 12:38 . 2004-08-04 18:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-02-10 11:07 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2009-02-10 11:07 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:11 . 2009-02-10 11:06 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 06:03 . 2010-03-07 01:30 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-24 12:31 . 2009-02-10 11:06 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:28 . 2009-02-10 11:06 2145792 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:28 . 2009-02-10 11:06 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 09:03 . 2010-03-20 07:39 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:47 . 2009-02-10 11:07 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2009-02-10 11:06 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-04-27_11.52.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-10 11:06 . 2009-06-25 07:23 59392 c:\windows\system32\wdigest.dll
+ 2009-02-10 11:07 . 2010-01-23 07:11 46080 c:\windows\system32\tzchange.exe
+ 2009-02-10 11:07 . 2009-06-15 11:33 80896 c:\windows\system32\tlntsess.exe
+ 2009-02-10 11:06 . 2009-06-15 11:33 76800 c:\windows\system32\telnet.exe
- 2009-02-10 11:07 . 2004-08-04 18:00 75776 c:\windows\system32\strmfilt.dll
+ 2009-02-10 11:07 . 2009-10-21 06:04 75776 c:\windows\system32\strmfilt.dll
- 2004-11-18 08:42 . 2008-07-09 07:44 26488 c:\windows\system32\spupdsvc.exe
+ 2004-11-18 08:42 . 2007-07-27 08:41 26488 c:\windows\system32\spupdsvc.exe
- 2005-07-13 00:14 . 2007-11-30 12:39 17784 c:\windows\system32\spmsg.dll
+ 2005-07-13 00:14 . 2009-05-26 11:41 17784 c:\windows\system32\spmsg.dll
+ 2009-02-10 11:06 . 2009-06-25 07:23 56320 c:\windows\system32\secur32.dll
- 2009-02-10 11:06 . 2004-08-04 18:00 69632 c:\windows\system32\raschap.dll
+ 2009-02-10 11:06 . 2009-10-12 12:54 69632 c:\windows\system32\raschap.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 44544 c:\windows\system32\pngfilt.dll
- 2006-02-07 12:02 . 2009-06-02 20:41 54614 c:\windows\system32\perfc009.dat
+ 2006-02-07 12:02 . 2010-05-09 00:01 54614 c:\windows\system32\perfc009.dat
+ 2009-02-10 11:06 . 2009-11-27 16:35 17920 c:\windows\system32\msyuv.dll
+ 2004-08-04 18:00 . 2009-11-27 15:41 28672 c:\windows\system32\msvidc32.dll
+ 2009-02-10 11:06 . 2009-11-27 15:41 11264 c:\windows\system32\msrle32.dll
- 2009-02-10 11:06 . 2004-08-04 18:00 11264 c:\windows\system32\msrle32.dll
- 2007-08-13 16:54 . 2009-02-20 17:17 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 16:54 . 2010-03-11 12:38 52224 c:\windows\system32\msfeedsbs.dll
+ 2009-02-10 11:07 . 2009-09-04 19:47 58880 c:\windows\system32\msasn1.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 48640 c:\windows\system32\mqupgrd.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 48640 c:\windows\system32\mqupgrd.dll
- 2009-02-10 11:07 . 2004-08-04 19:00 95744 c:\windows\system32\mqsec.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 95744 c:\windows\system32\mqsec.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 16896 c:\windows\system32\mqise.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 16896 c:\windows\system32\mqise.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 47104 c:\windows\system32\mqdscli.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 47104 c:\windows\system32\mqdscli.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 19968 c:\windows\system32\mqbkup.exe
+ 2009-02-10 11:07 . 2009-06-22 11:49 19968 c:\windows\system32\mqbkup.exe
+ 2004-08-04 18:00 . 2010-03-11 12:38 27648 c:\windows\system32\jsproxy.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 27648 c:\windows\system32\jsproxy.dll
+ 2009-02-10 11:07 . 2009-11-27 15:41 48128 c:\windows\system32\iyuv_32.dll
- 2007-08-13 16:39 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-13 16:39 . 2010-03-10 13:20 13824 c:\windows\system32\ieudinit.exe
- 2004-08-04 18:00 . 2009-02-20 17:17 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 18:00 . 2010-03-10 13:20 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-04 18:00 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 16:36 . 2010-03-11 12:38 63488 c:\windows\system32\icardie.dll
- 2007-08-13 16:36 . 2009-02-20 17:17 63488 c:\windows\system32\icardie.dll
+ 2009-02-10 11:07 . 2009-10-21 06:04 25088 c:\windows\system32\httpapi.dll
+ 2009-02-10 11:07 . 2009-10-15 16:22 82432 c:\windows\system32\fontsub.dll
+ 2009-02-10 11:07 . 2009-06-22 11:48 91776 c:\windows\system32\drivers\mqac.sys
+ 2009-02-10 11:06 . 2009-06-22 10:35 92544 c:\windows\system32\drivers\ksecdd.sys
+ 2009-02-10 11:06 . 2009-06-25 07:23 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2009-02-10 11:07 . 2009-06-15 11:33 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-02-10 11:06 . 2009-06-15 11:33 76800 c:\windows\system32\dllcache\telnet.exe
- 2009-02-10 11:07 . 2004-08-04 18:00 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2009-02-10 11:07 . 2009-10-21 06:04 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2009-02-10 11:06 . 2009-06-25 07:23 56320 c:\windows\system32\dllcache\secur32.dll
+ 2009-02-10 11:06 . 2009-10-12 12:54 69632 c:\windows\system32\dllcache\raschap.dll
- 2009-02-10 11:06 . 2004-08-04 18:00 69632 c:\windows\system32\dllcache\raschap.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-11-27 16:35 . 2009-11-27 16:35 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-04 18:00 . 2009-11-27 15:41 28672 c:\windows\system32\dllcache\msvidc32.dll
- 2009-02-10 11:06 . 2004-08-04 18:00 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2009-02-10 11:06 . 2009-11-27 15:41 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2009-02-10 09:29 . 2010-03-11 12:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-02-10 09:29 . 2009-02-20 17:17 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-02-10 11:07 . 2009-09-04 19:47 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 48640 c:\windows\system32\dllcache\mqupgrd.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 48640 c:\windows\system32\dllcache\mqupgrd.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 95744 c:\windows\system32\dllcache\mqsec.dll
- 2009-02-10 11:07 . 2004-08-04 19:00 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 16896 c:\windows\system32\dllcache\mqise.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 16896 c:\windows\system32\dllcache\mqise.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 47104 c:\windows\system32\dllcache\mqdscli.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 47104 c:\windows\system32\dllcache\mqdscli.dll
+ 2009-02-10 11:07 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe
- 2009-02-10 11:07 . 2004-08-04 18:00 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2009-02-10 11:07 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys
+ 2009-02-10 11:06 . 2009-06-22 10:35 92544 c:\windows\system32\dllcache\ksecdd.sys
- 2004-08-04 18:00 . 2009-02-20 17:17 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 15:41 . 2009-11-27 15:41 48128 c:\windows\system32\dllcache\iyuv_32.dll
- 2009-02-10 09:29 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-02-10 09:29 . 2010-03-10 13:20 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2004-08-04 18:00 . 2009-02-20 17:17 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 44544 c:\windows\system32\dllcache\iernonce.dll
- 2009-02-10 11:07 . 2009-02-20 17:17 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-10 11:07 . 2010-03-11 12:38 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 18:00 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 18:00 . 2010-03-10 13:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-02-10 09:29 . 2010-03-11 12:38 63488 c:\windows\system32\dllcache\icardie.dll
- 2009-02-10 09:29 . 2009-02-20 17:17 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-02-10 11:07 . 2009-10-21 06:04 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2009-02-10 11:07 . 2009-10-15 16:22 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2009-02-10 11:06 . 2009-12-14 06:37 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-02-10 11:07 . 2010-03-11 12:38 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-02-10 11:07 . 2010-01-13 14:11 85504 c:\windows\system32\dllcache\cabview.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-02-10 11:07 . 2009-11-27 15:41 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-02-10 11:07 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 58880 c:\windows\system32\dllcache\atl.dll
+ 2009-02-10 11:06 . 2009-12-14 06:37 33280 c:\windows\system32\csrsrv.dll
+ 2009-02-10 11:07 . 2010-01-13 14:11 85504 c:\windows\system32\cabview.dll
+ 2009-02-10 11:07 . 2009-11-27 15:41 84992 c:\windows\system32\avifil32.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 84992 c:\windows\system32\avifil32.dll
+ 2009-02-10 11:07 . 2009-07-17 19:01 58880 c:\windows\system32\atl.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 58880 c:\windows\system32\atl.dll
+ 2009-06-24 17:56 . 2009-06-24 17:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2007-04-13 18:58 . 2007-04-13 18:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-27 22:49 . 2008-05-27 22:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-27 22:49 . 2008-05-27 22:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-13 18:57 . 2007-04-13 18:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-27 22:49 . 2008-05-27 22:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-13 18:57 . 2007-04-13 18:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-27 23:30 . 2008-05-27 23:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2007-04-13 19:30 . 2007-04-13 19:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-05-07 21:55 . 2010-05-07 21:55 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2010-05-07 21:54 . 2009-02-20 17:17 44544 c:\windows\ie7updates\KB980182-IE7\pngfilt.dll
+ 2010-05-07 21:54 . 2009-02-20 17:17 52224 c:\windows\ie7updates\KB980182-IE7\msfeedsbs.dll
+ 2010-05-07 21:54 . 2009-02-20 17:17 27648 c:\windows\ie7updates\KB980182-IE7\jsproxy.dll
+ 2010-05-07 21:54 . 2009-02-20 10:20 13824 c:\windows\ie7updates\KB980182-IE7\ieudinit.exe
+ 2010-05-07 21:54 . 2009-02-20 17:17 44544 c:\windows\ie7updates\KB980182-IE7\iernonce.dll
+ 2010-05-07 21:54 . 2009-02-20 17:17 78336 c:\windows\ie7updates\KB980182-IE7\ieencode.dll
+ 2010-05-07 21:54 . 2009-02-20 10:20 70656 c:\windows\ie7updates\KB980182-IE7\ie4uinit.exe
+ 2010-05-07 21:54 . 2009-02-20 17:17 63488 c:\windows\ie7updates\KB980182-IE7\icardie.dll
+ 2010-05-07 21:54 . 2004-08-04 18:00 35328 c:\windows\ie7updates\KB980182-IE7\corpol.dll
+ 2010-05-07 21:56 . 2010-05-07 21:57 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_ea64b576\System.Drawing.Design.dll
+ 2010-05-07 21:56 . 2010-05-07 21:56 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_3573e155\CustomMarshalers.dll
+ 2010-05-07 21:54 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB980182-IE7\update\spcustom.dll
+ 2010-05-07 21:54 . 2009-05-26 11:41 17784 c:\windows\$hf_mig$\KB980182-IE7\spmsg.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 44544 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\pngfilt.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 52224 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\msfeedsbs.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 27648 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\jsproxy.dll
+ 2010-03-10 14:08 . 2010-03-10 14:08 13824 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieudinit.exe
+ 2010-03-11 11:45 . 2010-03-11 11:45 44544 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iernonce.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 78336 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieencode.dll
+ 2010-03-10 14:08 . 2010-03-10 14:08 70656 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ie4uinit.exe
+ 2010-03-11 11:45 . 2010-03-11 11:45 63488 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\icardie.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 17408 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\corpol.dll
+ 2010-05-07 21:55 . 2009-05-26 10:41 26488 c:\windows\$hf_mig$\KB978706\update\spcustom.dll
+ 2010-05-07 21:55 . 2009-05-26 10:41 17784 c:\windows\$hf_mig$\KB978706\spmsg.dll
+ 2010-05-07 21:59 . 2009-05-26 10:41 26488 c:\windows\$hf_mig$\KB978037\update\spcustom.dll
+ 2010-05-07 21:59 . 2009-05-26 10:41 17784 c:\windows\$hf_mig$\KB978037\spmsg.dll
+ 2009-12-14 06:11 . 2009-12-14 06:11 33280 c:\windows\$hf_mig$\KB978037\SP3QFE\csrsrv.dll
+ 2009-12-14 06:10 . 2009-12-14 06:10 33280 c:\windows\$hf_mig$\KB978037\SP3GDR\csrsrv.dll
+ 2009-12-14 06:29 . 2009-12-14 06:29 33280 c:\windows\$hf_mig$\KB978037\SP2QFE\csrsrv.dll
+ 2010-05-07 21:56 . 2009-05-26 10:41 26488 c:\windows\$hf_mig$\KB977914\update\spcustom.dll
+ 2010-05-07 21:56 . 2009-05-26 10:41 17784 c:\windows\$hf_mig$\KB977914\spmsg.dll
+ 2009-11-27 15:30 . 2009-11-27 15:30 28672 c:\windows\$hf_mig$\KB977914\SP3QFE\msvidc32.dll
+ 2009-11-27 15:30 . 2009-11-27 15:30 11264 c:\windows\$hf_mig$\KB977914\SP3QFE\msrle32.dll
+ 2009-11-27 15:30 . 2009-11-27 15:30 48128 c:\windows\$hf_mig$\KB977914\SP3QFE\iyuv_32.dll
+ 2009-11-27 15:30 . 2009-11-27 15:30 84992 c:\windows\$hf_mig$\KB977914\SP3QFE\avifil32.dll
+ 2009-11-27 15:10 . 2009-11-27 15:10 28672 c:\windows\$hf_mig$\KB977914\SP3GDR\msvidc32.dll
+ 2009-11-27 15:10 . 2009-11-27 15:10 11264 c:\windows\$hf_mig$\KB977914\SP3GDR\msrle32.dll
+ 2009-11-27 15:10 . 2009-11-27 15:10 48128 c:\windows\$hf_mig$\KB977914\SP3GDR\iyuv_32.dll
+ 2009-11-27 15:10 . 2009-11-27 15:10 84992 c:\windows\$hf_mig$\KB977914\SP3GDR\avifil32.dll
+ 2009-11-27 15:20 . 2009-11-27 15:20 28672 c:\windows\$hf_mig$\KB977914\SP2QFE\msvidc32.dll
+ 2009-11-27 15:20 . 2009-11-27 15:20 11264 c:\windows\$hf_mig$\KB977914\SP2QFE\msrle32.dll
+ 2009-11-27 15:20 . 2009-11-27 15:20 48128 c:\windows\$hf_mig$\KB977914\SP2QFE\iyuv_32.dll
+ 2009-11-27 15:20 . 2009-11-27 15:20 84992 c:\windows\$hf_mig$\KB977914\SP2QFE\avifil32.dll
+ 2010-05-07 21:59 . 2009-05-26 10:41 26488 c:\windows\$hf_mig$\KB975713\update\spcustom.dll
+ 2010-05-07 21:59 . 2009-05-26 10:41 17784 c:\windows\$hf_mig$\KB975713\spmsg.dll
+ 2010-05-07 21:57 . 2009-05-26 10:41 26488 c:\windows\$hf_mig$\KB975560\update\spcustom.dll
+ 2010-05-07 21:57 . 2009-05-26 10:41 17784 c:\windows\$hf_mig$\KB975560\spmsg.dll
+ 2009-11-27 16:25 . 2009-11-27 16:25 17920 c:\windows\$hf_mig$\KB975560\SP3QFE\msyuv.dll
+ 2009-11-27 16:14 . 2009-11-27 16:14 17920 c:\windows\$hf_mig$\KB975560\SP3GDR\msyuv.dll
+ 2009-11-27 16:11 . 2009-11-27 16:11 17920 c:\windows\$hf_mig$\KB975560\SP2QFE\msyuv.dll
+ 2010-05-07 21:54 . 2008-07-08 12:08 26488 c:\windows\$hf_mig$\KB975467\update\spcustom.dll
+ 2010-05-07 21:54 . 2008-07-08 12:08 17784 c:\windows\$hf_mig$\KB975467\spmsg.dll
+ 2010-05-07 21:58 . 2009-05-26 10:41 26488 c:\windows\$hf_mig$\KB975025\update\spcustom.dll
+ 2010-05-07 21:58 . 2009-05-26 10:41 17784 c:\windows\$hf_mig$\KB975025\spmsg.dll
+ 2010-05-07 21:58 . 2009-05-26 10:41 26488 c:\windows\$hf_mig$\KB974571\update\spcustom.dll
+ 2010-05-07 21:58 . 2009-05-26 10:41 17784 c:\windows\$hf_mig$\KB974571\spmsg.dll
+ 2009-09-04 20:02 . 2009-09-04 20:02 58880 c:\windows\$hf_mig$\KB974571\SP3QFE\msasn1.dll
+ 2009-09-04 20:05 . 2009-09-04 20:05 58880 c:\windows\$hf_mig$\KB974571\SP3GDR\msasn1.dll
+ 2009-09-04 19:37 . 2009-09-04 19:37 58880 c:\windows\$hf_mig$\KB974571\SP2QFE\msasn1.dll
+ 2010-05-07 21:56 . 2009-05-26 10:41 26488 c:\windows\$hf_mig$\KB974392\update\spcustom.dll
+ 2010-05-07 21:56 . 2009-05-26 10:41 17784 c:\windows\$hf_mig$\KB974392\spmsg.dll
+ 2010-05-07 21:59 . 2009-05-26 10:41 26488 c:\windows\$hf_mig$\KB974318\update\spcustom.dll
+ 2010-05-07 21:59 . 2009-05-26 10:41 17784 c:\windows\$hf_mig$\KB974318\spmsg.dll
+ 2009-10-12 12:37 . 2009-10-12 12:37 79872 c:\windows\$hf_mig$\KB974318\SP3QFE\raschap.dll
+ 2009-10-12 12:40 . 2009-10-12 12:40 79872 c:\windows\$hf_mig$\KB974318\SP3GDR\raschap.dll
+ 2009-10-12 12:46 . 2009-10-12 12:46 69632 c:\windows\$hf_mig$\KB974318\SP2QFE\raschap.dll
+ 2010-05-07 21:58 . 2009-05-26 10:41 26488 c:\windows\$hf_mig$\KB974112\update\spcustom.dll
+ 2010-05-07 21:58 . 2009-05-26 10:41 17784 c:\windows\$hf_mig$\KB974112\spmsg.dll
+ 2010-05-07 21:55 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB973815\update\spcustom.dll
+ 2010-05-07 21:55 . 2009-05-26 11:41 17784 c:\windows\$hf_mig$\KB973815\spmsg.dll
+ 2010-05-07 21:57 . 2009-05-26 11:41 26488 c:\windows\$hf_mig$\KB973507\update\spcustom.dll
+ 2010-05-07 21:57 . 2009-05-26 11:41 17784 c:\windows\$hf_mig$\KB973507\spmsg.dll
+ 2009-07-17 19:28 . 2009-07-17 19:28 58880 c:\windows\$hf_mig$\KB973507\SP3QFE\atl.dll
+ 2009-07-17 19:04 . 2009-07-17 19:04 58880 c:\windows\$hf_mig$\KB973507\SP3GDR\atl.dll
+ 2009-07-17 18:49 . 2009-07-17 18:49 58880 c:\windows\$hf_mig$\KB973507\SP2QFE\atl.dll
+ 2010-05-07 21:59 . 2008-07-08 13:08 26488 c:\windows\$hf_mig$\KB971657\update\spcustom.dll
+ 2010-05-07 21:59 . 2008-07-08 13:08 17784 c:\windows\$hf_mig$\KB971657\spmsg.dll
+ 2010-05-07 21:55 . 2007-03-06 02:01 22752 c:\windows\$hf_mig$\KB971032\update\spcustom.dll
+ 2010-05-07 21:55 . 2007-03-06 02:01 14560 c:\windows\$hf_mig$\KB971032\spmsg.dll
+ 2009-06-25 18:33 . 2009-06-25 18:33 48640 c:\windows\$hf_mig$\KB971032\SP2QFE\mqupgrd.dll
+ 2009-06-25 18:33 . 2009-06-25 18:33 95744 c:\windows\$hf_mig$\KB971032\SP2QFE\mqsec.dll
+ 2009-06-25 18:33 . 2009-06-25 18:33 16896 c:\windows\$hf_mig$\KB971032\SP2QFE\mqise.dll
+ 2009-06-25 18:33 . 2009-06-25 18:33 47104 c:\windows\$hf_mig$\KB971032\SP2QFE\mqdscli.dll
+ 2009-06-22 11:30 . 2009-06-22 11:30 19968 c:\windows\$hf_mig$\KB971032\SP2QFE\mqbkup.exe
+ 2009-06-22 11:30 . 2009-06-22 11:30 91776 c:\windows\$hf_mig$\KB971032\SP2QFE\mqac.sys
+ 2010-05-07 21:56 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB970238\update\spcustom.dll
+ 2010-05-07 21:56 . 2007-11-30 12:39 17784 c:\windows\$hf_mig$\KB970238\spmsg.dll
+ 2010-05-07 21:53 . 2008-07-08 12:08 26488 c:\windows\$hf_mig$\KB969947\update\spcustom.dll
+ 2010-05-07 21:53 . 2008-07-08 12:08 17784 c:\windows\$hf_mig$\KB969947\spmsg.dll
+ 2010-05-07 21:59 . 2008-07-08 12:08 26488 c:\windows\$hf_mig$\KB969059\update\spcustom.dll
+ 2010-05-07 21:59 . 2008-07-08 12:08 17784 c:\windows\$hf_mig$\KB969059\spmsg.dll
+ 2010-05-07 21:54 . 2008-07-08 12:08 26488 c:\windows\$hf_mig$\KB968389\update\spcustom.dll
+ 2010-05-07 21:54 . 2008-07-08 12:08 17784 c:\windows\$hf_mig$\KB968389\spmsg.dll
+ 2009-06-25 07:42 . 2009-06-25 07:42 54272 c:\windows\$hf_mig$\KB968389\SP3QFE\wdigest.dll
+ 2009-06-25 07:42 . 2009-06-25 07:42 56832 c:\windows\$hf_mig$\KB968389\SP3QFE\secur32.dll
+ 2009-06-24 09:28 . 2009-06-24 09:28 92928 c:\windows\$hf_mig$\KB968389\SP3QFE\ksecdd.sys
+ 2009-06-25 07:27 . 2009-06-25 07:27 54272 c:\windows\$hf_mig$\KB968389\SP3GDR\wdigest.dll
+ 2009-06-25 07:27 . 2009-06-25 07:27 56832 c:\windows\$hf_mig$\KB968389\SP3GDR\secur32.dll
+ 2009-06-24 10:18 . 2009-06-24 10:18 92928 c:\windows\$hf_mig$\KB968389\SP3GDR\ksecdd.sys
+ 2010-05-07 21:58 . 2008-07-09 07:44 26488 c:\windows\$hf_mig$\KB961501\update\spcustom.dll
+ 2010-05-07 21:58 . 2008-07-09 07:44 17784 c:\windows\$hf_mig$\KB961501\spmsg.dll
+ 2010-05-07 22:00 . 2008-07-08 13:08 26488 c:\windows\$hf_mig$\KB960859\update\spcustom.dll
+ 2010-05-07 22:00 . 2008-07-08 13:08 17784 c:\windows\$hf_mig$\KB960859\spmsg.dll
+ 2009-06-15 11:14 . 2009-06-15 11:14 80896 c:\windows\$hf_mig$\KB960859\SP3QFE\tlntsess.exe
+ 2009-06-15 11:14 . 2009-06-15 11:14 76800 c:\windows\$hf_mig$\KB960859\SP3QFE\telnet.exe
+ 2009-06-15 10:45 . 2009-06-15 10:45 80896 c:\windows\$hf_mig$\KB960859\SP3GDR\tlntsess.exe
+ 2009-06-15 10:45 . 2009-06-15 10:45 76800 c:\windows\$hf_mig$\KB960859\SP3GDR\telnet.exe
+ 2009-06-15 12:09 . 2009-06-15 12:09 80896 c:\windows\$hf_mig$\KB960859\SP2QFE\tlntsess.exe
+ 2009-06-15 12:09 . 2009-06-15 12:09 76800 c:\windows\$hf_mig$\KB960859\SP2QFE\telnet.exe
+ 2001-10-06 12:02 . 2009-11-27 15:41 8704 c:\windows\system32\tsbyuv.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 4608 c:\windows\system32\mqsvc.exe
+ 2009-02-10 11:07 . 2009-06-22 11:49 4608 c:\windows\system32\mqsvc.exe
+ 2009-11-27 15:41 . 2009-11-27 15:41 8704 c:\windows\system32\dllcache\tsbyuv.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 4608 c:\windows\system32\dllcache\mqsvc.exe
+ 2009-02-10 11:07 . 2009-06-22 11:49 4608 c:\windows\system32\dllcache\mqsvc.exe
+ 2009-11-27 15:30 . 2009-11-27 15:30 8704 c:\windows\$hf_mig$\KB977914\SP3QFE\tsbyuv.dll
+ 2009-11-27 15:10 . 2009-11-27 15:10 8704 c:\windows\$hf_mig$\KB977914\SP3GDR\tsbyuv.dll
+ 2009-11-27 15:20 . 2009-11-27 15:20 8704 c:\windows\$hf_mig$\KB977914\SP2QFE\tsbyuv.dll
+ 2009-06-22 11:30 . 2009-06-22 11:30 4608 c:\windows\$hf_mig$\KB971032\SP2QFE\mqsvc.exe
- 2009-02-10 11:07 . 2008-10-15 18:05 354304 c:\windows\system32\xpsp3res.dll
+ 2009-02-10 11:07 . 2009-04-15 09:56 354304 c:\windows\system32\xpsp3res.dll
+ 2009-02-10 11:07 . 2009-04-03 10:15 485376 c:\windows\system32\wmspdmod.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 233472 c:\windows\system32\wmpdxm.dll
+ 2009-02-10 11:07 . 2009-07-13 00:18 233472 c:\windows\system32\wmpdxm.dll
- 2009-02-10 11:06 . 2004-08-04 18:00 132096 c:\windows\system32\wkssvc.dll
+ 2009-02-10 11:06 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll
+ 2009-02-10 11:06 . 2009-12-24 07:07 177664 c:\windows\system32\wintrust.dll
+ 2009-02-10 11:07 . 2009-08-25 09:50 352256 c:\windows\system32\winhttp.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 233472 c:\windows\system32\webcheck.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 233472 c:\windows\system32\webcheck.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 105984 c:\windows\system32\url.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 105984 c:\windows\system32\url.dll
+ 2009-02-10 11:06 . 2009-10-15 20:52 119808 c:\windows\system32\t2embed.dll
- 2004-08-04 18:00 . 2008-10-03 09:17 247326 c:\windows\system32\strmdll.dll
+ 2004-08-04 18:00 . 2009-08-26 07:16 247326 c:\windows\system32\strmdll.dll
- 2009-02-10 11:06 . 2008-10-16 09:40 474112 c:\windows\system32\shlwapi.dll
+ 2009-02-10 11:06 . 2009-12-08 08:13 474112 c:\windows\system32\shlwapi.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 169472 c:\windows\system32\Setup\msmqocm.dll
+ 2009-02-10 11:06 . 2009-06-25 07:23 168448 c:\windows\system32\schannel.dll
+ 2009-02-10 11:06 . 2009-04-15 15:18 584192 c:\windows\system32\rpcrt4.dll
- 2009-02-10 11:06 . 2004-08-04 18:00 112128 c:\windows\system32\rastls.dll
+ 2009-02-10 11:06 . 2009-10-12 12:54 112128 c:\windows\system32\rastls.dll
- 2006-02-07 12:02 . 2009-06-02 20:41 384930 c:\windows\system32\perfh009.dat
+ 2006-02-07 12:02 . 2010-05-09 00:01 384930 c:\windows\system32\perfh009.dat
- 2004-08-04 18:00 . 2009-02-20 17:17 102912 c:\windows\system32\occache.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 102912 c:\windows\system32\occache.dll
- 2009-02-10 11:06 . 2004-08-04 18:00 267264 c:\windows\system32\oakley.dll
+ 2009-02-10 11:06 . 2009-10-13 09:53 267264 c:\windows\system32\oakley.dll
+ 2009-02-10 11:06 . 2009-02-06 17:47 408064 c:\windows\system32\netlogon.dll
+ 2009-02-10 11:06 . 2009-08-05 09:11 204800 c:\windows\system32\mswebdvd.dll
+ 2009-02-10 11:06 . 2009-09-11 13:13 136192 c:\windows\system32\msv1_0.dll
+ 2009-02-10 11:07 . 2009-06-05 07:55 655872 c:\windows\system32\mstscax.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 671232 c:\windows\system32\mstime.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 671232 c:\windows\system32\mstime.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 193024 c:\windows\system32\msrating.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 193024 c:\windows\system32\msrating.dll
+ 2009-02-10 11:06 . 2009-12-17 07:01 344064 c:\windows\system32\mspaint.exe
- 2009-02-10 11:06 . 2004-08-04 18:00 344064 c:\windows\system32\mspaint.exe
+ 2004-08-04 18:00 . 2010-03-11 12:38 477696 c:\windows\system32\mshtmled.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 16:54 . 2009-02-20 17:17 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 16:54 . 2010-03-11 12:38 459264 c:\windows\system32\msfeeds.dll
- 2009-02-10 11:07 . 2004-08-04 19:00 472576 c:\windows\system32\mqutil.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 472576 c:\windows\system32\mqutil.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 186880 c:\windows\system32\mqtrig.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 186880 c:\windows\system32\mqtrig.dll
+ 2009-02-10 11:07 . 2009-06-22 11:49 117248 c:\windows\system32\mqtgsvc.exe
- 2009-02-10 11:07 . 2004-08-04 18:00 117248 c:\windows\system32\mqtgsvc.exe
+ 2009-02-10 11:07 . 2009-06-25 18:38 517120 c:\windows\system32\mqsnap.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 123392 c:\windows\system32\mqrtdep.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 123392 c:\windows\system32\mqrtdep.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 177152 c:\windows\system32\mqrt.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 177152 c:\windows\system32\mqrt.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 661504 c:\windows\system32\mqqm.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 225280 c:\windows\system32\mqoa.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 225280 c:\windows\system32\mqoa.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 138240 c:\windows\system32\mqad.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 138240 c:\windows\system32\mqad.dll
+ 2009-02-10 11:06 . 2009-06-25 07:23 729600 c:\windows\system32\lsasrv.dll
+ 2009-02-10 11:06 . 2009-05-07 15:44 344576 c:\windows\system32\localspl.dll
+ 2009-02-10 11:07 . 2009-06-25 07:23 301568 c:\windows\system32\kerberos.dll
+ 2009-02-10 11:07 . 2009-08-13 15:25 512000 c:\windows\system32\jscript.dll
+ 2010-05-10 17:15 . 2010-05-10 17:15 153376 c:\windows\system32\javaws.exe
+ 2010-05-10 17:15 . 2010-05-10 17:15 145184 c:\windows\system32\javaw.exe
+ 2010-05-10 17:15 . 2010-05-10 17:15 145184 c:\windows\system32\java.exe
- 2007-08-13 16:34 . 2009-02-20 17:17 268288 c:\windows\system32\iertutil.dll
+ 2007-08-13 16:34 . 2010-03-11 12:38 268288 c:\windows\system32\iertutil.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 192512 c:\windows\system32\iepeers.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 385024 c:\windows\system32\iedkcs32.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 10:27 . 2010-03-11 12:38 380928 c:\windows\system32\ieapfltr.dll
+ 2004-08-04 18:00 . 2010-02-23 05:18 161792 c:\windows\system32\ieakui.dll
- 2004-08-04 18:00 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 153088 c:\windows\system32\ieakeng.dll
+ 2006-02-07 11:45 . 2010-05-08 13:53 255864 c:\windows\system32\FNTCACHE.DAT
- 2006-02-07 11:45 . 2010-04-26 11:24 255864 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 18:00 . 2010-03-11 12:38 133120 c:\windows\system32\extmgr.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 347136 c:\windows\system32\dxtmsft.dll
+ 2009-02-10 11:06 . 2009-12-31 15:14 352640 c:\windows\system32\drivers\srv.sys
+ 2009-02-10 11:07 . 2009-10-20 14:58 263552 c:\windows\system32\drivers\http.sys
+ 2009-02-10 11:07 . 2009-04-03 10:15 485376 c:\windows\system32\dllcache\wmspdmod.dll
+ 2009-02-10 11:07 . 2009-07-13 00:18 233472 c:\windows\system32\dllcache\wmpdxm.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 233472 c:\windows\system32\dllcache\wmpdxm.dll
- 2009-02-10 11:06 . 2004-08-04 18:00 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2009-02-10 11:06 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2009-02-10 11:06 . 2009-12-24 07:07 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2004-08-04 19:00 . 2010-03-11 12:38 832512 c:\windows\system32\dllcache\wininet.dll
+ 2009-02-10 11:07 . 2009-08-25 09:50 352256 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2009-02-10 11:06 . 2010-03-09 11:11 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 19:00 . 2010-03-11 12:38 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-04 19:00 . 2009-02-20 17:17 105984 c:\windows\system32\dllcache\url.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 153088 c:\windows\system32\dllcache\triedit.dll
+ 2009-02-10 11:07 . 2009-06-21 22:07 153088 c:\windows\system32\dllcache\triedit.dll
+ 2009-02-10 11:06 . 2010-02-11 12:01 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2009-02-10 11:06 . 2009-10-15 20:52 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-04 18:00 . 2009-08-26 07:16 247326 c:\windows\system32\dllcache\strmdll.dll
- 2004-08-04 18:00 . 2008-10-03 09:17 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2009-02-10 11:06 . 2009-12-31 15:14 352640 c:\windows\system32\dllcache\srv.sys
+ 2009-02-10 11:06 . 2009-12-08 08:13 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2009-02-10 11:06 . 2008-10-16 09:40 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-02-10 11:06 . 2009-06-25 07:23 168448 c:\windows\system32\dllcache\schannel.dll
+ 2009-02-10 11:06 . 2009-04-15 15:18 584192 c:\windows\system32\dllcache\rpcrt4.dll
- 2009-02-10 11:06 . 2004-08-04 18:00 112128 c:\windows\system32\dllcache\rastls.dll
+ 2009-02-10 11:06 . 2009-10-12 12:54 112128 c:\windows\system32\dllcache\rastls.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-02-10 11:06 . 2009-10-13 09:53 267264 c:\windows\system32\dllcache\oakley.dll
- 2009-02-10 11:06 . 2004-08-04 18:00 267264 c:\windows\system32\dllcache\oakley.dll
+ 2009-02-10 11:06 . 2009-02-06 17:47 408064 c:\windows\system32\dllcache\netlogon.dll
+ 2009-02-10 11:06 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-02-10 11:06 . 2009-09-11 13:13 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2004-08-04 18:00 . 2009-06-05 07:55 655872 c:\windows\system32\dllcache\mstscax.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 193024 c:\windows\system32\dllcache\msrating.dll
- 2009-02-10 11:06 . 2004-08-04 18:00 344064 c:\windows\system32\dllcache\mspaint.exe
+ 2009-02-10 11:06 . 2009-12-17 07:01 344064 c:\windows\system32\dllcache\mspaint.exe
+ 2009-02-10 11:07 . 2009-06-25 18:38 169472 c:\windows\system32\dllcache\msmqocm.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2009-02-10 09:29 . 2009-02-20 17:17 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-02-10 09:29 . 2010-03-11 12:38 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-02-10 11:06 . 2010-02-24 12:31 454016 c:\windows\system32\dllcache\mrxsmb.sys
- 2009-02-10 11:07 . 2004-08-04 19:00 472576 c:\windows\system32\dllcache\mqutil.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 472576 c:\windows\system32\dllcache\mqutil.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 186880 c:\windows\system32\dllcache\mqtrig.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 186880 c:\windows\system32\dllcache\mqtrig.dll
+ 2009-02-10 11:07 . 2009-06-22 11:49 117248 c:\windows\system32\dllcache\mqtgsvc.exe
- 2009-02-10 11:07 . 2004-08-04 18:00 117248 c:\windows\system32\dllcache\mqtgsvc.exe
+ 2009-02-10 11:07 . 2009-06-25 18:38 517120 c:\windows\system32\dllcache\mqsnap.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 123392 c:\windows\system32\dllcache\mqrtdep.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 123392 c:\windows\system32\dllcache\mqrtdep.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 661504 c:\windows\system32\dllcache\mqqm.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 225280 c:\windows\system32\dllcache\mqoa.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 225280 c:\windows\system32\dllcache\mqoa.dll
+ 2009-02-10 11:07 . 2009-06-25 18:38 138240 c:\windows\system32\dllcache\mqad.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 138240 c:\windows\system32\dllcache\mqad.dll
+ 2009-02-10 11:06 . 2009-06-25 07:23 729600 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-02-10 11:06 . 2009-05-07 15:44 344576 c:\windows\system32\dllcache\localspl.dll
+ 2009-02-10 11:07 . 2009-06-25 07:23 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-02-10 11:07 . 2009-08-13 15:25 512000 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-04 18:00 . 2010-02-23 05:20 634648 c:\windows\system32\dllcache\iexplore.exe
- 2009-02-10 09:29 . 2009-02-20 17:17 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2009-02-10 09:29 . 2010-03-11 12:38 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 192512 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-02-10 09:29 . 2010-03-11 12:38 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2004-08-04 18:00 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 18:00 . 2010-02-23 05:18 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-10-20 14:58 . 2009-10-20 14:58 263552 c:\windows\system32\dllcache\http.sys
- 2004-08-04 18:00 . 2009-02-20 17:17 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 19:00 . 2009-02-20 17:17 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 19:00 . 2010-03-11 12:38 124928 c:\windows\system32\dllcache\advpack.dll
+ 2009-02-10 11:07 . 2009-11-21 15:46 470528 c:\windows\system32\dllcache\aclayers.dll
+ 2009-02-10 11:07 . 2010-02-12 04:47 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 124928 c:\windows\system32\advpack.dll
- 2004-08-04 18:00 . 2009-02-20 17:17 124928 c:\windows\system32\advpack.dll
+ 2008-05-27 22:49 . 2008-05-27 22:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-13 18:58 . 2007-04-13 18:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-27 22:48 . 2008-05-27 22:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-13 18:56 . 2007-04-13 18:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-13 19:30 . 2007-04-13 19:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2008-05-27 23:30 . 2008-05-27 23:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-05-10 17:15 . 2010-05-10 17:15 577536 c:\windows\Installer\af862.msi
+ 2010-05-10 17:12 . 2010-05-10 17:12 180224 c:\windows\Installer\af85e.msi
+ 2010-05-07 21:55 . 2010-05-07 21:55 429568 c:\windows\Installer\21c27f0.msi
+ 2010-05-07 21:54 . 2009-03-03 00:16 826368 c:\windows\ie7updates\KB980182-IE7\wininet.dll
+ 2010-05-07 21:54 . 2009-02-20 17:17 233472 c:\windows\ie7updates\KB980182-IE7\webcheck.dll
+ 2010-05-07 21:54 . 2009-02-20 17:17 105984 c:\windows\ie7updates\KB980182-IE7\url.dll
+ 2010-05-07 21:54 . 2009-05-26 11:41 385912 c:\windows\ie7updates\KB980182-IE7\spuninst\updspapi.dll
+ 2010-05-07 21:54 . 2009-05-26 11:41 232824 c:\windows\ie7updates\KB980182-IE7\spuninst\spuninst.exe
+ 2010-05-07 21:54 . 2009-02-20 17:17 102912 c:\windows\ie7updates\KB980182-IE7\occache.dll
+ 2010-05-07 21:54 . 2009-02-20 17:17 671232 c:\windows\ie7updates\KB980182-IE7\mstime.dll
+ 2010-05-07 21:54 . 2009-02-20 17:17 193024 c:\windows\ie7updates\KB980182-IE7\msrating.dll
+ 2010-05-07 21:54 . 2009-02-20 17:17 477696 c:\windows\ie7updates\KB980182-IE7\mshtmled.dll
+ 2010-05-07 21:54 . 2009-02-20 17:17 459264 c:\windows\ie7updates\KB980182-IE7\msfeeds.dll
+ 2010-05-07 21:54 . 2009-02-28 04:54 636072 c:\windows\ie7updates\KB980182-IE7\iexplore.exe
+ 2010-05-07 21:54 . 2009-02-20 17:17 268288 c:\windows\ie7updates\KB980182-IE7\iertutil.dll
+ 2010-05-07 21:54 . 2007-08-13 16:54 191488 c:\windows\ie7updates\KB980182-IE7\iepeers.dll
+ 2010-05-07 21:54 . 2009-02-20 17:17 385024 c:\windows\ie7updates\KB980182-IE7\iedkcs32.dll
+ 2010-05-07 21:54 . 2009-02-20 17:17 383488 c:\windows\ie7updates\KB980182-IE7\ieapfltr.dll
+ 2010-05-07 21:54 . 2009-02-20 05:14 161792 c:\windows\ie7updates\KB980182-IE7\ieakui.dll
+ 2010-05-07 21:54 . 2009-02-20 17:17 230400 c:\windows\ie7updates\KB980182-IE7\ieaksie.dll
+ 2010-05-07 21:54 . 2009-02-20 17:17 153088 c:\windows\ie7updates\KB980182-IE7\ieakeng.dll
+ 2010-05-07 21:54 . 2009-02-20 17:17 133120 c:\windows\ie7updates\KB980182-IE7\extmgr.dll
+ 2010-05-07 21:54 . 2009-02-20 17:17 214528 c:\windows\ie7updates\KB980182-IE7\dxtrans.dll
+ 2010-05-07 21:54 . 2009-02-20 17:17 347136 c:\windows\ie7updates\KB980182-IE7\dxtmsft.dll
+ 2010-05-07 21:54 . 2009-02-20 17:17 124928 c:\windows\ie7updates\KB980182-IE7\advpack.dll
+ 2010-05-07 21:57 . 2010-05-07 21:57 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_80f3dcdc\System.Drawing.dll
+ 2010-05-07 21:57 . 2010-05-07 21:57 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_c4957b21\System.Drawing.Design.dll
+ 2010-05-07 21:57 . 2010-05-07 21:57 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_b6168480\CustomMarshalers.dll
+ 2009-02-10 11:07 . 2009-11-21 15:46 470528 c:\windows\AppPatch\AcLayers.dll
+ 2010-05-07 21:54 . 2009-05-26 11:41 385912 c:\windows\$hf_mig$\KB980182-IE7\update\updspapi.dll
+ 2010-05-07 21:54 . 2009-05-26 11:41 760696 c:\windows\$hf_mig$\KB980182-IE7\update\update.exe
+ 2010-05-07 21:54 . 2009-05-26 11:41 232824 c:\windows\$hf_mig$\KB980182-IE7\spuninst.exe
+ 2010-03-11 11:45 . 2010-03-11 11:45 841216 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\wininet.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 233472 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\webcheck.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 105984 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\url.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 102912 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\occache.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 671232 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mstime.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 193024 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\msrating.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 477696 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mshtmled.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 459264 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\msfeeds.dll
+ 2010-02-23 05:19 . 2010-02-23 05:20 634648 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iexplore.exe
+ 2010-03-11 11:45 . 2010-03-11 11:45 268288 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iertutil.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 193024 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iepeers.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 388608 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iedkcs32.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 380928 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieapfltr.dll
+ 2010-02-23 05:18 . 2010-02-23 05:18 161792 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieakui.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 230400 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieaksie.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 153088 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieakeng.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 132608 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\extmgr.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 214528 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\dxtrans.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 347136 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\dxtmsft.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 124928 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\advpack.dll
+ 2010-05-07 21:55 . 2009-05-26 10:41 385912 c:\windows\$hf_mig$\KB978706\update\updspapi.dll
+ 2010-05-07 21:55 . 2009-05-26 10:41 760696 c:\windows\$hf_mig$\KB978706\update\update.exe
+ 2010-05-07 21:55 . 2009-05-26 10:41 232824 c:\windows\$hf_mig$\KB978706\spuninst.exe
+ 2009-12-17 06:39 . 2009-12-17 06:39 344064 c:\windows\$hf_mig$\KB978706\SP3QFE\mspaint.exe
+ 2009-12-17 06:42 . 2009-12-17 06:43 344064 c:\windows\$hf_mig$\KB978706\SP3GDR\mspaint.exe
+ 2009-12-17 06:53 . 2009-12-17 06:53 344064 c:\windows\$hf_mig$\KB978706\SP2QFE\mspaint.exe
+ 2010-05-07 21:59 . 2009-05-26 10:41 385912 c:\windows\$hf_mig$\KB978037\update\updspapi.dll
+ 2010-05-07 21:59 . 2009-05-26 10:41 760696 c:\windows\$hf_mig$\KB978037\update\update.exe
+ 2010-05-07 21:59 . 2009-05-26 10:41 232824 c:\windows\$hf_mig$\KB978037\spuninst.exe
+ 2010-05-07 21:56 . 2009-05-26 10:41 385912 c:\windows\$hf_mig$\KB977914\update\updspapi.dll
+ 2010-05-07 21:56 . 2009-05-26 10:41 760696 c:\windows\$hf_mig$\KB977914\update\update.exe
+ 2010-05-07 21:56 . 2009-05-26 10:41 232824 c:\windows\$hf_mig$\KB977914\spuninst.exe
+ 2010-05-07 21:59 . 2009-05-26 10:41 385912 c:\windows\$hf_mig$\KB975713\update\updspapi.dll
+ 2010-05-07 21:59 . 2009-05-26 10:41 760696 c:\windows\$hf_mig$\KB975713\update\update.exe
+ 2010-05-07 21:59 . 2009-05-26 10:41 232824 c:\windows\$hf_mig$\KB975713\spuninst.exe
+ 2009-12-08 08:03 . 2009-12-08 08:03 474112 c:\windows\$hf_mig$\KB975713\SP3QFE\shlwapi.dll
+ 2009-12-08 08:25 . 2009-12-08 08:25 474112 c:\windows\$hf_mig$\KB975713\SP3GDR\shlwapi.dll
+ 2009-12-08 08:01 . 2009-12-08 08:01 474112 c:\windows\$hf_mig$\KB975713\SP2QFE\shlwapi.dll
+ 2010-05-07 21:57 . 2009-05-26 10:41 385912 c:\windows\$hf_mig$\KB975560\update\updspapi.dll
+ 2010-05-07 21:57 . 2009-05-26 10:41 760696 c:\windows\$hf_mig$\KB975560\update\update.exe
+ 2010-05-07 21:57 . 2009-05-26 10:41 232824 c:\windows\$hf_mig$\KB975560\spuninst.exe
+ 2010-05-07 21:54 . 2009-05-26 10:41 385912 c:\windows\$hf_mig$\KB975467\update\updspapi.dll
+ 2010-05-07 21:54 . 2009-05-26 10:41 760696 c:\windows\$hf_mig$\KB975467\update\update.exe
+ 2010-05-07 21:54 . 2008-07-08 12:08 232824 c:\windows\$hf_mig$\KB975467\spuninst.exe
+ 2009-09-11 13:16 . 2009-09-11 13:16 136704 c:\windows\$hf_mig$\KB975467\SP3QFE\msv1_0.dll
+ 2009-09-11 13:20 . 2009-09-11 13:20 136192 c:\windows\$hf_mig$\KB975467\SP3GDR\msv1_0.dll
+ 2010-05-07 21:58 . 2009-05-26 10:41 385912 c:\windows\$hf_mig$\KB975025\update\updspapi.dll
+ 2010-05-07 21:58 . 2009-05-26 10:41 760696 c:\windows\$hf_mig$\KB975025\update\update.exe
+ 2010-05-07 21:58 . 2009-05-26 10:41 232824 c:\windows\$hf_mig$\KB975025\spuninst.exe
+ 2010-05-07 21:58 . 2009-05-26 10:41 385912 c:\windows\$hf_mig$\KB974571\update\updspapi.dll
+ 2010-05-07 21:58 . 2009-05-26 10:41 760696 c:\windows\$hf_mig$\KB974571\update\update.exe
+ 2010-05-07 21:58 . 2009-05-26 10:41 232824 c:\windows\$hf_mig$\KB974571\spuninst.exe
+ 2010-05-07 21:56 . 2009-05-26 10:41 385912 c:\windows\$hf_mig$\KB974392\update\updspapi.dll
+ 2010-05-07 21:56 . 2009-05-26 10:41 760696 c:\windows\$hf_mig$\KB974392\update\update.exe
+ 2010-05-07 21:56 . 2009-05-26 10:41 232824 c:\windows\$hf_mig$\KB974392\spuninst.exe
+ 2009-10-13 09:39 . 2009-10-13 09:39 270848 c:\windows\$hf_mig$\KB974392\SP3QFE\oakley.dll
+ 2009-10-13 09:38 . 2009-10-13 09:38 270848 c:\windows\$hf_mig$\KB974392\SP3GDR\oakley.dll
+ 2009-10-13 09:45 . 2009-10-13 09:45 270848 c:\windows\$hf_mig$\KB974392\SP2QFE\oakley.dll
+ 2010-05-07 21:59 . 2009-05-26 10:41 385912 c:\windows\$hf_mig$\KB974318\update\updspapi.dll
+ 2010-05-07 21:59 . 2009-05-26 10:41 760696 c:\windows\$hf_mig$\KB974318\update\update.exe
+ 2010-05-07 21:59 . 2009-05-26 10:41 232824 c:\windows\$hf_mig$\KB974318\spuninst.exe
+ 2009-10-12 12:37 . 2009-10-12 12:37 150016 c:\windows\$hf_mig$\KB974318\SP3QFE\rastls.dll
+ 2009-10-12 12:40 . 2009-10-12 12:40 149504 c:\windows\$hf_mig$\KB974318\SP3GDR\rastls.dll
+ 2009-10-12 12:46 . 2009-10-12 12:46 113664 c:\windows\$hf_mig$\KB974318\SP2QFE\rastls.dll
+ 2010-05-07 21:58 . 2009-05-26 10:41 385912 c:\windows\$hf_mig$\KB974112\update\updspapi.dll
+ 2010-05-07 21:58 . 2009-05-26 10:41 760696 c:\windows\$hf_mig$\KB974112\update\update.exe
+ 2010-05-07 21:58 . 2009-05-26 10:41 232824 c:\windows\$hf_mig$\KB974112\spuninst.exe
+ 2009-08-26 07:03 . 2009-08-26 07:03 247326 c:\windows\$hf_mig$\KB974112\SP3QFE\strmdll.dll
+ 2009-08-26 07:02 . 2009-08-26 07:02 247326 c:\windows\$hf_mig$\KB974112\SP3GDR\strmdll.dll
+ 2009-08-26 06:59 . 2009-08-26 06:59 247326 c:\windows\$hf_mig$\KB974112\SP2QFE\strmdll.dll
+ 2010-05-07 21:55 . 2009-05-26 11:41 385912 c:\windows\$hf_mig$\KB973815\update\updspapi.dll
+ 2010-05-07 21:55 . 2009-05-26 11:41 760696 c:\windows\$hf_mig$\KB973815\update\update.exe
+ 2010-05-07 21:55 . 2009-05-26 11:41 232824 c:\windows\$hf_mig$\KB973815\spuninst.exe
+ 2009-08-05 08:53 . 2009-08-05 08:53 204800 c:\windows\$hf_mig$\KB973815\SP3QFE\mswebdvd.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\$hf_mig$\KB973815\SP3GDR\mswebdvd.dll
+ 2009-08-05 08:52 . 2009-08-05 08:52 204800 c:\windows\$hf_mig$\KB973815\SP2QFE\mswebdvd.dll
+ 2010-05-07 21:57 . 2009-05-26 11:41 385912 c:\windows\$hf_mig$\KB973507\update\updspapi.dll
+ 2010-05-07 21:57 . 2009-05-26 11:41 760696 c:\windows\$hf_mig$\KB973507\update\update.exe
+ 2010-05-07 21:57 . 2009-05-26 11:41 232824 c:\windows\$hf_mig$\KB973507\spuninst.exe
+ 2010-05-07 21:59 . 2009-05-26 11:41 385912 c:\windows\$hf_mig$\KB971657\update\updspapi.dll
+ 2010-05-07 21:59 . 2009-05-26 11:41 760696 c:\windows\$hf_mig$\KB971657\update\update.exe
+ 2010-05-07 21:59 . 2008-07-08 13:08 232824 c:\windows\$hf_mig$\KB971657\spuninst.exe
+ 2009-06-10 06:20 . 2009-06-10 06:20 134144 c:\windows\$hf_mig$\KB971657\SP3QFE\wkssvc.dll
+ 2009-06-10 06:16 . 2009-06-10 06:16 132096 c:\windows\$hf_mig$\KB971657\SP3GDR\wkssvc.dll
+ 2009-06-10 06:27 . 2009-06-10 06:27 134144 c:\windows\$hf_mig$\KB971657\SP2QFE\wkssvc.dll
+ 2010-05-07 21:55 . 2007-03-06 02:03 374496 c:\windows\$hf_mig$\KB971032\update\updspapi.dll
+ 2010-05-07 21:55 . 2007-03-06 02:02 721120 c:\windows\$hf_mig$\KB971032\update\update.exe
+ 2010-05-07 21:55 . 2007-03-06 02:01 214752 c:\windows\$hf_mig$\KB971032\spuninst.exe
+ 2009-06-25 18:33 . 2009-06-25 18:33 169472 c:\windows\$hf_mig$\KB971032\SP2QFE\msmqocm.dll
+ 2009-06-25 18:33 . 2009-06-25 18:33 472576 c:\windows\$hf_mig$\KB971032\SP2QFE\mqutil.dll
+ 2009-06-25 18:33 . 2009-06-25 18:33 186880 c:\windows\$hf_mig$\KB971032\SP2QFE\mqtrig.dll
+ 2009-06-22 11:30 . 2009-06-22 11:30 117248 c:\windows\$hf_mig$\KB971032\SP2QFE\mqtgsvc.exe
+ 2009-06-25 18:33 . 2009-06-25 18:33 517120 c:\windows\$hf_mig$\KB971032\SP2QFE\mqsnap.dll
+ 2009-06-25 18:33 . 2009-06-25 18:33 123392 c:\windows\$hf_mig$\KB971032\SP2QFE\mqrtdep.dll
+ 2009-06-25 18:33 . 2009-06-25 18:33 177152 c:\windows\$hf_mig$\KB971032\SP2QFE\mqrt.dll
+ 2009-06-25 18:33 . 2009-06-25 18:33 661504 c:\windows\$hf_mig$\KB971032\SP2QFE\mqqm.dll
+ 2009-06-25 18:33 . 2009-06-25 18:33 225280 c:\windows\$hf_mig$\KB971032\SP2QFE\mqoa.dll
+ 2009-06-25 18:33 . 2009-06-25 18:33 138240 c:\windows\$hf_mig$\KB971032\SP2QFE\mqad.dll
+ 2010-05-07 21:56 . 2007-11-30 12:39 385912 c:\windows\$hf_mig$\KB970238\update\updspapi.dll
+ 2010-05-07 21:56 . 2007-11-30 12:39 760696 c:\windows\$hf_mig$\KB970238\update\update.exe
+ 2010-05-07 21:56 . 2007-11-30 12:39 232824 c:\windows\$hf_mig$\KB970238\spuninst.exe
+ 2009-04-15 15:26 . 2009-04-15 15:26 585216 c:\windows\$hf_mig$\KB970238\SP3QFE\rpcrt4.dll
+ 2009-04-15 14:55 . 2009-04-15 14:55 585216 c:\windows\$hf_mig$\KB970238\SP3GDR\rpcrt4.dll
+ 2009-04-15 09:56 . 2009-04-15 09:56 354304 c:\windows\$hf_mig$\KB970238\SP2QFE\spru0414.dll
+ 2009-04-15 15:31 . 2009-04-15 15:31 583168 c:\windows\$hf_mig$\KB970238\SP2QFE\rpcrt4.dll
+ 2010-05-07 21:53 . 2009-05-26 10:41 385912 c:\windows\$hf_mig$\KB969947\update\updspapi.dll
+ 2010-05-07 21:53 . 2009-05-26 10:41 760696 c:\windows\$hf_mig$\KB969947\update\update.exe
+ 2010-05-07 21:53 . 2008-07-08 12:08 232824 c:\windows\$hf_mig$\KB969947\spuninst.exe
+ 2010-05-07 21:59 . 2009-05-26 10:41 385912 c:\windows\$hf_mig$\KB969059\update\updspapi.dll
+ 2010-05-07 21:59 . 2009-05-26 10:41 760696 c:\windows\$hf_mig$\KB969059\update\update.exe
+ 2010-05-07 21:59 . 2008-07-08 12:08 232824 c:\windows\$hf_mig$\KB969059\spuninst.exe
+ 2010-05-07 21:54 . 2009-05-26 10:41 385912 c:\windows\$hf_mig$\KB968389\update\updspapi.dll
+ 2010-05-07 21:54 . 2009-05-26 10:41 760696 c:\windows\$hf_mig$\KB968389\update\update.exe
+ 2010-05-07 21:54 . 2008-07-08 12:08 232824 c:\windows\$hf_mig$\KB968389\spuninst.exe
+ 2009-06-25 07:42 . 2009-06-25 07:42 147456 c:\windows\$hf_mig$\KB968389\SP3QFE\schannel.dll
+ 2009-06-25 07:42 . 2009-06-25 07:42 136704 c:\windows\$hf_mig$\KB968389\SP3QFE\msv1_0.dll
+ 2009-06-26 08:43 . 2009-06-26 08:43 730112 c:\windows\$hf_mig$\KB968389\SP3QFE\lsasrv.dll
+ 2009-06-25 07:42 . 2009-06-25 07:42 301568 c:\windows\$hf_mig$\KB968389\SP3QFE\kerberos.dll
+ 2009-06-25 07:27 . 2009-06-25 07:27 147456 c:\windows\$hf_mig$\KB968389\SP3GDR\schannel.dll
+ 2009-06-25 07:27 . 2009-06-25 07:27 136192 c:\windows\$hf_mig$\KB968389\SP3GDR\msv1_0.dll
+ 2009-06-25 07:27 . 2009-06-25 07:27 730112 c:\windows\$hf_mig$\KB968389\SP3GDR\lsasrv.dll
+ 2009-06-25 07:27 . 2009-06-25 07:27 301568 c:\windows\$hf_mig$\KB968389\SP3GDR\kerberos.dll
+ 2010-05-07 21:58 . 2008-07-09 07:44 385912 c:\windows\$hf_mig$\KB961501\update\updspapi.dll
+ 2010-05-07 21:58 . 2008-07-09 07:44 760696 c:\windows\$hf_mig$\KB961501\update\update.exe
+ 2010-05-07 21:58 . 2008-07-09 07:44 232824 c:\windows\$hf_mig$\KB961501\spuninst.exe
+ 2009-05-07 15:16 . 2009-05-07 15:16 346624 c:\windows\$hf_mig$\KB961501\SP3QFE\localspl.dll
+ 2009-05-07 15:34 . 2009-05-07 15:34 346112 c:\windows\$hf_mig$\KB961501\SP3GDR\localspl.dll
+ 2009-05-07 15:31 . 2009-05-07 15:31 346624 c:\windows\$hf_mig$\KB961501\SP2QFE\localspl.dll
+ 2010-05-07 22:00 . 2009-05-26 11:41 385912 c:\windows\$hf_mig$\KB960859\update\updspapi.dll
+ 2010-05-07 22:00 . 2009-05-26 11:41 760696 c:\windows\$hf_mig$\KB960859\update\update.exe
+ 2010-05-07 22:00 . 2008-07-08 13:08 232824 c:\windows\$hf_mig$\KB960859\spuninst.exe
+ 2010-03-04 22:49 . 2009-08-13 12:56 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-20 22:03 . 2009-07-20 22:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2009-02-10 11:06 . 2009-05-26 14:51 2174976 c:\windows\system32\WMVCore.dll
+ 2009-02-10 11:07 . 2010-02-16 05:27 4734976 c:\windows\system32\wmp.dll
+ 2009-02-10 11:06 . 2009-08-14 14:25 1850112 c:\windows\system32\win32k.sys
+ 2004-08-04 18:00 . 2010-03-11 12:38 1168384 c:\windows\system32\urlmon.dll
- 2009-02-10 11:06 . 2004-08-04 18:00 1436672 c:\windows\system32\query.dll
+ 2009-02-10 11:06 . 2009-07-17 15:28 1436672 c:\windows\system32\query.dll
+ 2009-02-10 11:06 . 2009-11-27 16:35 1294336 c:\windows\system32\quartz.dll
+ 2009-07-20 22:05 . 2009-07-20 22:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-04 18:00 . 2009-07-31 04:00 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 3599872 c:\windows\system32\mshtml.dll
+ 2007-08-13 16:54 . 2010-03-11 12:38 6067200 c:\windows\system32\ieframe.dll
+ 2007-02-12 14:10 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat
+ 2009-02-10 11:06 . 2009-05-26 14:51 2174976 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-02-10 11:07 . 2010-02-16 05:27 4734976 c:\windows\system32\dllcache\wmp.dll
+ 2009-02-10 11:06 . 2009-08-14 14:25 1850112 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 19:00 . 2010-03-11 12:38 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2009-02-10 11:06 . 2009-07-17 15:28 1436672 c:\windows\system32\dllcache\query.dll
- 2009-02-10 11:06 . 2004-08-04 18:00 1436672 c:\windows\system32\dllcache\query.dll
+ 2009-02-10 11:06 . 2009-11-27 16:35 1294336 c:\windows\system32\dllcache\quartz.dll
+ 2009-02-10 11:07 . 2010-02-16 19:28 2188672 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-02-10 11:07 . 2010-02-16 19:28 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-10 11:07 . 2010-02-17 12:28 2065536 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-02-10 11:07 . 2010-02-16 19:28 2145792 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-04 18:00 . 2009-07-31 04:00 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-02-10 11:07 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2004-08-04 18:00 . 2010-03-11 12:38 3599872 c:\windows\system32\dllcache\mshtml.dll
- 2009-02-10 11:07 . 2004-08-04 18:00 3555328 c:\windows\system32\dllcache\moviemk.exe
+ 2009-02-10 11:07 . 2009-10-23 13:27 3555328 c:\windows\system32\dllcache\moviemk.exe
+ 2009-02-10 09:29 . 2010-03-11 12:38 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2009-02-10 09:29 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2008-05-27 23:35 . 2008-05-27 23:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-13 19:35 . 2007-04-13 19:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-27 23:35 . 2008-05-27 23:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-13 19:35 . 2007-04-13 19:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-13 18:57 . 2007-04-13 18:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-27 22:48 . 2008-05-27 22:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-27 22:48 . 2008-05-27 22:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-13 18:57 . 2007-04-13 18:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-27 22:43 . 2008-05-27 22:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2007-04-13 18:50 . 2007-04-13 18:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-05-07 21:54 . 2009-02-20 17:17 1160192 c:\windows\ie7updates\KB980182-IE7\urlmon.dll
+ 2010-05-07 21:54 . 2009-02-20 17:17 3595264 c:\windows\ie7updates\KB980182-IE7\mshtml.dll
+ 2010-05-07 21:54 . 2009-02-20 17:17 6066176 c:\windows\ie7updates\KB980182-IE7\ieframe.dll
+ 2010-05-07 21:54 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB980182-IE7\ieapfltr.dat
+ 2010-05-07 21:57 . 2010-05-07 21:57 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_c4d51c0b\System.dll
+ 2010-05-07 21:56 . 2010-05-07 21:56 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2b4ecdb0\System.dll
+ 2010-05-07 21:57 . 2010-05-07 21:57 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_75ca896d\System.Xml.dll
+ 2010-05-07 21:57 . 2010-05-07 21:57 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_083a21d6\System.Xml.dll
+ 2010-05-07 21:57 . 2010-05-07 21:57 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6fc18ff4\System.Windows.Forms.dll
+ 2010-05-07 21:57 . 2010-05-07 21:57 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_58e21daa\System.Windows.Forms.dll
+ 2010-05-07 21:57 . 2010-05-07 21:57 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_61ab362e\System.Drawing.dll
+ 2010-05-07 21:57 . 2010-05-07 21:57 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_ae0386cc\System.Design.dll
+ 2010-05-07 21:57 . 2010-05-07 21:57 1466368 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_84b2778a\System.Design.dll
+ 2010-05-07 21:57 . 2010-05-07 21:57 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_de96c8bc\mscorlib.dll
+ 2010-05-07 21:57 . 2010-05-07 21:57 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2cc0bf0e\mscorlib.dll
- 2009-01-29 16:00 . 2009-01-29 16:00 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-05-07 21:56 . 2010-05-07 21:56 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-01-29 16:00 . 2009-01-29 16:00 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-05-07 21:56 . 2010-05-07 21:56 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 1171968 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\urlmon.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 3602944 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mshtml.dll
+ 2010-03-11 11:45 . 2010-03-11 11:45 6070784 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieframe.dll
+ 2009-06-29 07:24 . 2009-06-29 07:24 2452872 c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\ieapfltr.dat
+ 2009-11-27 16:25 . 2009-11-27 16:25 1294848 c:\windows\$hf_mig$\KB975560\SP3QFE\quartz.dll
+ 2009-11-27 16:14 . 2009-11-27 16:14 1294848 c:\windows\$hf_mig$\KB975560\SP3GDR\quartz.dll
+ 2009-11-27 16:11 . 2009-11-27 16:11 1294848 c:\windows\$hf_mig$\KB975560\SP2QFE\quartz.dll
+ 2009-08-14 15:00 . 2009-08-14 15:00 1859712 c:\windows\$hf_mig$\KB969947\SP3QFE\win32k.sys
+ 2009-08-14 14:16 . 2009-08-14 14:16 1850624 c:\windows\$hf_mig$\KB969947\SP3GDR\win32k.sys
+ 2009-08-14 14:07 . 2009-08-14 14:07 1859328 c:\windows\$hf_mig$\KB969947\SP2QFE\win32k.sys
+ 2009-07-17 15:03 . 2009-07-17 15:03 1436672 c:\windows\$hf_mig$\KB969059\SP3QFE\query.dll
+ 2009-07-17 15:22 . 2009-07-17 15:22 1436672 c:\windows\$hf_mig$\KB969059\SP3GDR\query.dll
+ 2009-07-17 15:14 . 2009-07-17 15:14 1436672 c:\windows\$hf_mig$\KB969059\SP2QFE\query.dll
+ 2009-02-10 09:04 . 2010-04-06 08:52 31971272 c:\windows\system32\MRT.exe
+ 2009-08-10 19:08 . 2009-08-10 19:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-08-10 12:09 . 2009-08-10 12:09 17254912 c:\windows\Installer\21c2807.msp
.
-- Snapshot resatt til dagens dato --
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programfiler\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 344064]
"SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-07 23:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BTTray.lnk]
path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^NetScreen-Remote.lnk]
path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\NetScreen-Remote.lnk
backup=c:\windows\pss\NetScreen-Remote.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
2006-01-16 09:58 3080192 ----a-w- c:\acer\Empowering Technology\ePower\Acer ePower Management.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADMTray.exe]
2005-10-24 14:45 2462208 ----a-w- c:\acer\Empowering Technology\admtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-04 18:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2005-12-27 13:50 69632 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2006-01-17 16:28 344064 ----a-w- c:\acer\Empowering Technology\ePower\ePower_DMC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2006-01-24 16:00 397312 ----a-w- c:\acer\Empowering Technology\eRecovery\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GraviSense]
2005-12-15 18:42 4132864 ----a-w- c:\acer\GraviSense\GraviSense.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-11-28 11:52 77824 ------w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-11-28 11:55 118784 ------w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-11-28 11:55 98304 ------w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 18:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2005-12-13 15:49 397312 ----a-w- c:\programfiler\Launch Manager\QtZgAcer.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
2005-11-29 12:45 438272 ----a-w- c:\programfiler\Acer\OrbiCam\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
2004-11-01 15:22 262144 ----a-w- c:\windows\system32\ElkCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
2005-11-29 12:51 73728 ----a-w- c:\programfiler\Acer\OrbiCam\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-07-24 16:46 63048 ----a-w- c:\programfiler\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-11-30 18:39 225280 ----a-w- c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 23:15 1667584 ----a-w- c:\programfiler\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-04 18:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 18:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 18:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ----a-w- c:\programfiler\filer\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-01-08 05:16 692315 ----a-w- c:\programfiler\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-01-08 05:17 102491 ----a-w- c:\programfiler\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"LVPrcSrv"=2 (0x2)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"btwdins"=2 (0x2)
"AWService"=2 (0x2)
"UPS"=3 (0x3)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SCardSvr"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"mnmsrvc"=3 (0x3)
"Irmon"=2 (0x2)
"IreIKE"=2 (0x2)
"IPSECMON"=2 (0x2)
"Fax"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"CiSvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\programfiler\Juniper\NetScreen-Remote\CmonApp.exe"= c:\programfiler\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Disabled:CMonApp
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Juniper\\NetScreen-Remote\\IreIKE.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\programfiler\Juniper\NetScreen-Remote\ViewLog.exe"= c:\programfiler\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Disabled:ViewLog
"c:\programfiler\Juniper\NetScreen-Remote\Vpn.exe"= c:\programfiler\Juniper\NetScreen-Remote\Vpn.exe:127.0.0.1/255.255.255.255:Disabled:VPN Connection Manager
"c:\\Programfiler\\Messenger\\MSMSGS.EXE"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [31.03.2009 12:05 28544]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programfiler\Avira\AntiVir Desktop\sched.exe [07.03.2010 03:30 108289]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [10.12.2008 12:55 521786]
R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [10.12.2008 12:55 119864]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programfiler\LogMeIn\x86\rainfo.sys [24.07.2008 18:46 12856]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [10.12.2008 12:55 36188]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [10.12.2008 12:28 1088896]
S2 gsensor;gsensor;\??\c:\windows\system32\gsensor.sys --> c:\windows\system32\gsensor.sys [?]

--- Andre tjenester/drivere lastet i minnet ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://f-b.no/apps/pbcs.dll/forside
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send til &Bluetooth-enhet... - c:\programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Carsten\Programdata\Mozilla\Firefox\Profiles\mq8vn5fs.default\
FF - plugin: c:\programfiler\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npdeployJava1.dll
.
- - - - TOMME PEKERE FJERNET - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\programfiler\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-10 19:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(1300)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Tidspunkt ferdig: 2010-05-10 19:30:03
ComboFix-quarantined-files.txt 2010-05-10 17:30
ComboFix2.txt 2010-04-27 11:54
ComboFix3.txt 2010-04-27 11:54

Pre-Run: 23 046 946 816 byte ledig
Post-Run: 23 006 248 960 byte ledig

- - End Of File - - 85FC113BBD986D24522E68F9A6306B58


#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:46 PM

Posted 10 May 2010 - 01:32 PM

That's actually the work of ComboFix.....there might also be a/another IE icon on your desktop as well.

I see you have rsit on board....if you'd like, post a HijackThis log and I'll see what might be turned off at startup to help things. However, The ComboFix log shows lots of things already stopped with msconfig....so did you reset it to normal yourself? For example :
QUOTE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GraviSense]
2005-12-15 18:42 4132864 ----a-w- c:\acer\GraviSense\GraviSense.exe


One more thing....are you hinting that you're going to reinstall the OS again? If so, please let me know so I don't break my brain trying to speed your system up. laugh.gif

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 Sevenfold

Sevenfold
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 10 May 2010 - 03:10 PM

I clicked normal startup in msconfig after that combofix-log.

I was hoping to avoid reinstalling Windows (and all the other software). However I do believe that tweaking the system by turning off services and startup programs will not help (much). The computer is running at <4% cpu and about 500Mb of memory usage leaving about 10Mb to the pagefile. Also I have already done a selective startup by msconfig -> diagnostic startup (turn off everything) + reenabling all services, hiding everything microsoft related and then turning off all services. Then I have enabled Avira and Wireless networking so that the computer can be used to basic internet activity to test performance and it's still not as desired.

I'm just all out of ideas how this can be fixed.

Rsit log, normal startup (Winpcap is back???).


#12 Sevenfold

Sevenfold
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 10 May 2010 - 03:26 PM

Sorry, I had to hit the reply button as I had done a new fullscan with gmer and the computer started freezing up on me. I had to do a reset and then wait for chkdsk to complete.

Guess what? All the entries in the registry we tried to fix is back again. wacko.gif

Here's the rsit log attached as I'm redirected to a post by Grinler complaining about outdated HijackThis.

Attached Files

  • Attached File  rsit.txt   32.38KB   8 downloads


#13 Sevenfold

Sevenfold
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 10 May 2010 - 03:40 PM

Those entries in the registry is back instantly even when manually deleted.

That's really strange.

Edit: They should all be there?

Edited by Sevenfold, 10 May 2010 - 04:15 PM.


#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:46 PM

Posted 10 May 2010 - 03:50 PM

Thanks...it makes sense, but I wanted to be sure of what I was seeing. smile.gif

Check these with HijackThis then reboot. It just stops them from auto starting, and you can call them any time you want/need to :

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programfiler\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE


You may not get gmer to run with everything checked.....it doesn't mean there's anything wrong, it just acts that way sometimes.

Do a Windows search for a couple of those programs and see what comes up....ie > McAfee, Ahnlabs, etc....

Also, have a look here and see if there's anything new to try :

http://miekiemoes.blogspot.com/2008/02/hel...er-is-slow.html
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 Sevenfold

Sevenfold
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 10 May 2010 - 05:02 PM

I know what jusched.exe is, but not the other entries.

I did search for all those security related names and only came up with what you see in the attachment. (translation: Fellesfiler = Commonfiles)

Finally I found nothing new to try that was any help.

Winpcap is back? (in the rsit log).

Attached Files


Edited by Sevenfold, 10 May 2010 - 05:03 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users