Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Packed.Win32.Katusha.j Trojan


  • This topic is locked This topic is locked
30 replies to this topic

#1 Lou Lessing

Lou Lessing

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 22 May 2010 - 12:58 PM

So I got an Antispyware Soft infection a few days ago, and managed to clear it with Spybot, MalwareBytes, and CA Antivirus. However, among the opportunistic infections there was this extremely persistent trojan. MalwareBytes and Spybot don't even see it, CA found 510 instances of it but doesn't know what it is or what to do with it.

Thanks for giving me a hand, I really appreciate it.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Lou at 13:09:21.79 on Sat 05/22/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3325.2101 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: CA Anti-Spyware *enabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Philips\Philips SPC1300NC Webcam\TrayMin1300.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\System32\svchost.exe"
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Lou\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=C-142XL
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=C-142XL
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=C-142XL
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [Google Update] "c:\users\lou\appdata\local\google\update\GoogleUpdate.exe" /c
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\traymi~1.lnk - c:\program files\philips\philips spc1300nc webcam\TrayMin1300.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\VetRedir.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: psfus - c:\windows\system32\psqlpwd.dll
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\lou\appdata\roaming\mozilla\firefox\profiles\6n4jtiuu.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\users\lou\appdata\roaming\mozilla\firefox\profiles\6n4jtiuu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\users\lou\appdata\roaming\mozilla\firefox\profiles\6n4jtiuu.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\gametap\bin\release\npgametaptool.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\users\lou\appdata\local\google\update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\users\lou\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\lou\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\lou\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {CC261D0D-CE6F-4630-BC67-4A6BACBC74A9} - c:\users\lou\appdata\local\{cc261d0d-ce6f-4630-bc67-4a6bacbc74a9}\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2009-12-23 132088]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2009-12-23 78840]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2010-2-20 212992]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2010-2-20 206160]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-11-23 1153368]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-12-7 1373480]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-8-4 887288]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2009-7-13 760664]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2009-7-27 227832]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2009-9-30 239608]
R3 MSTabBtn;Quanta Computer Tablet PC Buttons HID Driver;c:\windows\system32\drivers\mstabbtn.sys [2008-3-21 10496]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2008-7-31 11048]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2008-7-31 14120]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\drivers\SMARTVTabletPCx86.sys [2008-7-31 16808]
R3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2009-12-7 30248]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 KmxAMVet;KmxAMVet;c:\windows\system32\drivers\KmxAMVet.sys [2009-3-27 598656]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\drivers\phaudlwr.sys [2009-1-6 88320]
S3 SPC1300;USB2.0 PC Camera (SPC1300);c:\windows\system32\drivers\spc1300.sys [2009-1-6 3033728]

=============== Created Last 30 ================

2010-05-22 17:03:08 20 ----a-w- c:\users\lou\defogger_reenable
2010-05-21 23:56:03 0 d-----w- c:\program files\Uru Live
2010-05-20 18:46:51 105 ----a-w- c:\windows\wininit.ini
2010-05-20 11:35:30 0 d-----w- c:\users\lou\appdata\roaming\Malwarebytes
2010-05-20 01:54:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-20 01:54:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-20 01:54:31 0 d-----w- c:\programdata\Malwarebytes
2010-05-20 01:54:31 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-20 01:33:36 823808 ----a-w- c:\windows\system32\drivers\opdgzwu.sys
2010-05-20 01:33:35 40960 ---ha-w- c:\windows\system32\clipantz.dll
2010-05-20 01:33:33 20 ----a-w- c:\users\lou\appdata\roaming\wpcalv.dat
2010-05-20 01:33:18 0 d-----w- c:\users\lou\appdata\roaming\419DEFA8BE34CF23AF0751BBA2F1B595
2010-05-13 02:08:36 0 d-----w- c:\program files\Penumbra Overture
2010-05-03 04:27:00 527760 ----a-w- c:\users\lou\.recently-used.xbel
2010-05-02 17:17:53 0 d-----w- c:\programdata\Farbs
2010-05-02 17:17:41 0 d-----w- c:\program files\ROM CHECK FAIL
2010-04-26 04:11:34 0 d-----w- c:\users\lou\.javaws
2010-04-24 07:35:03 0 d-----w- c:\program files\ProFantasy

==================== Find3M ====================

2010-05-13 02:12:48 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-13 02:12:48 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-11 01:48:40 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-11 01:48:40 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-10 22:43:25 86016 ----a-w- c:\windows\inf\infstor.dat
2008-07-25 07:12:10 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:11:58.08 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:49 AM

Posted 23 May 2010 - 11:52 PM

Hello Lou Lessing,

You have a nasty rootkit on this computer, so we will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your CA Anti-Virus Plus before running ComboFix, as it will prevent it from running.

Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop. <==IMPORTANT

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log. The log will be save as C:\ComboFix.txt


If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Lou Lessing

Lou Lessing
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 29 May 2010 - 05:47 PM

Seems to have worked perfectly. Everything seems back in order. Thanks so much!

ComboFix 10-05-29.03 - Lou 05/29/2010 18:24:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3325.2010 [GMT -4:00]
Running from: c:\users\Lou\Desktop\ComboFix.exe
SP: CA Anti-Spyware *enabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Lou\AppData\Local\{CC261D0D-CE6F-4630-BC67-4A6BACBC74A9}
c:\users\Lou\AppData\Local\{CC261D0D-CE6F-4630-BC67-4A6BACBC74A9}\chrome.manifest
c:\users\Lou\AppData\Local\{CC261D0D-CE6F-4630-BC67-4A6BACBC74A9}\chrome\content\_cfg.js
c:\users\Lou\AppData\Local\{CC261D0D-CE6F-4630-BC67-4A6BACBC74A9}\chrome\content\overlay.xul
c:\users\Lou\AppData\Local\{CC261D0D-CE6F-4630-BC67-4A6BACBC74A9}\install.rdf
c:\users\Lou\AppData\Local\dkdswlomp
c:\users\Lou\AppData\Local\dkdswlomp\nrhgvyltssd.exe
D:\Autorun.inf

Infected copy of c:\windows\system32\drivers\ecache.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-29 )))))))))))))))))))))))))))))))
.

2010-05-29 22:37 . 2010-05-29 22:38 -------- d-----w- c:\users\Lou\AppData\Local\temp
2010-05-29 22:37 . 2010-05-29 22:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-29 22:37 . 2010-05-29 22:37 -------- d-----w- c:\users\Sam\AppData\Local\temp
2010-05-29 22:37 . 2010-05-29 22:37 -------- d-----w- c:\users\Debby\AppData\Local\temp
2010-05-29 22:37 . 2010-05-29 22:37 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-05-29 22:16 . 2010-05-23 21:50 73216 ----a-w- c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-05-29 22:16 . 2010-04-18 18:33 307200 ----a-w- c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2010-05-29 22:16 . 2010-04-18 18:33 172032 ----a-w- c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2010-05-21 23:56 . 2010-05-23 03:30 -------- d-----w- c:\program files\Uru Live
2010-05-20 11:35 . 2010-05-20 11:35 -------- d-----w- c:\users\Lou\AppData\Roaming\Malwarebytes
2010-05-20 01:54 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-20 01:54 . 2010-05-20 01:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-20 01:54 . 2010-05-20 01:54 -------- d-----w- c:\programdata\Malwarebytes
2010-05-20 01:54 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-20 01:33 . 2010-05-20 01:33 40960 ---ha-w- c:\windows\system32\clipantz.dll
2010-05-20 01:33 . 2010-05-20 01:33 -------- d-----w- c:\users\Lou\AppData\Roaming\419DEFA8BE34CF23AF0751BBA2F1B595
2010-05-15 16:38 . 2010-05-15 16:40 20854256 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-05-15 16:38 . 2010-05-15 16:38 13407072 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-05-14 18:02 . 2010-05-14 18:02 -------- d-----w- c:\users\Lou\AppData\Local\TAPtapTAPtapTAPtapTAP
2010-05-14 15:37 . 2010-05-14 15:37 -------- d-----w- c:\users\Lou\AppData\Local\Installer5404
2010-05-13 02:08 . 2010-05-13 02:11 -------- d-----w- c:\program files\Penumbra Overture
2010-05-02 17:17 . 2010-05-02 17:17 -------- d-----w- c:\programdata\Farbs
2010-05-02 17:17 . 2010-05-02 17:17 -------- d-----w- c:\program files\ROM CHECK FAIL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-29 22:22 . 2009-12-07 14:22 -------- d-----w- c:\users\Lou\AppData\Roaming\WTablet
2010-05-29 22:20 . 2008-03-21 13:17 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-29 22:16 . 2010-02-21 06:40 188152 ----a-w- c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\FlashGot.exe
2010-05-28 22:59 . 2008-07-24 17:35 -------- d-----w- c:\program files\Steam
2010-05-28 22:58 . 2009-12-23 06:32 -------- d-----w- c:\users\Sam\AppData\Roaming\WTablet
2010-05-28 12:46 . 2009-01-22 03:19 1 ----a-w- c:\users\Lou\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-28 12:46 . 2009-06-20 21:39 -------- d-----w- c:\users\Lou\AppData\Roaming\Skype
2010-05-28 12:30 . 2009-06-20 21:40 -------- d-----w- c:\users\Lou\AppData\Roaming\skypePM
2010-05-25 23:40 . 2009-02-01 21:23 -------- d-----w- c:\users\Lou\AppData\Roaming\foobar2000
2010-05-25 11:01 . 2008-07-27 22:08 -------- d-----w- c:\users\Lou\AppData\Roaming\gtk-2.0
2010-05-23 02:41 . 2008-10-18 19:24 -------- d-----w- c:\users\Sam\AppData\Roaming\gtk-2.0
2010-05-21 11:35 . 2009-08-26 03:44 -------- d-----w- c:\users\Lou\AppData\Roaming\Nettalk
2010-05-20 01:43 . 2008-10-27 02:30 -------- d-----w- c:\users\Lou\AppData\Roaming\BitTorrent
2010-05-20 01:40 . 2008-10-27 02:30 -------- d-----w- c:\users\Lou\AppData\Roaming\DNA
2010-05-20 01:33 . 2010-05-20 01:33 20 ----a-w- c:\users\Lou\AppData\Roaming\wpcalv.dat
2010-05-16 04:14 . 2008-10-27 02:30 -------- d-----w- c:\program files\DNA
2010-05-14 18:32 . 2008-08-16 22:32 -------- d-----w- c:\program files\Multimedia Fusion 2
2010-05-14 15:36 . 2008-03-21 13:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-13 02:12 . 2008-07-29 11:39 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-13 02:12 . 2008-07-29 11:39 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-09 05:07 . 2010-03-10 20:44 439816 ----a-w- c:\users\Lou\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-04-24 07:36 . 2010-04-24 07:35 -------- d-----w- c:\program files\ProFantasy
2010-04-23 02:32 . 2010-04-23 02:32 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-22 02:45 . 2010-02-27 03:21 -------- d-----w- c:\program files\Inspiration 8 Trial
2010-04-20 04:58 . 2008-08-03 08:00 -------- d-----w- c:\program files\AVS4YOU
2010-04-19 18:59 . 2010-04-19 18:59 255472 ----a-w- c:\users\Lou\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-04-18 05:10 . 2010-03-04 02:25 439816 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-04-05 03:28 . 2010-02-22 01:32 -------- d-----w- c:\program files\Warcraft III
2010-04-04 21:32 . 2010-03-07 18:09 1 ----a-w- c:\users\Sam\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-01 12:47 . 2008-03-21 13:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-26 03:52 . 2010-03-26 03:52 8405312 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-26 03:52 . 2010-03-26 03:52 149000 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-26 03:52 . 2010-03-26 03:52 79368 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe
2010-03-26 03:52 . 2010-03-26 03:52 64000 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-26 03:52 . 2010-03-26 03:52 52288 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-26 03:52 . 2010-03-26 03:52 50688 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-26 03:52 . 2010-03-26 03:52 49152 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-26 03:52 . 2010-03-26 03:52 118784 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-25 15:27 . 2010-04-09 20:29 1107264 ----a-w- c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-29 02:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-29 02:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Lou\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-07 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]

c:\users\Debby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
TrayMin1300.lnk - c:\program files\Philips\Philips SPC1300NC Webcam\TrayMin1300.exe [2009-1-6 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-29 02:46 90112 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
attrmrt REG_SZ c:\windows\system32\clipantz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-6683308-3889578530-3044928126-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 KmxAMVet;KmxAMVet;c:\windows\system32\Drivers\KmxAMVet.sys [2009-03-27 598656]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 NVIDIAHWAccess;NVIDIAHWAccess;c:\users\Lou\AppData\Roaming\NVIDIA\HWAccess.sys [x]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2007-07-16 88320]
R3 SPC1300;USB2.0 PC Camera (SPC1300);c:\windows\system32\DRIVERS\spc1300.sys [2007-10-18 3033728]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-08 721904]
S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys [2009-12-23 132088]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2009-12-23 78840]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2010-04-22 206160]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-09-07 1373480]
S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2009-08-04 887288]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2009-07-13 760664]
S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2009-07-27 227832]
S3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2009-09-30 239608]
S3 MSTabBtn;Quanta Computer Tablet PC Buttons HID Driver;c:\windows\system32\DRIVERS\mstabbtn.sys [2007-03-09 10496]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2008-07-31 11048]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2008-07-31 14120]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2008-07-31 16808]
S3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\DRIVERS\wisdpen.sys [2007-07-30 30248]


--- Other Services/Drivers In Memory ---

*Deregistered* - opdgzwu

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-6683308-3889578530-3044928126-1000Core.job
- c:\users\Lou\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-07 02:18]

2010-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-6683308-3889578530-3044928126-1000UA.job
- c:\users\Lou\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-07 02:18]

2010-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-6683308-3889578530-3044928126-1001Core.job
- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 01:45]

2010-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-6683308-3889578530-3044928126-1001UA.job
- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 01:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\GameTap\bin\Release\npgametaptool.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Lou\AppData\Local\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\users\Lou\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Lou\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\Lou\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
AddRemove-FastCAD - c:\program files\ProFantasy\CC3\UNINST.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-29 18:38
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\opdgzwu]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-6683308-3889578530-3044928126-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2277A9DF-385D-864C-096F-3E7A78B30374}*]
"hahihlfipdnjkldl"=hex:6a,61,6e,66,62,6a,62,6a,61,6d,62,6b,62,65,6d,6c,6b,70,
61,69,00,00
"iabjpkkdkigkflhgib"=hex:6a,61,6b,66,6f,69,67,70,6a,63,6a,6d,62,6c,69,65,65,63,
63,69,00,00

[HKEY_USERS\S-1-5-21-6683308-3889578530-3044928126-1000\Software\SecuROM\License information*]
"datasecu"=hex:67,c8,f0,d7,c0,3e,80,28,c8,b5,c0,28,97,b6,2d,47,d6,d5,51,10,88,
77,25,a2,a9,2f,31,3b,ff,d3,66,45,aa,07,56,99,32,56,8a,41,05,a4,c5,5c,b9,25,\
"rkeysecu"=hex:e2,26,6d,94,9c,ba,ad,1d,64,79,70,1b,d8,19,de,23

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2277A9DF-385D-864C-096F-3E7A78B30374}\InProcServer32*]
"jaliaphkhfodcohifjnc"=hex:6a,61,6b,66,6f,69,67,70,6a,63,6a,6d,62,6c,69,65,65,
63,63,69,00,00
"ialioononjcajfillb"=hex:6a,61,6e,66,62,6a,62,6a,61,6d,62,6b,62,65,6d,6c,6b,70,
61,69,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
Completion time: 2010-05-29 18:41:56
ComboFix-quarantined-files.txt 2010-05-29 22:41

Pre-Run: 118,349,467,648 bytes free
Post-Run: 125,158,830,080 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - CE502F32B0542D763311F24CC12A224C


#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:49 AM

Posted 29 May 2010 - 07:04 PM

Hi Lou Lessing,

Not quite done yet. smile.gif

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    CODE
    :file
    c:\windows\system32\clipantz.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



***********

Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • User the Browse feature or copy and paste the each of the following file paths into the "Suspicious files to scan"box on the top of the page:
      c:\windows\system32\clipantz.dll
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
  • If Copy to Clipbard does not work, then just copy and paste the output in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.

Edited by SifuMike, 29 May 2010 - 08:39 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Lou Lessing

Lou Lessing
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 30 May 2010 - 11:48 AM

Okay, here we go.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 12:43 on 30/05/2010 by Lou (Administrator - Elevation successful)

========== file ==========

c:\windows\system32\clipantz.dll - File found and opened.
MD5: 8F5E95EB91A5BA4F1C2037C159D27D19
Created at 01:33 on 20/05/2010
Modified at 01:33 on 20/05/2010
Size: 40960 bytes
Attributes: --ah--
No version information available.

-=End Of File=-

VirSCAN.org Scanned Report :
Scanned time : 2010/05/30 12:44:57 (EDT)
Scanner results: 50% Scanner(s) (18/36) found malware!
File Name : clipantz.dll
File Size : 40960 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 8f5e95eb91a5ba4f1c2037c159d27d19
SHA1 : ab03c85d7c85412034e39ec5ca7e75a1631f1115
Online report : http://virscan.org/report/d28f9d2c59a8b27e...c148a13583.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.11 20100529191416 2010-05-29 0.36 Packed.Win32.Krap!IK
AhnLab V3 2010.05.30.00 2010.05.30 2010-05-30 1.31 Win-Trojan/Xema.variant
AntiVir 8.2.1.242 7.10.7.195 2010-05-28 0.27 TR/Agent.GY.1391
Antiy 2.0.18 20100530.4556133 2010-05-30 0.13 -
Arcavir 2009 201005300055 2010-05-30 0.04 Packed.Krap.gy
Authentium 5.1.1 201005291726 2010-05-29 1.43 -
AVAST! 4.7.4 100530-0 2010-05-30 0.04 Win32:Malware-gen
AVG 8.5.793 271.1.1/2906 2010-05-30 0.38 PSW.Generic7.CCSB
BitDefender 7.90123.6107787 7.31924 2010-05-31 4.45 Trojan.Generic.4014337
ClamAV 0.96.1 11103 2010-05-30 0.01 -
Comodo 3.13.579 4957 2010-05-30 0.93 -
CP Secure 1.3.0.5 2010.05.31 2010-05-31 0.05 -
Dr.Web 5.0.2.3300 2010.05.30 2010-05-30 7.63 -
F-Prot 4.4.4.56 20100529 2010-05-29 1.27 -
F-Secure 7.02.73807 2010.05.30.01 2010-05-30 0.23 Packed.Win32.Krap.gy [AVP]
Fortinet 4.1.133 11.998 2010-05-30 0.55 -
GData 21.262/21.85 20100530 2010-05-30 14.12 Packed.Win32.Krap.gy [Engine:A]
ViRobot 20100529 2010.05.29 2010-05-29 0.78 -
Ikarus T3.1.01.84 2010.05.30.75961 2010-05-30 6.60 Packed.Win32.Krap
JiangMin 13.0.900 2010.05.30 2010-05-30 1.28 -
Kaspersky 5.5.10 2010.05.30 2010-05-30 0.20 Packed.Win32.Krap.gy
KingSoft 2009.2.5.15 2010.5.30.12 2010-05-30 0.83 -
McAfee 5400.1158 5997 2010-05-29 17.48 -
Microsoft 1.5802 2010.05.30 2010-05-30 6.88 TrojanSpy:Win32/Ursnif.FJ
Norman 6.04.12 6.04.00 2010-05-29 4.01 -
Panda 9.05.01 2010.05.30 2010-05-30 2.01 Trj/Sinowal.DW
Trend Micro 9.120-1004 7.208.11 2010-05-30 0.03 -
Quick Heal 10.00 2010.05.29 2010-05-29 1.55 -
Rising 20.0 22.49.06.04 2010-05-30 0.62 Trojan.Win32.Generic.52061A26
Sophos 3.07.1 4.53 2010-05-31 3.60 Troj/FakeAV-BIL
Sunbelt 3.9.2424.2 6375 2010-05-29 11.93 Trojan.Win32.Generic!BT
Symantec 1.3.0.24 20100530.003 2010-05-30 0.49 Trojan.Zbot
nProtect 20100530.01 8524953 2010-05-30 9.60 Trojan.Generic.4014337
The Hacker 6.5.2.0 v00290 2010-05-30 0.36 -
VBA32 3.12.12.5 20100528.2043 2010-05-28 2.70 -
VirusBuster 4.5.11.10 10.126.57/2032536 2010-05-30 2.39 -


#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:49 AM

Posted 30 May 2010 - 12:20 PM

Hi Lou,

You need to disable your CA Anti-Virus Plus before running ComboFix, as it will prevent it from running.


Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

CODE
File::
c:\windows\system32\clipantz.dll

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]"attrmrt"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
The combofix log can also be found at C:\ComboFix.txt.


If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Lou Lessing

Lou Lessing
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 30 May 2010 - 12:42 PM

How much trouble will it be if CA Antispyware is running (or at least ComboFix thinks it is) when I do this? I'm almost certain I've disabled it, I've killed every process that looks like it could even vaguely be relevant, stopped every service that I could find that could possibly be it, and ComboFix still reads it as running. Last time I just rebooted and let the malware shut it off for me, but that's not exactly an option anymore.

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:49 AM

Posted 30 May 2010 - 04:08 PM

CA antispyware running is OK, but CA antivirus is not.

If you cant disable CA antivirus, then uninstall it while we run ComboFix.
After it is done running then you can reinstall it.

Edited by SifuMike, 30 May 2010 - 04:13 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Lou Lessing

Lou Lessing
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 30 May 2010 - 04:11 PM

I'm not having any trouble disabling CA Antivirus. I'll run the script now.

#10 Lou Lessing

Lou Lessing
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 30 May 2010 - 05:52 PM

Here's the combofix log.

ComboFix 10-05-29.05 - Lou 05/30/2010 17:14:56.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3325.1753 [GMT -4:00]
Running from: c:\users\Lou\Desktop\ComboFix.exe
Command switches used :: c:\users\Lou\Desktop\CFScript.txt
SP: CA Anti-Spyware *enabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\clipantz.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\clipantz.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-30 )))))))))))))))))))))))))))))))
.

2010-05-30 21:25 . 2010-05-30 21:25 -------- d-----w- c:\users\Lou\AppData\Local\temp
2010-05-30 21:25 . 2010-05-30 21:25 -------- d-----w- c:\users\Sam\AppData\Local\temp
2010-05-30 21:25 . 2010-05-30 21:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-30 21:25 . 2010-05-30 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-30 21:25 . 2010-05-30 21:25 -------- d-----w- c:\users\Debby\AppData\Local\temp
2010-05-30 21:25 . 2010-05-30 21:25 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-05-30 21:13 . 2010-05-30 21:13 -------- d-----w- C:\32788R22FWJFW
2010-05-29 22:16 . 2010-05-23 21:50 73216 ----a-w- c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-05-29 22:16 . 2010-04-18 18:33 307200 ----a-w- c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2010-05-29 22:16 . 2010-04-18 18:33 172032 ----a-w- c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2010-05-21 23:56 . 2010-05-23 03:30 -------- d-----w- c:\program files\Uru Live
2010-05-20 11:35 . 2010-05-20 11:35 -------- d-----w- c:\users\Lou\AppData\Roaming\Malwarebytes
2010-05-20 01:54 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-20 01:54 . 2010-05-20 01:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-20 01:54 . 2010-05-20 01:54 -------- d-----w- c:\programdata\Malwarebytes
2010-05-20 01:54 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-20 01:33 . 2010-05-20 01:33 -------- d-----w- c:\users\Lou\AppData\Roaming\419DEFA8BE34CF23AF0751BBA2F1B595
2010-05-15 16:38 . 2010-05-15 16:40 20854256 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-05-15 16:38 . 2010-05-15 16:38 13407072 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-05-14 18:02 . 2010-05-14 18:02 -------- d-----w- c:\users\Lou\AppData\Local\TAPtapTAPtapTAPtapTAP
2010-05-14 15:37 . 2010-05-14 15:37 -------- d-----w- c:\users\Lou\AppData\Local\Installer5404
2010-05-13 02:08 . 2010-05-13 02:11 -------- d-----w- c:\program files\Penumbra Overture
2010-05-02 17:17 . 2010-05-02 17:17 -------- d-----w- c:\programdata\Farbs
2010-05-02 17:17 . 2010-05-02 17:17 -------- d-----w- c:\program files\ROM CHECK FAIL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-29 22:42 . 2010-02-21 06:40 188152 ----a-w- c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\FlashGot.exe
2010-05-29 22:22 . 2009-12-07 14:22 -------- d-----w- c:\users\Lou\AppData\Roaming\WTablet
2010-05-29 22:20 . 2008-03-21 13:17 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-28 22:59 . 2008-07-24 17:35 -------- d-----w- c:\program files\Steam
2010-05-28 22:58 . 2009-12-23 06:32 -------- d-----w- c:\users\Sam\AppData\Roaming\WTablet
2010-05-28 12:46 . 2009-01-22 03:19 1 ----a-w- c:\users\Lou\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-28 12:46 . 2009-06-20 21:39 -------- d-----w- c:\users\Lou\AppData\Roaming\Skype
2010-05-28 12:30 . 2009-06-20 21:40 -------- d-----w- c:\users\Lou\AppData\Roaming\skypePM
2010-05-25 23:40 . 2009-02-01 21:23 -------- d-----w- c:\users\Lou\AppData\Roaming\foobar2000
2010-05-25 11:01 . 2008-07-27 22:08 -------- d-----w- c:\users\Lou\AppData\Roaming\gtk-2.0
2010-05-23 02:41 . 2008-10-18 19:24 -------- d-----w- c:\users\Sam\AppData\Roaming\gtk-2.0
2010-05-21 11:35 . 2009-08-26 03:44 -------- d-----w- c:\users\Lou\AppData\Roaming\Nettalk
2010-05-20 01:43 . 2008-10-27 02:30 -------- d-----w- c:\users\Lou\AppData\Roaming\BitTorrent
2010-05-20 01:40 . 2008-10-27 02:30 -------- d-----w- c:\users\Lou\AppData\Roaming\DNA
2010-05-20 01:33 . 2010-05-20 01:33 20 ----a-w- c:\users\Lou\AppData\Roaming\wpcalv.dat
2010-05-16 04:14 . 2008-10-27 02:30 -------- d-----w- c:\program files\DNA
2010-05-14 18:32 . 2008-08-16 22:32 -------- d-----w- c:\program files\Multimedia Fusion 2
2010-05-14 15:36 . 2008-03-21 13:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-13 02:12 . 2008-07-29 11:39 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-13 02:12 . 2008-07-29 11:39 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-09 05:07 . 2010-03-10 20:44 439816 ----a-w- c:\users\Lou\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-04-24 07:36 . 2010-04-24 07:35 -------- d-----w- c:\program files\ProFantasy
2010-04-23 02:32 . 2010-04-23 02:32 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-22 02:45 . 2010-02-27 03:21 -------- d-----w- c:\program files\Inspiration 8 Trial
2010-04-20 04:58 . 2008-08-03 08:00 -------- d-----w- c:\program files\AVS4YOU
2010-04-19 18:59 . 2010-04-19 18:59 255472 ----a-w- c:\users\Lou\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-04-18 05:10 . 2010-03-04 02:25 439816 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-04-05 03:28 . 2010-02-22 01:32 -------- d-----w- c:\program files\Warcraft III
2010-04-04 21:32 . 2010-03-07 18:09 1 ----a-w- c:\users\Sam\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-01 12:47 . 2008-03-21 13:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-26 03:52 . 2010-03-26 03:52 8405312 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-26 03:52 . 2010-03-26 03:52 149000 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-26 03:52 . 2010-03-26 03:52 79368 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe
2010-03-26 03:52 . 2010-03-26 03:52 64000 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-26 03:52 . 2010-03-26 03:52 52288 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-26 03:52 . 2010-03-26 03:52 50688 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-26 03:52 . 2010-03-26 03:52 49152 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-26 03:52 . 2010-03-26 03:52 118784 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-25 15:27 . 2010-04-09 20:29 1107264 ----a-w- c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-05-29_22.38.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 12:36 . 2006-11-02 12:36 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\WMM2EXT.dll
+ 2006-11-02 07:28 . 2006-11-02 08:48 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.18197_none_7b3d56a455f59b03\INETRES.dll
+ 2006-11-02 07:28 . 2006-11-02 08:48 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18416_none_79ac63d2588f4d00\INETRES.dll
+ 2006-11-02 07:33 . 2006-11-02 07:33 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18444_none_f3464f90ba4365fd\mshtmler.dll
+ 2008-01-21 02:23 . 2008-01-21 02:23 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18444_none_ae0aeadd06e2b348\admparse.dll
+ 2009-06-10 01:21 . 2009-04-11 06:28 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18226_none_03bfd0c79f0428b9\WininetPlugin.dll
+ 2009-06-10 01:21 . 2009-04-11 06:28 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18226_none_03bfd0c79f0428b9\jsproxy.dll
+ 2008-10-14 22:26 . 2008-02-22 05:01 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18444_none_01c1bc8da1efdba2\WininetPlugin.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 15360 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.18209_none_13d290d27978969c\TUNMP.SYS
+ 2008-01-21 02:24 . 2008-01-21 02:24 15360 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.18427_none_11d47c987c644985\TUNMP.SYS
+ 2008-07-24 18:40 . 2010-05-29 23:54 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-24 18:40 . 2010-05-29 22:38 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-24 18:40 . 2010-05-29 22:38 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-24 18:40 . 2010-05-29 23:54 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-11 15:15 . 2010-05-28 12:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-11 15:15 . 2010-05-29 22:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-11 15:15 . 2010-05-29 22:22 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-11 15:15 . 2010-05-28 12:28 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-11 15:15 . 2010-05-28 12:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-11 15:15 . 2010-05-29 22:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:25 . 2008-01-21 02:25 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\WMM2AE.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18444_none_647b35afae3bd305\ieui.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18444_none_477c73698ca0f9ff\sqmapi.dll
+ 2006-11-02 07:27 . 2006-11-02 09:39 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18444_none_ae0aeadd06e2b348\ieakui.dll
+ 2008-08-01 13:58 . 2010-05-30 16:37 478078 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2006-11-02 10:33 . 2010-05-29 22:30 597360 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-05-30 16:41 597360 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-05-30 16:41 102066 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-05-29 22:30 102066 c:\windows\System32\perfc009.dat
+ 2006-11-02 12:34 . 2006-11-02 12:34 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.18197_none_5a0aedc022b31946\MSOERES.dll
+ 2006-11-02 12:34 . 2006-11-02 12:34 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.18416_none_5879faee254ccb43\MSOERES.dll
+ 2009-07-28 23:06 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6002.22360_none_fdc14f0082331a90\ieapfltr.dat
+ 2009-07-28 23:06 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6002.18226_none_fd68f3a168efa30c\ieapfltr.dat
+ 2009-07-28 23:06 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.22653_none_fbe8ade28501f580\ieapfltr.dat
+ 2009-07-28 23:06 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.18444_none_fb6adf676bdb55f5\ieapfltr.dat
+ 2009-07-28 23:06 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21242_none_fa0c151a87d46562\ieapfltr.dat
+ 2009-07-28 23:06 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.17037_none_f99247c76eaa2b33\ieapfltr.dat
- 2006-11-02 10:22 . 2010-02-21 02:26 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22 . 2010-05-29 23:55 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-07-24 18:40 . 2010-05-29 23:54 1310720 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-24 18:40 . 2010-05-29 22:38 1310720 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-30 21:13 . 2010-05-30 21:13 6328320 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-05-03 07:01 . 2010-05-30 17:52 254647262 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-29 02:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-29 02:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Lou\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-07 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]

c:\users\Debby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
TrayMin1300.lnk - c:\program files\Philips\Philips SPC1300NC Webcam\TrayMin1300.exe [2009-1-6 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-29 02:46 90112 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
attrmrt REG_SZ c:\windows\system32\clipantz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-6683308-3889578530-3044928126-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2010-04-22 206160]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 KmxAMVet;KmxAMVet;c:\windows\system32\Drivers\KmxAMVet.sys [2009-03-27 598656]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 NVIDIAHWAccess;NVIDIAHWAccess;c:\users\Lou\AppData\Roaming\NVIDIA\HWAccess.sys [x]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2007-07-16 88320]
R3 SPC1300;USB2.0 PC Camera (SPC1300);c:\windows\system32\DRIVERS\spc1300.sys [2007-10-18 3033728]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-08 721904]
S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys [2009-12-23 132088]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2009-12-23 78840]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-09-07 1373480]
S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2009-08-04 887288]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2009-07-13 760664]
S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2009-07-27 227832]
S3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2009-09-30 239608]
S3 MSTabBtn;Quanta Computer Tablet PC Buttons HID Driver;c:\windows\system32\DRIVERS\mstabbtn.sys [2007-03-09 10496]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2008-07-31 11048]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2008-07-31 14120]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2008-07-31 16808]
S3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\DRIVERS\wisdpen.sys [2007-07-30 30248]


--- Other Services/Drivers In Memory ---

*Deregistered* - opdgzwu

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-6683308-3889578530-3044928126-1000Core.job
- c:\users\Lou\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-07 02:18]

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-6683308-3889578530-3044928126-1000UA.job
- c:\users\Lou\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-07 02:18]

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-6683308-3889578530-3044928126-1001Core.job
- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 01:45]

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-6683308-3889578530-3044928126-1001UA.job
- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 01:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\GameTap\bin\Release\npgametaptool.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Lou\AppData\Local\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\users\Lou\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Lou\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\Lou\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-30 17:25
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\opdgzwu]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-6683308-3889578530-3044928126-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2277A9DF-385D-864C-096F-3E7A78B30374}*]
"hahihlfipdnjkldl"=hex:6a,61,6e,66,62,6a,62,6a,61,6d,62,6b,62,65,6d,6c,6b,70,
61,69,00,00
"iabjpkkdkigkflhgib"=hex:6a,61,6b,66,6f,69,67,70,6a,63,6a,6d,62,6c,69,65,65,63,
63,69,00,00

[HKEY_USERS\S-1-5-21-6683308-3889578530-3044928126-1000\Software\SecuROM\License information*]
"datasecu"=hex:67,c8,f0,d7,c0,3e,80,28,c8,b5,c0,28,97,b6,2d,47,d6,d5,51,10,88,
77,25,a2,a9,2f,31,3b,ff,d3,66,45,aa,07,56,99,32,56,8a,41,05,a4,c5,5c,b9,25,\
"rkeysecu"=hex:e2,26,6d,94,9c,ba,ad,1d,64,79,70,1b,d8,19,de,23

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2277A9DF-385D-864C-096F-3E7A78B30374}\InProcServer32*]
"jaliaphkhfodcohifjnc"=hex:6a,61,6b,66,6f,69,67,70,6a,63,6a,6d,62,6c,69,65,65,
63,63,69,00,00
"ialioononjcajfillb"=hex:6a,61,6e,66,62,6a,62,6a,61,6d,62,6b,62,65,6d,6c,6b,70,
61,69,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
Completion time: 2010-05-30 17:30:09
ComboFix-quarantined-files.txt 2010-05-30 21:30
ComboFix2.txt 2010-05-29 22:41

Pre-Run: 140,615,954,432 bytes free
Post-Run: 140,566,835,200 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5
- - End Of File - - 12BE0C511000EDD51F4264B42A2BA774


#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:49 AM

Posted 30 May 2010 - 06:05 PM

Hi Lou,

We need to fix one more item.

You need to disable your CA Anti-Virus Plus, Windows Defender, Teatimer before running ComboFix, as it will prevent it from running.

To disable Windows Defender Real-time Protection:
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

To disable Spybot's Teatimer:
Open Spybot-S&D
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts



Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

CODE
Registry::
[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
The combofix log can also be found at C:\ComboFix.txt.

Edited by SifuMike, 30 May 2010 - 06:06 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 Lou Lessing

Lou Lessing
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 31 May 2010 - 06:04 PM

Here's the log. None of my three web browsers work on my own user account anymore (some registry error,) but they work on my brother's account fine.

ComboFix 10-05-30.09 - Lou 05/31/2010 15:17:43.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3325.2208 [GMT -4:00]
Running from: c:\users\Lou\Desktop\ComboFix.exe
Command switches used :: c:\users\Lou\Desktop\CFScript.txt
SP: CA Anti-Spyware *enabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))))))
.

2010-05-31 19:28 . 2010-05-31 19:28 -------- d-----w- c:\users\Lou\AppData\Local\temp
2010-05-31 19:28 . 2010-05-31 19:28 -------- d-----w- c:\users\Sam\AppData\Local\temp
2010-05-31 19:28 . 2010-05-31 19:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-31 19:28 . 2010-05-31 19:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-31 19:28 . 2010-05-31 19:28 -------- d-----w- c:\users\Debby\AppData\Local\temp
2010-05-31 19:28 . 2010-05-31 19:28 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-05-31 07:01 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-31 07:01 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-05-31 07:01 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-30 00:02 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-30 00:02 . 2010-01-29 16:21 738304 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-30 00:02 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-30 00:02 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-30 00:02 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-05-30 00:02 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-30 00:02 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-30 00:02 . 2010-03-04 18:54 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-05-30 00:02 . 2010-03-09 16:28 833024 ----a-w- c:\windows\system32\wininet.dll
2010-05-29 23:56 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-05-29 23:56 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-05-29 22:16 . 2010-05-23 21:50 73216 ----a-w- c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-05-29 22:16 . 2010-04-18 18:33 307200 ----a-w- c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2010-05-29 22:16 . 2010-04-18 18:33 172032 ----a-w- c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2010-05-21 23:56 . 2010-05-23 03:30 -------- d-----w- c:\program files\Uru Live
2010-05-20 11:35 . 2010-05-20 11:35 -------- d-----w- c:\users\Lou\AppData\Roaming\Malwarebytes
2010-05-20 01:54 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-20 01:54 . 2010-05-20 01:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-20 01:54 . 2010-05-20 01:54 -------- d-----w- c:\programdata\Malwarebytes
2010-05-20 01:54 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-20 01:33 . 2010-05-20 01:33 -------- d-----w- c:\users\Lou\AppData\Roaming\419DEFA8BE34CF23AF0751BBA2F1B595
2010-05-15 16:38 . 2010-05-15 16:40 20854256 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-05-15 16:38 . 2010-05-15 16:38 13407072 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-05-14 18:02 . 2010-05-14 18:02 -------- d-----w- c:\users\Lou\AppData\Local\TAPtapTAPtapTAPtapTAP
2010-05-14 15:37 . 2010-05-14 15:37 -------- d-----w- c:\users\Lou\AppData\Local\Installer5404
2010-05-13 02:08 . 2010-05-13 02:11 -------- d-----w- c:\program files\Penumbra Overture
2010-05-02 17:17 . 2010-05-02 17:17 -------- d-----w- c:\programdata\Farbs
2010-05-02 17:17 . 2010-05-02 17:17 -------- d-----w- c:\program files\ROM CHECK FAIL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 18:45 . 2008-07-24 18:40 110160 ----a-w- c:\users\Lou\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-31 18:44 . 2009-12-07 14:22 -------- d-----w- c:\users\Lou\AppData\Roaming\WTablet
2010-05-31 08:20 . 2008-03-21 13:17 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-31 08:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-31 08:20 . 2009-08-26 03:44 -------- d-----w- c:\users\Lou\AppData\Roaming\Nettalk
2010-05-31 08:20 . 2009-06-20 21:39 -------- d-----w- c:\users\Lou\AppData\Roaming\Skype
2010-05-31 08:03 . 2008-03-21 13:50 -------- d-----w- c:\programdata\Microsoft Help
2010-05-31 04:24 . 2009-06-20 21:40 -------- d-----w- c:\users\Lou\AppData\Roaming\skypePM
2010-05-30 21:31 . 2008-07-24 17:35 -------- d-----w- c:\program files\Steam
2010-05-30 21:31 . 2009-12-23 06:32 -------- d-----w- c:\users\Sam\AppData\Roaming\WTablet
2010-05-29 22:42 . 2010-02-21 06:40 188152 ----a-w- c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\FlashGot.exe
2010-05-28 12:46 . 2009-01-22 03:19 1 ----a-w- c:\users\Lou\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-25 23:40 . 2009-02-01 21:23 -------- d-----w- c:\users\Lou\AppData\Roaming\foobar2000
2010-05-25 11:01 . 2008-07-27 22:08 -------- d-----w- c:\users\Lou\AppData\Roaming\gtk-2.0
2010-05-23 02:41 . 2008-10-18 19:24 -------- d-----w- c:\users\Sam\AppData\Roaming\gtk-2.0
2010-05-20 01:43 . 2008-10-27 02:30 -------- d-----w- c:\users\Lou\AppData\Roaming\BitTorrent
2010-05-20 01:40 . 2008-10-27 02:30 -------- d-----w- c:\users\Lou\AppData\Roaming\DNA
2010-05-20 01:33 . 2010-05-20 01:33 20 ----a-w- c:\users\Lou\AppData\Roaming\wpcalv.dat
2010-05-16 04:14 . 2008-10-27 02:30 -------- d-----w- c:\program files\DNA
2010-05-14 18:32 . 2008-08-16 22:32 -------- d-----w- c:\program files\Multimedia Fusion 2
2010-05-14 15:36 . 2008-03-21 13:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-13 02:12 . 2008-07-29 11:39 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-13 02:12 . 2008-07-29 11:39 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-09 05:07 . 2010-03-10 20:44 439816 ----a-w- c:\users\Lou\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-04-27 18:45 . 2010-04-27 18:45 72856 ----a-w- c:\windows\system32\xliveinstallhost.exe
2010-04-27 18:45 . 2010-04-27 18:45 187544 ----a-w- c:\windows\system32\xliveinstall.dll
2010-04-24 07:36 . 2010-04-24 07:35 -------- d-----w- c:\program files\ProFantasy
2010-04-23 02:32 . 2010-04-23 02:32 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-22 02:45 . 2010-02-27 03:21 -------- d-----w- c:\program files\Inspiration 8 Trial
2010-04-20 04:58 . 2008-08-03 08:00 -------- d-----w- c:\program files\AVS4YOU
2010-04-19 18:59 . 2010-04-19 18:59 255472 ----a-w- c:\users\Lou\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-04-18 05:10 . 2010-03-04 02:25 439816 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-04-05 03:28 . 2010-02-22 01:32 -------- d-----w- c:\program files\Warcraft III
2010-04-04 21:32 . 2010-03-07 18:09 1 ----a-w- c:\users\Sam\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-02 21:17 . 2010-04-02 21:17 15426200 ----a-w- c:\windows\system32\xlive.dll
2010-04-02 21:17 . 2010-04-02 21:17 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-03-26 03:52 . 2010-03-26 03:52 8405312 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-26 03:52 . 2010-03-26 03:52 149000 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-26 03:52 . 2010-03-26 03:52 79368 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe
2010-03-26 03:52 . 2010-03-26 03:52 64000 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-26 03:52 . 2010-03-26 03:52 52288 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-26 03:52 . 2010-03-26 03:52 50688 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-26 03:52 . 2010-03-26 03:52 49152 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-26 03:52 . 2010-03-26 03:52 118784 ----a-w- c:\users\Sam\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-25 15:27 . 2010-04-09 20:29 1107264 ----a-w- c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2010-03-09 16:25 . 2010-05-30 00:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-05-30 00:01 26624 ----a-w- c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-05-29_22.38.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-17 19:21 . 2009-04-11 06:28 68096 c:\windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\wlanhlp.dll
+ 2010-05-30 00:01 . 2010-02-18 11:51 22016 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\netiougc.exe
+ 2010-05-30 00:01 . 2010-02-18 14:00 49152 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\netiomig.dll
+ 2010-05-30 00:01 . 2010-02-18 12:04 22016 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\netiougc.exe
+ 2010-05-30 00:01 . 2010-02-18 14:21 49152 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\netiomig.dll
+ 2010-05-30 00:02 . 2010-02-23 11:16 79360 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6002.22346_none_8d25cfd8a024cf75\mrxsmb20.sys
+ 2010-05-30 00:02 . 2010-02-23 11:10 79360 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6002.18213_none_8cb9a1f386f18fd3\mrxsmb20.sys
+ 2010-05-30 00:02 . 2010-02-23 11:30 79360 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.22641_none_8b3a5c7ea302fb9e\mrxsmb20.sys
+ 2010-05-30 00:02 . 2010-02-23 11:32 78848 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.18431_none_8abb8db989dd42bc\mrxsmb20.sys
+ 2010-05-30 00:02 . 2010-02-23 11:30 58368 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.21230_none_895dc3b6a5d56b80\mrxsmb20.sys
+ 2010-05-30 00:02 . 2010-02-23 13:14 58368 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.17025_none_88e3f6638cab3151\mrxsmb20.sys
+ 2010-05-31 07:01 . 2010-02-20 23:12 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\wbhstipm.dll
+ 2010-05-31 07:01 . 2010-02-20 23:12 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\wbhst_pm.dll
+ 2010-05-31 07:01 . 2010-02-20 23:12 48128 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\w3wphost.dll
+ 2010-05-31 07:01 . 2010-02-20 23:12 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\w3tp.dll
+ 2010-01-11 05:37 . 2009-11-09 12:32 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\wbhstipm.dll
+ 2010-01-11 05:37 . 2009-11-09 12:32 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\wbhst_pm.dll
+ 2010-01-11 05:37 . 2009-11-09 12:32 47616 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\w3wphost.dll
+ 2010-01-11 05:37 . 2009-11-09 12:32 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\w3tp.dll
+ 2010-05-31 07:01 . 2010-02-20 23:31 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\wbhstipm.dll
+ 2010-05-31 07:01 . 2010-02-20 23:31 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\wbhst_pm.dll
+ 2010-05-31 07:01 . 2010-02-20 23:31 46592 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\w3wphost.dll
+ 2010-05-31 07:01 . 2010-02-20 23:31 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\w3tp.dll
+ 2010-01-11 05:37 . 2009-11-09 13:23 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\wbhstipm.dll
+ 2010-01-11 05:37 . 2009-11-09 13:23 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\wbhst_pm.dll
+ 2010-01-11 05:37 . 2009-11-09 13:23 46592 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\w3wphost.dll
+ 2010-01-11 05:37 . 2009-11-09 13:23 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\w3tp.dll
+ 2010-05-31 07:01 . 2010-02-20 23:36 25088 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\wbhstipm.dll
+ 2010-05-31 07:01 . 2010-02-20 23:36 22016 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\wbhst_pm.dll
+ 2010-05-31 07:01 . 2010-02-20 23:36 39424 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\w3wphost.dll
+ 2010-05-31 07:01 . 2010-02-20 23:36 15360 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\w3tp.dll
+ 2010-05-31 07:01 . 2010-02-20 23:55 25088 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\wbhstipm.dll
+ 2010-05-31 07:01 . 2010-02-20 23:55 22016 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\wbhst_pm.dll
+ 2010-05-31 07:01 . 2010-02-20 23:55 39424 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\w3wphost.dll
+ 2010-05-31 07:01 . 2010-02-20 23:55 15360 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\w3tp.dll
+ 2010-05-31 07:01 . 2010-02-20 23:10 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.22343_none_75f500438adc1033\nshhttp.dll
+ 2010-05-31 07:01 . 2010-02-20 23:06 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.18210_none_7588d25e71a8d091\nshhttp.dll
+ 2010-05-31 07:01 . 2010-02-20 23:31 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.22638_none_741e5fb98da91dd1\nshhttp.dll
+ 2010-05-31 07:01 . 2010-02-20 23:39 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.18428_none_739f90f4748364ef\nshhttp.dll
+ 2010-05-31 07:01 . 2010-02-20 23:35 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.21227_none_7241c6f1907b8db3\nshhttp.dll
+ 2010-05-31 07:01 . 2010-02-20 23:54 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.17022_none_71b326ce7762720f\nshhttp.dll
+ 2010-05-30 00:01 . 2010-02-18 17:36 98192 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22636_none_cd93a82a43bb5573\FWPKCLNT.SYS
+ 2010-05-30 00:01 . 2010-02-18 11:50 85504 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21226_none_cbb80fac468cdeac\FWPKCLNT.SYS
+ 2010-05-30 00:02 . 2009-10-14 14:12 23552 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9\WMM2EXT.dll
+ 2010-05-30 00:02 . 2009-04-11 06:28 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\WMM2EXT.dll
+ 2010-05-30 00:02 . 2009-10-14 15:08 23552 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459\WMM2EXT.dll
+ 2006-11-02 12:36 . 2006-11-02 12:36 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\WMM2EXT.dll
+ 2010-05-30 00:02 . 2009-10-14 14:51 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a\WMM2EXT.dll
+ 2010-05-30 00:02 . 2009-10-14 15:06 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290\WMM2EXT.dll
+ 2009-10-17 19:23 . 2009-04-11 06:27 53248 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18005_none_9e4aa84809e375cf\rrinstaller.exe
+ 2009-10-17 19:23 . 2009-04-11 06:28 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18005_none_9e4aa84809e375cf\mfps.dll
+ 2009-10-17 19:23 . 2009-04-11 06:27 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18005_none_9e4aa84809e375cf\mfpmp.exe
+ 2010-05-30 00:02 . 2010-01-29 13:49 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.22325_none_7c10a4356edc41af\INETRES.dll
+ 2006-11-02 07:28 . 2006-11-02 08:48 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.18197_none_7b3d56a455f59b03\INETRES.dll
+ 2010-05-30 00:02 . 2010-01-29 13:56 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.22621_none_7a26312571b9872f\INETRES.dll
+ 2006-11-02 07:28 . 2006-11-02 08:48 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18416_none_79ac63d2588f4d00\INETRES.dll
+ 2010-05-30 00:01 . 2010-02-18 11:43 31232 c:\windows\winsxs\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22341_none_88630ed21bd06a58\tcpipreg.sys
+ 2010-05-31 07:01 . 2010-02-20 23:12 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\wamregps.dll
+ 2010-05-31 07:01 . 2010-02-20 23:11 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\rscaext.dll
+ 2010-05-31 07:01 . 2010-02-20 23:11 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\rsca.dll
+ 2010-05-31 07:01 . 2010-02-20 23:08 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iissyspr.dll
+ 2010-05-31 07:01 . 2010-02-20 21:21 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisrstas.exe
+ 2010-05-31 07:01 . 2010-02-20 21:21 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisreset.exe
+ 2010-05-31 07:01 . 2010-02-20 23:08 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisreg.dll
+ 2010-05-31 07:01 . 2010-02-20 23:07 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\ahadmin.dll
+ 2010-05-31 07:01 . 2010-02-20 23:06 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\admwprox.dll
+ 2010-01-11 05:37 . 2009-11-09 12:32 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\wamregps.dll
+ 2010-01-11 05:37 . 2009-11-09 12:32 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\rscaext.dll
+ 2010-01-11 05:37 . 2009-11-09 12:32 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\rsca.dll
+ 2010-01-11 05:37 . 2009-11-09 12:30 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iissyspr.dll
+ 2010-01-11 05:37 . 2009-11-09 10:48 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisrstas.exe
+ 2010-01-11 05:37 . 2009-11-09 10:48 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisreset.exe
+ 2010-01-11 05:37 . 2009-11-09 12:30 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisreg.dll
+ 2010-01-11 05:37 . 2009-11-09 12:28 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\ahadmin.dll
+ 2010-01-11 05:37 . 2009-11-09 12:28 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\admwprox.dll
+ 2010-05-31 07:01 . 2010-02-20 23:31 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\wamregps.dll
+ 2010-05-31 07:01 . 2010-02-20 23:31 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\rscaext.dll
+ 2010-05-31 07:01 . 2010-02-20 23:31 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\rsca.dll
+ 2010-05-31 07:01 . 2010-02-20 23:29 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iissyspr.dll
+ 2010-05-31 07:01 . 2010-02-20 21:35 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisrstas.exe
+ 2010-05-31 07:01 . 2010-02-20 21:35 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisreset.exe
+ 2010-05-31 07:01 . 2010-02-20 23:29 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisreg.dll
+ 2010-05-31 07:01 . 2010-02-20 23:26 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\ahadmin.dll
+ 2010-05-31 07:01 . 2010-02-20 23:26 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\admwprox.dll
+ 2010-01-11 05:37 . 2009-11-09 13:23 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\wamregps.dll
+ 2010-01-11 05:37 . 2009-11-09 13:23 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\rscaext.dll
+ 2010-01-11 05:37 . 2009-11-09 13:23 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\rsca.dll
+ 2010-01-11 05:37 . 2009-11-09 13:20 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iissyspr.dll
+ 2010-01-11 05:37 . 2009-11-09 11:21 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisrstas.exe
+ 2010-01-11 05:37 . 2009-11-09 11:21 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisreset.exe
+ 2010-01-11 05:37 . 2009-11-09 13:20 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisreg.dll
+ 2010-01-11 05:37 . 2009-11-09 13:18 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\ahadmin.dll
+ 2010-01-11 05:37 . 2009-11-09 13:18 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\admwprox.dll
+ 2010-05-31 07:01 . 2010-02-20 23:36 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\wamregps.dll
+ 2010-05-31 07:01 . 2010-02-20 23:35 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\rsca.dll
+ 2010-05-31 07:01 . 2010-02-20 23:31 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iissyspr.dll
+ 2010-05-31 07:01 . 2010-02-20 21:31 30720 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisrstas.exe
+ 2010-05-31 07:01 . 2010-02-20 21:31 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisreset.exe
+ 2010-05-31 07:01 . 2010-02-20 23:31 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisreg.dll
+ 2010-05-31 07:01 . 2010-02-20 23:30 51200 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\admwprox.dll
+ 2010-05-31 07:01 . 2010-02-20 23:55 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\wamregps.dll
+ 2010-05-31 07:01 . 2010-02-20 23:55 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\rsca.dll
+ 2010-05-31 07:01 . 2010-02-20 23:52 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iissyspr.dll
+ 2010-05-31 07:01 . 2010-02-20 21:46 30720 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisrstas.exe
+ 2010-05-31 07:01 . 2010-02-20 21:46 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisreset.exe
+ 2010-05-31 07:01 . 2010-02-20 23:52 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisreg.dll
+ 2010-05-31 07:01 . 2010-02-20 23:50 51200 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\admwprox.dll
+ 2010-05-31 07:01 . 2010-02-20 23:12 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.22343_none_d1f1e1863fa65f97\w3dt.dll
+ 2010-05-31 07:01 . 2010-02-20 23:08 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.22343_none_d1f1e1863fa65f97\hwebcore.dll
+ 2010-05-31 07:01 . 2010-02-20 23:07 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18210_none_d185b3a126731ff5\w3dt.dll
+ 2010-01-11 05:37 . 2009-11-09 12:30 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18210_none_d185b3a126731ff5\hwebcore.dll
+ 2010-05-31 07:01 . 2010-02-20 23:31 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.22638_none_d01b40fc42736d35\w3dt.dll
+ 2010-05-31 07:01 . 2010-02-20 23:29 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.22638_none_d01b40fc42736d35\hwebcore.dll
+ 2010-05-31 07:01 . 2010-02-20 23:40 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.18428_none_cf9c7237294db453\w3dt.dll
+ 2010-01-11 05:37 . 2009-11-09 13:20 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.18428_none_cf9c7237294db453\hwebcore.dll
+ 2010-05-31 07:01 . 2010-02-20 23:36 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.21227_none_ce3ea8344545dd17\w3dt.dll
+ 2010-05-31 07:01 . 2010-02-20 23:31 12288 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.21227_none_ce3ea8344545dd17\hwebcore.dll
+ 2010-05-31 07:01 . 2010-02-20 23:55 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.17022_none_cdb008112c2cc173\w3dt.dll
+ 2010-05-31 07:01 . 2010-02-20 23:51 12288 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.17022_none_cdb008112c2cc173\hwebcore.dll
+ 2010-05-30 00:01 . 2010-03-09 16:27 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.21242_none_2a6fca57813ef7f4\iebrshim.dll
+ 2010-05-30 00:01 . 2010-03-09 16:50 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.17037_none_29f5fd046814bdc5\iebrshim.dll
+ 2010-05-30 00:01 . 2010-03-09 16:27 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21242_none_c44ab3e77a8f2297\iesetup.dll
+ 2010-05-30 00:01 . 2010-03-09 16:27 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21242_none_c44ab3e77a8f2297\iernonce.dll
+ 2010-05-30 00:01 . 2010-03-09 14:02 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21242_none_c44ab3e77a8f2297\ie4uinit.exe
+ 2010-05-30 00:01 . 2010-03-09 16:50 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.17037_none_c3d0e6946164e868\iesetup.dll
+ 2010-05-30 00:01 . 2010-03-09 16:50 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.17037_none_c3d0e6946164e868\iernonce.dll
+ 2010-05-30 00:01 . 2010-03-09 14:17 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.17037_none_c3d0e6946164e868\ie4uinit.exe
+ 2010-05-30 00:01 . 2010-03-11 14:52 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22653_none_2fb897943341ea10\ieUnatt.exe
+ 2010-05-30 00:01 . 2010-03-09 14:01 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18444_none_2f3ac9191a1b4a85\ieUnatt.exe
+ 2010-05-30 00:01 . 2010-03-09 14:02 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21242_none_2ddbfecc361459f2\ieUnatt.exe
+ 2010-05-30 00:01 . 2010-03-09 14:17 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.17037_none_2d6231791cea1fc3\ieUnatt.exe
+ 2010-05-30 00:01 . 2010-03-09 16:27 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.21242_none_59157e298053e04e\icardie.dll
+ 2010-05-30 00:01 . 2010-03-09 16:50 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.17037_none_589bb0d66729a61f\icardie.dll
+ 2010-05-30 00:01 . 2010-03-11 14:51 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22653_none_f3c41e0bd36a0588\mshtmler.dll
+ 2010-05-30 00:01 . 2010-03-11 16:38 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22653_none_f3c41e0bd36a0588\ieencode.dll
+ 2006-11-02 07:33 . 2006-11-02 07:33 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18444_none_f3464f90ba4365fd\mshtmler.dll
+ 2010-05-30 00:01 . 2010-03-09 16:25 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18444_none_f3464f90ba4365fd\ieencode.dll
+ 2010-05-30 00:01 . 2010-03-09 12:36 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21242_none_f1e78543d63c756a\mshtmler.dll
+ 2010-05-30 00:01 . 2010-03-09 16:27 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21242_none_f1e78543d63c756a\ieencode.dll
+ 2010-05-30 00:01 . 2010-03-09 12:43 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.17037_none_f16db7f0bd123b3b\mshtmler.dll
+ 2010-05-30 00:01 . 2010-03-09 16:50 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.17037_none_f16db7f0bd123b3b\ieencode.dll
+ 2010-05-30 00:01 . 2010-03-11 16:36 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22653_none_ae88b958200952d3\admparse.dll
+ 2008-01-21 02:23 . 2008-01-21 02:23 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18444_none_ae0aeadd06e2b348\admparse.dll
+ 2010-05-30 00:01 . 2010-03-09 16:24 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21242_none_acac209022dbc2b5\admparse.dll
+ 2010-05-30 00:01 . 2010-03-09 16:48 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.17037_none_ac32533d09b18886\admparse.dll
+ 2010-05-30 00:01 . 2010-03-11 16:52 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22360_none_04182c26b847a03d\WininetPlugin.dll
+ 2010-05-30 00:01 . 2010-03-11 16:50 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22360_none_04182c26b847a03d\jsproxy.dll
+ 2009-06-10 01:21 . 2009-04-11 06:28 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18226_none_03bfd0c79f0428b9\WininetPlugin.dll
+ 2009-06-10 01:21 . 2009-04-11 06:28 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18226_none_03bfd0c79f0428b9\jsproxy.dll
+ 2010-05-30 00:01 . 2010-03-11 16:40 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22653_none_023f8b08bb167b2d\WininetPlugin.dll
+ 2010-05-30 00:01 . 2010-03-11 16:38 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22653_none_023f8b08bb167b2d\jsproxy.dll
+ 2008-10-14 22:26 . 2008-02-22 05:01 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18444_none_01c1bc8da1efdba2\WininetPlugin.dll
+ 2010-05-30 00:01 . 2010-03-09 16:25 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18444_none_01c1bc8da1efdba2\jsproxy.dll
+ 2010-05-30 00:01 . 2010-03-09 16:31 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21242_none_0062f240bde8eb0f\WininetPlugin.dll
+ 2010-05-30 00:01 . 2010-03-09 16:27 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21242_none_0062f240bde8eb0f\jsproxy.dll
+ 2010-05-30 00:01 . 2010-03-09 16:54 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.17037_none_ffe924eda4beb0e0\WininetPlugin.dll
+ 2010-05-30 00:01 . 2010-03-09 16:51 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.17037_none_ffe924eda4beb0e0\jsproxy.dll
+ 2010-05-30 00:02 . 2010-04-23 14:23 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22391_none_17571fa5201e0c64\tzupd.exe
+ 2010-05-30 00:02 . 2010-01-23 09:26 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18248_none_170a947c06d19246\tzupd.exe
+ 2010-05-30 00:02 . 2010-04-23 14:02 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22677_none_158c4f5122e21768\tzupd.exe
+ 2010-05-30 00:02 . 2010-01-23 09:44 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18464_none_150a7fae09bf1281\tzupd.exe
+ 2010-05-30 00:01 . 2010-02-18 11:42 25088 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.22341_none_1428eb9d92bddb72\tunnel.sys
+ 2010-05-30 00:01 . 2010-02-18 11:42 15360 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.22341_none_1428eb9d92bddb72\TUNMP.SYS
+ 2010-05-30 00:01 . 2010-02-18 11:28 25088 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.18209_none_13d290d27978969c\tunnel.sys
+ 2008-01-21 02:24 . 2008-01-21 02:24 15360 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.18209_none_13d290d27978969c\TUNMP.SYS
+ 2010-05-30 00:01 . 2010-02-18 12:00 25088 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.22636_none_12524b13958ae910\tunnel.sys
+ 2010-05-30 00:01 . 2010-02-18 12:00 15360 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.22636_none_12524b13958ae910\TUNMP.SYS
+ 2010-05-30 00:01 . 2010-02-18 11:52 25088 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.18427_none_11d47c987c644985\tunnel.sys
+ 2008-01-21 02:24 . 2008-01-21 02:24 15360 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.18427_none_11d47c987c644985\TUNMP.SYS
+ 2010-05-30 00:01 . 2010-02-18 11:50 25088 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.21226_none_1076b295985c7249\tunnel.sys
+ 2010-05-30 00:01 . 2010-02-18 11:50 15360 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.21226_none_1076b295985c7249\TUNMP.SYS
+ 2010-05-30 00:01 . 2010-02-18 12:04 25088 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.17021_none_0fe812727f4356a5\tunnel.sys
+ 2010-05-30 00:01 . 2010-02-18 12:04 15360 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.17021_none_0fe812727f4356a5\TUNMP.SYS
+ 2010-05-31 07:01 . 2010-02-20 23:07 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6002.22343_none_22e5433d125cc342\authsspi.dll
+ 2010-05-31 07:01 . 2010-02-20 23:04 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6002.18210_none_22791557f92983a0\authsspi.dll
+ 2010-05-31 07:01 . 2010-02-20 23:27 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6001.22638_none_210ea2b31529d0e0\authsspi.dll
+ 2010-05-31 07:01 . 2010-02-20 23:35 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6001.18428_none_208fd3edfc0417fe\authsspi.dll
+ 2010-05-31 07:01 . 2010-02-20 23:30 36352 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6000.21227_none_1f3209eb17fc40c2\authsspi.dll
+ 2010-05-31 07:01 . 2010-02-20 23:50 36352 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6000.17022_none_1ea369c7fee3251e\authsspi.dll
+ 2010-05-30 00:01 . 2010-03-09 16:30 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.21242_none_ec406dec2f7f4d18\pngfilt.dll
+ 2010-05-30 00:01 . 2010-03-09 16:54 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.17037_none_ebc6a099165512e9\pngfilt.dll
+ 2010-05-31 07:01 . 2010-02-20 23:08 30720 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.22343_none_f7f4165eb3ad7c4d\httpapi.dll
+ 2010-05-31 07:01 . 2010-02-20 23:05 30720 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.18210_none_f787e8799a7a3cab\httpapi.dll
+ 2010-05-31 07:01 . 2010-02-20 23:29 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.22638_none_f61d75d4b67a89eb\httpapi.dll
+ 2010-05-31 07:01 . 2010-02-20 23:37 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.18428_none_f59ea70f9d54d109\httpapi.dll
+ 2010-05-31 07:01 . 2010-02-20 23:31 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.21227_none_f440dd0cb94cf9cd\httpapi.dll
+ 2010-05-31 07:01 . 2010-02-20 23:51 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.17022_none_f3b23ce9a033de29\httpapi.dll
+ 2010-05-29 23:56 . 2010-01-13 17:48 98304 c:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.0.6002.22311_none_3a689ec7f7c9ca5e\cabview.dll
+ 2010-05-29 23:56 . 2010-01-13 17:34 98304 c:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.0.6002.18184_none_39965180dee23d09\cabview.dll
+ 2010-05-29 23:56 . 2010-01-13 18:51 98304 c:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.0.6001.22605_none_3890fdf3fa97bea5\cabview.dll
+ 2010-05-29 23:56 . 2010-01-15 00:04 98304 c:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.0.6001.18404_none_38065ef8e17b085d\cabview.dll
+ 2010-05-29 23:56 . 2010-01-13 18:12 97792 c:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.0.6000.21203_none_36a894f5fd733121\cabview.dll
+ 2010-05-29 23:56 . 2010-01-13 18:23 97792 c:\windows\winsxs\x86_microsoft-windows-cabview_31bf3856ad364e35_6.0.6000.17002_none_361df5fae4567ad9\cabview.dll
- 2010-02-15 12:13 . 2009-12-18 13:02 28160 c:\windows\System32\jsproxy.dll
+ 2010-05-30 00:01 . 2010-03-09 16:25 28160 c:\windows\System32\jsproxy.dll
+ 2010-05-30 00:01 . 2010-02-18 11:52 25088 c:\windows\System32\drivers\tunnel.sys
- 2008-07-24 18:40 . 2010-05-29 22:38 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-24 18:40 . 2010-05-31 13:14 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-24 18:40 . 2010-05-29 22:38 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-24 18:40 . 2010-05-31 13:14 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-30 00:02 . 2010-01-23 09:44 19456 c:\windows\servicing\GC32\tzupd.exe
+ 2010-01-11 15:15 . 2010-05-29 22:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-11 15:15 . 2010-05-28 12:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-11 15:15 . 2010-05-29 22:22 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-11 15:15 . 2010-05-28 12:28 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-11 15:15 . 2010-05-28 12:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-11 15:15 . 2010-05-29 22:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-31 08:01 . 2010-05-31 08:01 83136 c:\windows\Installer\{F97E3841-CA9D-4964-9D64-26066241D26F}\GameForWindowsLiveDash.exe
+ 2010-05-31 08:02 . 2010-05-31 08:02 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2009-10-17 19:32 . 2009-10-17 19:32 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2008-03-21 13:51 . 2009-10-17 19:32 35088 c:\windows\Installer\{91120000-00A1-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-03-21 13:51 . 2010-05-31 08:02 35088 c:\windows\Installer\{91120000-00A1-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-03-21 13:51 . 2009-10-17 19:32 18704 c:\windows\Installer\{91120000-00A1-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-03-21 13:51 . 2010-05-31 08:02 18704 c:\windows\Installer\{91120000-00A1-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-03-21 13:51 . 2009-10-17 19:32 20240 c:\windows\Installer\{91120000-00A1-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-03-21 13:51 . 2010-05-31 08:02 20240 c:\windows\Installer\{91120000-00A1-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-03-21 13:53 . 2010-01-11 05:43 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-03-21 13:53 . 2010-05-31 08:02 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-03-21 13:53 . 2010-05-31 08:02 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-03-21 13:53 . 2010-01-11 05:43 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-03-21 13:53 . 2010-01-11 05:43 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-03-21 13:53 . 2010-05-31 08:02 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-11-02 06:20 . 2010-05-31 08:03 35088 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-11-02 06:20 . 2009-10-17 19:33 35088 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-11-02 06:20 . 2010-05-31 08:03 18704 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-11-02 06:20 . 2009-10-17 19:33 18704 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-11-02 06:20 . 2010-05-31 08:03 20240 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-11-02 06:20 . 2009-10-17 19:33 20240 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-01-11 05:40 . 2010-01-11 05:40 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-05-31 08:02 . 2010-05-31 08:02 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-10-25 12:18 . 2008-10-25 12:18 72568 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONFILTER.DLL
+ 2008-10-25 12:18 . 2008-10-25 12:18 98696 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTEM.EXE
+ 2009-10-17 19:23 . 2009-04-11 04:54 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18005_none_9e4aa84809e375cf\mferror.dll
+ 2010-05-31 07:01 . 2010-02-20 23:12 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\w3ctrlps.dll
+ 2010-05-31 07:01 . 2010-02-20 23:08 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisrstap.dll
+ 2010-01-11 05:37 . 2009-11-09 12:32 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\w3ctrlps.dll
+ 2010-01-11 05:37 . 2009-11-09 12:30 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisrstap.dll
+ 2010-05-31 07:01 . 2010-02-20 23:31 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\w3ctrlps.dll
+ 2010-05-31 07:01 . 2010-02-20 23:29 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisrstap.dll
+ 2010-01-11 05:37 . 2009-11-09 13:23 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\w3ctrlps.dll
+ 2010-01-11 05:37 . 2009-11-09 13:20 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisrstap.dll
+ 2010-05-31 07:01 . 2010-02-20 23:35 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\w3ctrlps.dll
+ 2010-05-31 07:01 . 2010-02-20 23:31 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisrstap.dll
+ 2010-05-31 07:01 . 2010-02-20 23:55 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\w3ctrlps.dll
+ 2010-05-31 07:01 . 2010-02-20 23:52 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisrstap.dll
+ 2010-05-30 00:02 . 2010-04-23 14:23 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22391_none_17571fa5201e0c64\tzres.dll
+ 2010-05-30 00:02 . 2010-04-23 14:13 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18248_none_170a947c06d19246\tzres.dll
+ 2010-05-30 00:02 . 2010-04-23 14:02 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22677_none_158c4f5122e21768\tzres.dll
+ 2010-05-30 00:02 . 2010-04-23 13:55 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18464_none_150a7fae09bf1281\tzres.dll
- 2010-05-29 22:22 . 2010-05-29 22:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-05-31 08:23 . 2010-05-31 08:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-05-31 08:23 . 2010-05-31 08:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-05-29 22:22 . 2010-05-29 22:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-29 23:56 . 2009-12-23 12:12 172032 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6002.22293_none_f1c001a2b09b160b\wintrust.dll
+ 2010-05-29 23:56 . 2009-12-23 11:33 172032 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6002.18169_none_f15cd657975fba78\wintrust.dll
+ 2010-05-29 23:56 . 2009-12-23 12:29 171520 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6001.22588_none_efe96118b36823a9\wintrust.dll
+ 2010-05-29 23:56 . 2009-12-23 12:43 171520 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6001.18387_none_ef5ec21d9a4b6d61\wintrust.dll
+ 2010-05-29 23:56 . 2009-12-23 12:14 171520 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6000.21186_none_ee00f81ab6439625\wintrust.dll
+ 2010-05-29 23:56 . 2009-12-23 12:45 171520 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6000.16984_none_ed7582999d27906b\wintrust.dll
+ 2010-05-30 00:01 . 2010-02-18 14:01 167424 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpipcfg.dll
+ 2010-05-30 00:01 . 2010-02-18 11:51 818688 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
+ 2010-05-30 00:01 . 2010-02-18 14:22 167424 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpipcfg.dll
+ 2010-05-30 00:01 . 2010-02-18 12:05 815104 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
+ 2010-05-30 00:01 . 2010-02-18 14:22 910216 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
+ 2010-05-30 00:01 . 2010-02-18 14:07 904576 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
+ 2010-05-30 00:01 . 2010-02-18 17:36 902024 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
+ 2010-05-30 00:01 . 2010-02-18 14:49 898952 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
+ 2010-05-30 00:02 . 2010-02-23 11:16 106496 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.22346_none_81dc4772677c5da2\mrxsmb.sys
+ 2010-05-30 00:02 . 2010-02-23 11:10 106496 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.18213_none_8170198d4e491e00\mrxsmb.sys
+ 2010-05-30 00:02 . 2010-02-23 11:30 106496 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.22641_none_7ff0d4186a5a89cb\mrxsmb.sys
+ 2010-05-30 00:02 . 2010-02-23 11:32 105984 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.18431_none_7f7205535134d0e9\mrxsmb.sys
+ 2010-05-30 00:02 . 2010-02-23 11:30 102912 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.21230_none_7e143b506d2cf9ad\mrxsmb.sys
+ 2010-05-30 00:02 . 2010-02-23 13:14 102400 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.17025_none_7d9a6dfd5402bf7e\mrxsmb.sys
+ 2010-05-30 00:02 . 2010-02-23 11:16 212992 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6002.22346_none_8aef65c661cd9c04\mrxsmb10.sys
+ 2010-05-30 00:02 . 2010-02-23 11:10 212992 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6002.18213_none_8a8337e1489a5c62\mrxsmb10.sys
+ 2010-05-30 00:02 . 2010-02-23 11:30 212992 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22641_none_8903f26c64abc82d\mrxsmb10.sys
+ 2010-05-30 00:02 . 2010-02-23 11:32 212992 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18431_none_888523a74b860f4b\mrxsmb10.sys
+ 2010-05-30 00:02 . 2010-02-23 11:30 211968 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.21230_none_872759a4677e380f\mrxsmb10.sys
+ 2010-05-30 00:02 . 2010-02-23 13:14 211968 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.17025_none_86ad8c514e53fde0\mrxsmb10.sys
+ 2010-05-30 00:02 . 2010-03-04 17:50 430080 c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6002.22354_none_4a980d0c444fdb0b\vbscript.dll
+ 2010-05-30 00:02 . 2010-03-04 17:33 430080 c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6002.18222_none_4a2cdf712b1bb4c0\vbscript.dll
+ 2010-05-30 00:02 . 2010-03-04 17:56 434176 c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6001.22648_none_48c06c38471dcf52\vbscript.dll
+ 2010-05-30 00:02 . 2010-03-04 18:54 430080 c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6001.18440_none_482ecb372e0767a9\vbscript.dll
+ 2010-05-30 00:02 . 2010-03-04 19:07 434176 c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6000.21238_none_46e4d3ba49ef588b\vbscript.dll
+ 2010-05-30 00:02 . 2010-03-04 19:24 434176 c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6000.17033_none_4656339730d63ce7\vbscript.dll
+ 2010-05-30 00:01 . 2010-01-25 12:37 471552 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6002.22321_none_a350e80647cb55d4\secproc.dll
+ 2010-05-30 00:01 . 2010-01-25 08:28 518144 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6002.22321_none_a350e80647cb55d4\RMActivate.exe
+ 2010-05-30 00:01 . 2010-01-25 12:00 471552 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6002.18193_none_a27d9a752ee4af28\secproc.dll
+ 2010-05-30 00:01 . 2010-01-25 08:21 518144 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6002.18193_none_a27d9a752ee4af28\RMActivate.exe
+ 2010-05-30 00:01 . 2010-01-25 12:32 472576 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6001.22613_none_a177469e4a9b176d\secproc.dll
+ 2010-05-30 00:01 . 2010-01-25 08:34 518144 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6001.22613_none_a177469e4a9b176d\RMActivate.exe
+ 2010-05-30 00:01 . 2010-01-25 12:48 472064 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6001.18411_none_a0eba759317f47ce\secproc.dll
+ 2010-05-30 00:01 . 2010-01-25 08:34 511488 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6001.18411_none_a0eba759317f47ce\RMActivate.exe
+ 2010-05-30 00:01 . 2010-01-25 12:35 472576 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6000.21210_none_9f8ddd564d777092\secproc.dll
+ 2010-05-30 00:01 . 2010-01-25 08:27 515584 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6000.21210_none_9f8ddd564d777092\RMActivate.exe
+ 2010-05-30 00:01 . 2010-01-25 12:58 472576 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6000.17008_none_9f1710e1344a8268\secproc.dll
+ 2010-05-30 00:01 . 2010-01-25 08:36 515584 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6000.17008_none_9f1710e1344a8268\RMActivate.exe
+ 2010-05-30 00:01 . 2010-01-25 12:38 152576 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6002.22321_none_721a38317a650774\secproc_ssp.dll
+ 2010-05-30 00:01 . 2010-01-25 08:28 347136 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6002.22321_none_721a38317a650774\RMActivate_ssp.exe
+ 2010-05-30 00:01 . 2010-01-25 12:00 152064 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6002.18193_none_7146eaa0617e60c8\secproc_ssp.dll
+ 2010-05-30 00:01 . 2010-01-25 08:21 347136 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6002.18193_none_7146eaa0617e60c8\RMActivate_ssp.exe
+ 2010-05-30 00:01 . 2010-01-25 12:33 152576 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6001.22613_none_704096c97d34c90d\secproc_ssp.dll
+ 2010-05-30 00:01 . 2010-01-25 08:34 347136 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6001.22613_none_704096c97d34c90d\RMActivate_ssp.exe
+ 2010-05-30 00:01 . 2010-01-25 12:48 151040 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6001.18411_none_6fb4f7846418f96e\secproc_ssp.dll
+ 2010-05-30 00:01 . 2010-01-25 08:34 347136 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6001.18411_none_6fb4f7846418f96e\RMActivate_ssp.exe
+ 2010-05-30 00:01 . 2010-01-25 12:35 154112 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6000.21210_none_6e572d8180112232\secproc_ssp.dll
+ 2010-05-30 00:01 . 2010-01-25 08:27 435712 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6000.21210_none_6e572d8180112232\RMActivate_ssp.exe
+ 2010-05-30 00:01 . 2010-01-25 12:58 154112 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6000.17008_none_6de0610c66e43408\secproc_ssp.dll
+ 2010-05-30 00:01 . 2010-01-25 08:36 435712 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6000.17008_none_6de0610c66e43408\RMActivate_ssp.exe
+ 2010-05-30 00:01 . 2010-01-25 12:38 475648 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6002.22321_none_ebad56a205fcee15\secproc_isv.dll
+ 2010-05-30 00:01 . 2010-01-25 08:28 526336 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6002.22321_none_ebad56a205fcee15\RMActivate_isv.exe
+ 2010-05-30 00:01 . 2010-01-25 12:00 471552 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6002.18193_none_eada0910ed164769\secproc_isv.dll
+ 2010-05-30 00:01 . 2010-01-25 08:21 526336 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6002.18193_none_eada0910ed164769\RMActivate_isv.exe
+ 2010-05-30 00:01 . 2010-01-25 12:33 476672 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6001.22613_none_e9d3b53a08ccafae\secproc_isv.dll
+ 2010-05-30 00:01 . 2010-01-25 08:34 526336 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6001.22613_none_e9d3b53a08ccafae\RMActivate_isv.exe
+ 2010-05-30 00:01 . 2010-01-25 12:48 472576 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6001.18411_none_e94815f4efb0e00f\secproc_isv.dll
+ 2010-05-30 00:01 . 2010-01-25 08:35 523776 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6001.18411_none_e94815f4efb0e00f\RMActivate_isv.exe
+ 2010-05-30 00:01 . 2010-01-25 12:35 473088 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6000.21210_none_e7ea4bf20ba908d3\secproc_isv.dll
+ 2010-05-30 00:01 . 2010-01-25 08:28 523776 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6000.21210_none_e7ea4bf20ba908d3\RMActivate_isv.exe
+ 2010-05-30 00:01 . 2010-01-25 12:58 473088 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6000.17008_none_e7737f7cf27c1aa9\secproc_isv.dll
+ 2010-05-30 00:01 . 2010-01-25 08:35 523776 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6000.17008_none_e7737f7cf27c1aa9\RMActivate_isv.exe
+ 2010-05-30 00:01 . 2010-01-25 12:38 153088 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6002.22321_none_f772482c14c2182f\secproc_ssp_isv.dll
+ 2010-05-30 00:01 . 2010-01-25 08:28 346624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6002.22321_none_f772482c14c2182f\RMActivate_ssp_isv.exe
+ 2010-05-30 00:01 . 2010-01-25 12:00 152576 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6002.18193_none_f69efa9afbdb7183\secproc_ssp_isv.dll
+ 2010-05-30 00:01 . 2010-01-25 08:21 346624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6002.18193_none_f69efa9afbdb7183\RMActivate_ssp_isv.exe
+ 2010-05-30 00:01 . 2010-01-25 12:33 153088 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6001.22613_none_f598a6c41791d9c8\secproc_ssp_isv.dll
+ 2010-05-30 00:01 . 2010-01-25 08:34 346624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6001.22613_none_f598a6c41791d9c8\RMActivate_ssp_isv.exe
+ 2010-05-30 00:01 . 2010-01-25 12:48 151040 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6001.18411_none_f50d077efe760a29\secproc_ssp_isv.dll
+ 2010-05-30 00:01 . 2010-01-25 08:35 346624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6001.18411_none_f50d077efe760a29\RMActivate_ssp_isv.exe
+ 2010-05-30 00:01 . 2010-01-25 12:35 154624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6000.21210_none_f3af3d7c1a6e32ed\secproc_ssp_isv.dll
+ 2010-05-30 00:01 . 2010-01-25 08:28 431104 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6000.21210_none_f3af3d7c1a6e32ed\RMActivate_ssp_isv.exe
+ 2010-05-30 00:01 . 2010-01-25 12:58 154624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6000.17008_none_f3387107014144c3\secproc_ssp_isv.dll
+ 2010-05-30 00:01 . 2010-01-25 08:36 431104 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6000.17008_none_f3387107014144c3\RMActivate_ssp_isv.exe
+ 2010-05-30 00:01 . 2010-01-25 12:35 352768 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6002.22321_none_ea59157ba997c9d0\msdrm.dll
+ 2010-05-30 00:01 . 2010-01-25 11:58 332288 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6002.18193_none_e985c7ea90b12324\msdrm.dll
+ 2010-05-30 00:01 . 2010-01-25 12:31 336384 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6001.22613_none_e87f7413ac678b69\msdrm.dll
+ 2010-05-30 00:01 . 2010-01-25 12:45 329216 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6001.18411_none_e7f3d4ce934bbbca\msdrm.dll
+ 2010-05-30 00:01 . 2010-01-25 12:34 312832 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6000.21210_none_e6960acbaf43e48e\msdrm.dll
+ 2010-05-30 00:01 . 2010-01-25 12:56 312320 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6000.17008_none_e61f3e569616f664\msdrm.dll
+ 2010-05-31 07:01 . 2010-02-20 23:08 374272 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\iisw3adm.dll
+ 2010-05-31 07:01 . 2010-02-20 23:05 373760 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\iisw3adm.dll
+ 2010-05-31 07:01 . 2010-02-20 23:29 371712 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\iisw3adm.dll
+ 2010-05-31 07:01 . 2010-02-20 23:37 371712 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\iisw3adm.dll
+ 2010-05-31 07:01 . 2010-02-20 23:31 322560 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\iisw3adm.dll
+ 2010-05-31 07:01 . 2010-02-20 23:52 322560 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\iisw3adm.dll
+ 2010-05-30 00:01 . 2010-02-18 13:59 438272 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22636_none_cd93a82a43bb5573\IKEEXT.DLL
+ 2010-05-30 00:01 . 2010-02-18 13:59 595456 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22636_none_cd93a82a43bb5573\FWPUCLNT.DLL
+ 2010-05-30 00:01 . 2010-02-18 13:57 328704 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22636_none_cd93a82a43bb5573\BFE.DLL
+ 2010-05-30 00:01 . 2010-02-18 13:56 416768 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21226_none_cbb80fac468cdeac\IKEEXT.DLL
+ 2010-05-30 00:01 . 2010-02-18 13:56 543232 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21226_none_cbb80fac468cdeac\FWPUCLNT.DLL
+ 2010-05-30 00:01 . 2010-02-18 13:55 317440 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21226_none_cbb80fac468cdeac\BFE.DLL
+ 2010-05-30 00:01 . 2010-02-18 17:36 220040 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22636_none_570aa516ce7e04c9\netio.sys
+ 2010-05-30 00:01 . 2010-02-18 14:34 213896 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21226_none_552f0c98d14f8e02\netio.sys
+ 2010-05-30 00:02 . 2009-10-14 14:12 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9\WMM2AE.dll
+ 2010-05-30 00:02 . 2009-10-14 12:23 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9\MOVIEMK.exe
+ 2010-05-30 00:02 . 2009-04-11 06:28 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\WMM2AE.dll
+ 2010-05-30 00:02 . 2009-04-11 06:27 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\MOVIEMK.exe
+ 2010-05-30 00:02 . 2009-10-14 15:08 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459\WMM2AE.dll
+ 2010-05-30 00:02 . 2009-10-14 13:16 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459\MOVIEMK.exe
+ 2008-01-21 02:25 . 2008-01-21 02:25 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\WMM2AE.dll
+ 2010-05-30 00:02 . 2009-10-14 12:43 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\MOVIEMK.exe
+ 2010-05-30 00:02 . 2009-10-14 14:51 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a\WMM2AE.dll
+ 2010-05-30 00:02 . 2009-10-14 12:44 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a\MOVIEMK.exe
+ 2010-05-30 00:02 . 2009-10-14 15:06 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290\WMM2AE.dll
+ 2010-05-30 00:02 . 2009-10-14 12:54 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290\MOVIEMK.exe
+ 2010-05-30 00:02 . 2010-01-29 16:07 738816 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.22325_none_7c10a4356edc41af\inetcomm.dll
+ 2010-05-30 00:02 . 2010-01-29 15:40 738816 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.18197_none_7b3d56a455f59b03\inetcomm.dll
+ 2010-05-30 00:02 . 2010-01-29 16:08 738304 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.22621_none_7a26312571b9872f\inetcomm.dll
+ 2010-05-30 00:02 . 2010-01-29 16:21 738304 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18416_none_79ac63d2588f4d00\inetcomm.dll
+ 2010-05-31 07:01 . 2010-02-20 23:10 333312 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\nativerd.dll
+ 2010-05-31 07:01 . 2010-02-20 23:08 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisutil.dll
+ 2010-05-31 07:01 . 2010-02-20 21:22 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iissetup.exe
+ 2010-05-31 07:01 . 2010-02-20 23:08 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisRtl.dll
+ 2010-05-31 07:01 . 2010-02-20 21:22 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisres.dll
+ 2010-05-31 07:01 . 2010-02-20 23:11 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iismig.dll
+ 2010-05-31 07:01 . 2010-02-20 21:22 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\aspnetca.exe
+ 2010-05-31 07:01 . 2010-02-20 23:07 311808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\appobj.dll
+ 2010-05-31 07:01 . 2010-02-20 21:22 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\appcmd.exe
+ 2010-01-11 05:37 . 2009-11-09 12:31 331264 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\nativerd.dll
+ 2010-01-11 05:37 . 2009-11-09 12:30 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisutil.dll
+ 2010-01-11 05:37 . 2009-11-09 10:49 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iissetup.exe
+ 2010-01-11 05:37 . 2009-11-09 12:30 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisRtl.dll
+ 2010-01-11 05:37 . 2009-11-09 10:48 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisres.dll
+ 2010-01-11 05:37 . 2009-11-09 12:32 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iismig.dll
+ 2010-01-11 05:37 . 2009-11-09 10:49 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\aspnetca.exe
+ 2010-01-11 05:37 . 2009-11-09 12:28 311808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\appobj.dll
+ 2010-01-11 05:37 . 2009-11-09 10:48 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\appcmd.exe
+ 2010-05-31 07:01 . 2010-02-20 23:30 331776 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\nativerd.dll
+ 2010-05-31 07:01 . 2010-02-20 23:29 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisutil.dll
+ 2010-05-31 07:01 . 2010-02-20 21:35 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iissetup.exe
+ 2010-05-31 07:01 . 2010-02-20 23:29 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisRtl.dll
+ 2010-05-31 07:01 . 2010-02-20 21:35 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisres.dll
+ 2010-05-31 07:01 . 2010-02-20 23:31 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iismig.dll
+ 2010-05-31 07:01 . 2010-02-20 21:35 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\aspnetca.exe
+ 2010-05-31 07:01 . 2010-02-20 23:26 311808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\appobj.dll
+ 2010-05-31 07:01 . 2010-02-20 21:35 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\appcmd.exe
+ 2010-01-11 05:37 . 2009-11-09 13:22 326656 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\nativerd.dll
+ 2010-01-11 05:37 . 2009-11-09 13:20 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisutil.dll
+ 2010-01-11 05:37 . 2009-11-09 11:22 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iissetup.exe
+ 2010-01-11 05:37 . 2009-11-09 13:20 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisRtl.dll
+ 2010-01-11 05:37 . 2009-11-09 11:21 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisres.dll
+ 2010-01-11 05:37 . 2009-11-09 13:23 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iismig.dll
+ 2010-01-11 05:37 . 2009-11-09 11:22 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\aspnetca.exe
+ 2010-01-11 05:37 . 2009-11-09 13:18 311296 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\appobj.dll
+ 2010-01-11 05:37 . 2009-11-09 11:21 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\appcmd.exe
+ 2010-05-31 07:01 . 2010-02-20 23:34 236032 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\nativerd.dll
+ 2010-05-31 07:01 . 2010-02-20 23:31 189952 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisutil.dll
+ 2010-05-31 07:01 . 2010-02-20 21:31 195072 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iissetup.exe
+ 2010-05-31 07:01 . 2010-02-20 23:31 148480 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisRtl.dll
+ 2010-05-31 07:01 . 2010-02-20 20:21 183808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisres.dll
+ 2010-05-31 07:01 . 2010-02-20 23:35 128512 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iismig.dll
+ 2010-05-31 07:01 . 2010-02-20 21:31 178176 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\aspnetca.exe
+ 2010-05-31 07:01 . 2010-02-20 23:30 297472 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\appobj.dll
+ 2010-05-31 07:01 . 2010-02-20 21:31 150528 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\appcmd.exe
+ 2010-05-31 07:01 . 2010-02-20 23:54 236032 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\nativerd.dll
+ 2010-05-31 07:01 . 2010-02-20 23:52 189952 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisutil.dll
+ 2010-05-31 07:01 . 2010-02-20 21:47 195072 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iissetup.exe
+ 2010-05-31 07:01 . 2010-02-20 23:52 148480 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisRtl.dll
+ 2010-05-31 07:01 . 2010-02-20 20:30 183808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisres.dll
+ 2010-05-31 07:01 . 2010-02-20 23:55 128512 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iismig.dll
+ 2010-05-31 07:01 . 2010-02-20 21:47 178176 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\aspnetca.exe
+ 2010-05-31 07:01 . 2010-02-20 23:50 297472 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\appobj.dll
+ 2010-05-31 07:01 . 2010-02-20 21:47 150528 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\appcmd.exe
+ 2010-05-31 07:01 . 2010-02-20 23:08 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6002.22343_none_6bd150839a36b650\isapi.dll
+ 2010-05-31 07:01 . 2010-02-20 23:05 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6002.18210_none_6b65229e810376ae\isapi.dll
+ 2010-05-31 07:01 . 2010-02-20 23:29 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6001.22638_none_69faaff99d03c3ee\isapi.dll
+ 2010-05-31 07:01 . 2010-02-20 23:37 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6001.18428_none_697be13483de0b0c\isapi.dll
+ 2010-05-31 07:01 . 2010-02-20 23:32 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6000.21227_none_681e17319fd633d0\isapi.dll
+ 2010-05-31 07:01 . 2010-02-20 23:52 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6000.17022_none_678f770e86bd182c\isapi.dll
+ 2010-05-31 07:01 . 2010-02-20 23:08 190976 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.22343_none_d1f1e1863fa65f97\iiscore.dll
+ 2010-05-31 07:01 . 2010-02-20 23:05 190976 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18210_none_d185b3a126731ff5\iiscore.dll
+ 2010-05-31 07:01 . 2010-02-20 23:29 190976 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.22638_none_d01b40fc42736d35\iiscore.dll
+ 2010-05-31 07:01 . 2010-02-20 23:37 189952 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.18428_none_cf9c7237294db453\iiscore.dll
+ 2010-05-31 07:01 . 2010-02-20 23:31 164864 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.21227_none_ce3ea8344545dd17\iiscore.dll
+ 2010-05-31 07:01 . 2010-02-20 23:52 164864 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.17022_none_cdb008112c2cc173\iiscore.dll
+ 2010-05-30 00:01 . 2010-03-09 14:03 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.21242_none_0bbe0cfdf032f65c\ieuser.exe
+ 2010-05-30 00:01 . 2010-03-09 14:18 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.17037_none_0b443faad708bc2d\ieuser.exe
+ 2010-05-30 00:01 . 2010-03-09 14:03 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.21242_none_e715d7e1adb836aa\ieinstal.exe
+ 2010-05-30 00:01 . 2010-03-09 14:18 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.17037_none_e69c0a8e948dfc7b\ieinstal.exe
+ 2010-05-30 00:01 . 2010-03-11 16:49 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22360_none_66d1a548c49397a0\ieui.dll
+ 2010-05-30 00:01 . 2010-03-09 15:39 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18226_none_667949e9ab50201c\ieui.dll
+ 2010-05-30 00:01 . 2010-03-11 16:38 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22653_none_64f9042ac7627290\ieui.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18444_none_647b35afae3bd305\ieui.dll
+ 2010-05-30 00:01 . 2010-03-09 16:27 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21242_none_631c6b62ca34e272\ieui.dll
+ 2010-05-30 00:01 . 2010-03-09 16:50 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.17037_none_62a29e0fb10aa843\ieui.dll
+ 2010-05-30 00:01 . 2010-03-11 16:39 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22653_none_47fa41e4a5c7998a\sqmapi.dll
+ 2010-05-30 00:01 . 2010-03-11 16:38 271360 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22653_none_47fa41e4a5c7998a\iertutil.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18444_none_477c73698ca0f9ff\sqmapi.dll
+ 2010-05-30 00:01 . 2010-03-09 16:25 270848 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18444_none_477c73698ca0f9ff\iertutil.dll
+ 2010-05-30 00:01 . 2010-03-09 16:31 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21242_none_461da91ca89a096c\sqmapi.dll
+ 2010-05-30 00:01 . 2010-03-09 16:27 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21242_none_461da91ca89a096c\iertutil.dll
+ 2010-05-30 00:01 . 2010-03-09 16:54 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.17037_none_45a3dbc98f6fcf3d\sqmapi.dll
+ 2010-05-30 00:01 . 2010-03-09 16:50 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.17037_none_45a3dbc98f6fcf3d\iertutil.dll
+ 2010-05-30 00:02 . 2010-03-11 16:39 146432 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.22653_none_377cffb72d667ef8\occache.dll
+ 2010-05-30 00:02 . 2010-03-09 16:27 146432 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.18444_none_36ff313c143fdf6d\occache.dll
+ 2010-05-30 00:01 . 2010-03-09 16:30 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.21242_none_35a066ef3038eeda\occache.dll
+ 2010-05-30 00:01 . 2010-03-09 16:53 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.17037_none_3526999c170eb4ab\occache.dll
+ 2010-05-30 00:01 . 2010-03-11 16:40 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22653_none_2fb897943341ea10\iexplore.exe
+ 2010-05-30 00:01 . 2010-03-09 16:30 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18444_none_2f3ac9191a1b4a85\iexplore.exe
+ 2010-05-30 00:01 . 2010-03-09 16:32 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21242_none_2ddbfecc361459f2\iexplore.exe
+ 2010-05-30 00:01 . 2010-03-09 16:56 634648 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.17037_none_2d6231791cea1fc3\iexplore.exe
+ 2010-05-30 00:01 . 2010-03-11 16:50 477184 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6002.22360_none_4a58221059d9534b\mshtmled.dll
+ 2010-05-30 00:01 . 2010-03-09 15:40 477184 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6002.18226_none_49ffc6b14095dbc7\mshtmled.dll
+ 2010-05-30 00:01 . 2010-03-11 16:39 476672 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6001.22653_none_487f80f25ca82e3b\mshtmled.dll
+ 2010-05-30 00:01 . 2010-03-09 16:26 476672 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6001.18444_none_4801b27743818eb0\mshtmled.dll
+ 2010-05-30 00:01 . 2010-03-09 16:29 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.21242_none_46a2e82a5f7a9e1d\mshtmled.dll
+ 2010-05-30 00:01 . 2010-03-09 16:52 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.17037_none_46291ad7465063ee\mshtmled.dll
+ 2010-05-30 00:01 . 2010-03-11 16:39 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.22653_none_603d21d753b9cde5\msfeeds.dll
+ 2010-05-30 00:01 . 2010-03-09 16:26 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.18444_none_5fbf535c3a932e5a\msfeeds.dll
+ 2010-05-30 00:01 . 2010-03-09 16:29 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.21242_none_5e60890f568c3dc7\msfeeds.dll
+ 2010-05-30 00:01 . 2010-03-09 16:52 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.17037_none_5de6bbbc3d620398\msfeeds.dll
+ 2010-05-30 00:01 . 2010-03-09 16:26 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21242_none_96404dd29db9eb90\dxtrans.dll
+ 2010-05-30 00:01 . 2010-03-09 16:26 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21242_none_96404dd29db9eb90\dxtmsft.dll
+ 2010-05-30 00:01 . 2010-03-09 16:49 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.17037_none_95c6807f848fb161\dxtrans.dll
+ 2010-05-30 00:01 . 2010-03-09 16:49 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.17037_none_95c6807f848fb161\dxtmsft.dll
+ 2010-05-30 00:01 . 2010-03-11 16:49 193024 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_6.0.6002.22360_none_3ef2bd580882689f\iepeers.dll
+ 2010-05-30 00:01 . 2010-03-09 15:39 193024 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_6.0.6002.18226_none_3e9a61f8ef3ef11b\iepeers.dll
+ 2010-05-30 00:01 . 2010-03-11 16:38 193024 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_6.0.6001.22653_none_3d1a1c3a0b51438f\iepeers.dll
+ 2010-05-30 00:01 . 2010-03-09 16:25 193024 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_6.0.6001.18444_none_3c9c4dbef22aa404\iepeers.dll
+ 2010-05-30 00:01 . 2010-03-09 16:27 193024 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_6.0.6000.21242_none_3b3d83720e23b371\iepeers.dll
+ 2010-05-30 00:01 . 2010-03-09 16:50 192512 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_6.0.6000.17037_none_3ac3b61ef4f97942\iepeers.dll
+ 2010-05-30 00:01 . 2010-03-11 16:49 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6002.22360_none_fdc14f0082331a90\ieapfltr.dll
+ 2010-05-30 00:01 . 2010-03-09 15:39 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6002.18226_none_fd68f3a168efa30c\ieapfltr.dll
+ 2010-05-30 00:01 . 2010-03-11 16:38 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.22653_none_fbe8ade28501f580\ieapfltr.dll
+ 2010-05-30 00:01 . 2010-03-09 16:25 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.18444_none_fb6adf676bdb55f5\ieapfltr.dll
+ 2010-05-30 00:01 . 2010-03-09 16:27 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21242_none_fa0c151a87d46562\ieapfltr.dll
+ 2010-05-30 00:01 . 2010-03-09 16:50 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.17037_none_f99247c76eaa2b33\ieapfltr.dll
+ 2010-05-30 00:01 . 2010-03-11 16:38 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22653_none_ae88b958200952d3\ieakui.dll
+ 2010-05-30 00:01 . 2010-03-11 16:38 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22653_none_ae88b958200952d3\ieaksie.dll
+ 2006-11-02 07:27 . 2006-11-02 09:39 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18444_none_ae0aeadd06e2b348\ieakui.dll
+ 2010-05-30 00:01 . 2010-03-09 16:25 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18444_none_ae0aeadd06e2b348\ieaksie.dll
+ 2010-05-30 00:01 . 2010-03-09 16:27 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21242_none_acac209022dbc2b5\ieakui.dll
+ 2010-05-30 00:01 . 2010-03-09 16:27 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21242_none_acac209022dbc2b5\ieaksie.dll
+ 2010-05-30 00:01 . 2010-03-09 16:50 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.17037_none_ac32533d09b18886\ieakui.dll
+ 2010-05-30 00:01 . 2010-03-09 16:50 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.17037_none_ac32533d09b18886\ieaksie.dll
+ 2010-05-30 00:01 . 2010-03-11 16:38 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.22653_none_74a7040470c09bf4\iedkcs32.dll
+ 2010-05-30 00:01 . 2010-03-09 16:25 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.18444_none_742935895799fc69\iedkcs32.dll
+ 2010-05-30 00:01 . 2010-03-09 16:27 388608 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.21242_none_72ca6b3c73930bd6\iedkcs32.dll
+ 2010-05-30 00:01 . 2010-03-09 16:50 385024 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.17037_none_72509de95a68d1a7\iedkcs32.dll
+ 2010-05-30 00:02 . 2010-03-11 16:52 834560 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22360_none_04182c26b847a03d\wininet.dll
+ 2010-05-30 00:02 . 2010-03-09 15:42 834048 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18226_none_03bfd0c79f0428b9\wininet.dll
+ 2010-05-30 00:02 . 2010-03-11 16:40 834048 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22653_none_023f8b08bb167b2d\wininet.dll
+ 2010-05-30 00:02 . 2010-03-09 16:28 833024 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18444_none_01c1bc8da1efdba2\wininet.dll
+ 2010-05-30 00:02 . 2010-03-09 16:31 841216 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21242_none_0062f240bde8eb0f\wininet.dll
+ 2010-05-30 00:02 . 2010-03-09 16:54 832512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.17037_none_ffe924eda4beb0e0\wininet.dll
+ 2010-05-30 00:01 . 2010-02-18 13:42 211456 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.22341_none_1428eb9d92bddb72\iphlpsvc.dll
+ 2010-05-30 00:01 . 2010-02-18 13:30 200704 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6002.18209_none_13d290d27978969c\iphlpsvc.dll
+ 2010-05-30 00:01 . 2010-02-18 14:00 201216 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.22636_none_12524b13958ae910\iphlpsvc.dll
+ 2010-05-30 00:01 . 2010-02-18 14:11 190464 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.18427_none_11d47c987c644985\iphlpsvc.dll
+ 2010-05-30 00:01 . 2010-02-18 13:57 179712 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.21226_none_1076b295985c7249\iphlpsvc.dll
+ 2010-05-30 00:01 . 2010-02-18 14:19 179712 c:\windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.17021_none_0fe812727f4356a5\iphlpsvc.dll
+ 2010-05-30 00:01 . 2010-03-11 16:39 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22653_none_e11c3e2f95b61409\mstime.dll
+ 2010-05-30 00:01 . 2010-03-09 16:26 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18444_none_e09e6fb47c8f747e\mstime.dll
+ 2010-05-30 00:01 . 2010-03-09 16:29 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.21242_none_df3fa567988883eb\mstime.dll
+ 2010-05-30 00:01 . 2010-03-09 16:52 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.17037_none_dec5d8147f5e49bc\mstime.dll
+ 2010-05-31 07:01 . 2010-02-20 21:06 411648 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.22343_none_af08d5a82f3c8f92\http.sys
+ 2010-05-31 07:01 . 2010-02-20 20:53 411648 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.18210_none_ae9ca7c316094ff0\http.sys
+ 2010-05-31 07:01 . 2010-02-20 21:20 411136 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.22638_none_ad32351e32099d30\http.sys
+ 2010-05-31 07:01 . 2010-02-20 21:18 411136 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.18428_none_acb3665918e3e44e\http.sys
+ 2010-05-31 07:01 . 2010-02-20 21:16 398848 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.21227_none_ab559c5634dc0d12\http.sys
+ 2010-05-31 07:01 . 2010-02-20 21:30 396800 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.17022_none_aac6fc331bc2f16e\http.sys
+ 2010-05-30 00:01 . 2010-03-09 16:24 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.21242_none_aa45643d0ee66719\advpack.dll
+ 2010-05-30 00:01 . 2010-03-09 16:48 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.17037_none_a9cb96e9f5bc2cea\advpack.dll
+ 2008-08-01 13:58 . 2010-05-31 03:42 478222 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2008-01-21 02:25 . 2008-01-21 02:25 151040 c:\windows\System32\secproc_ssp_isv.dll
+ 2010-05-30 00:01 . 2010-01-25 12:48 151040 c:\windows\System32\secproc_ssp_isv.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 151040 c:\windows\System32\secproc_ssp.dll
+ 2010-05-30 00:01 . 2010-01-25 12:48 151040 c:\windows\System32\secproc_ssp.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 472576 c:\windows\System32\secproc_isv.dll
+ 2010-05-30 00:01 . 2010-01-25 12:48 472576 c:\windows\System32\secproc_isv.dll
+ 2010-05-30 00:01 . 2010-01-25 12:48 472064 c:\windows\System32\secproc.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 472064 c:\windows\System32\secproc.dll
+ 2010-05-30 00:01 . 2010-01-25 08:35 346624 c:\windows\System32\RMActivate_ssp_isv.exe
- 2008-01-21 02:25 . 2008-01-21 02:25 346624 c:\windows\System32\RMActivate_ssp_isv.exe
- 2008-01-21 02:24 . 2008-01-21 02:24 347136 c:\windows\System32\RMActivate_ssp.exe
+ 2010-05-30 00:01 . 2010-01-25 08:34 347136 c:\windows\System32\RMActivate_ssp.exe
+ 2010-05-30 00:01 . 2010-01-25 08:35 523776 c:\windows\System32\RMActivate_isv.exe
- 2008-01-21 02:24 . 2008-01-21 02:24 523776 c:\windows\System32\RMActivate_isv.exe
+ 2010-05-30 00:01 . 2010-01-25 08:34 511488 c:\windows\System32\RMActivate.exe
- 2006-11-02 10:33 . 2010-05-29 22:30 597360 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-05-31 08:31 597360 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-05-31 08:31 102066 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-05-29 22:30 102066 c:\windows\System32\perfc009.dat
+ 2010-05-30 00:02 . 2010-03-09 16:27 146432 c:\windows\System32\occache.dll
- 2010-02-15 12:13 . 2009-12-18 13:04 146432 c:\windows\System32\occache.dll
- 2010-02-15 12:13 . 2009-12-18 13:03 671232 c:\windows\System32\mstime.dll
+ 2010-05-30 00:01 . 2010-03-09 16:26 671232 c:\windows\System32\mstime.dll
+ 2010-05-30 00:01 . 2010-03-09 16:26 476672 c:\windows\System32\mshtmled.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 476672 c:\windows\System32\mshtmled.dll
+ 2010-05-30 00:01 . 2010-03-09 16:26 458240 c:\windows\System32\msfeeds.dll
- 2010-02-15 12:13 . 2009-12-18 13:02 458240 c:\windows\System32\msfeeds.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 329216 c:\windows\System32\msdrm.dll
+ 2010-05-30 00:01 . 2010-01-25 12:45 329216 c:\windows\System32\msdrm.dll
+ 2010-05-30 00:01 . 2010-02-18 14:11 190464 c:\windows\System32\iphlpsvc.dll
+ 2010-05-30 00:01 . 2010-03-09 16:25 270848 c:\windows\System32\iertutil.dll
- 2010-02-15 12:13 . 2009-12-18 13:01 270848 c:\windows\System32\iertutil.dll
- 2010-02-15 12:13 . 2009-12-18 13:01 193024 c:\windows\System32\iepeers.dll
+ 2010-05-30 00:01 . 2010-03-09 16:25 193024 c:\windows\System32\iepeers.dll
- 2010-02-15 12:13 . 2009-12-18 13:01 389120 c:\windows\System32\iedkcs32.dll
+ 2010-05-30 00:01 . 2010-03-09 16:25 389120 c:\windows\System32\iedkcs32.dll
+ 2010-05-30 00:01 . 2010-03-09 16:25 380928 c:\windows\System32\ieapfltr.dll
- 2010-02-15 12:13 . 2009-12-18 13:01 380928 c:\windows\System32\ieapfltr.dll
- 2010-02-15 12:13 . 2009-12-18 13:01 230400 c:\windows\System32\ieaksie.dll
+ 2010-05-30 00:01 . 2010-03-09 16:25 230400 c:\windows\System32\ieaksie.dll
+ 2010-05-30 00:01 . 2010-02-18 14:49 898952 c:\windows\System32\drivers\tcpip.sys
+ 2010-05-31 08:01 . 2010-05-31 08:01 847872 c:\windows\Installer\734cd92.msi
+ 2010-05-31 08:01 . 2010-05-31 08:01 836608 c:\windows\Installer\734cd85.msi
- 2008-03-21 13:51 . 2009-10-17 19:32 217864 c:\windows\Installer\{91120000-00A1-0000-0000-0000000FF1CE}\misc.exe
+ 2008-03-21 13:51 . 2010-05-31 08:02 217864 c:\windows\Installer\{91120000-00A1-0000-0000-0000000FF1CE}\misc.exe
+ 2008-03-21 13:51 . 2010-05-31 08:02 184080 c:\windows\Installer\{91120000-00A1-0000-0000-0000000FF1CE}\joticon.exe
- 2008-03-21 13:51 . 2009-10-17 19:32 184080 c:\windows\Installer\{91120000-00A1-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-03-21 13:53 . 2010-05-31 08:02 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-03-21 13:53 . 2010-01-11 05:43 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-03-21 13:53 . 2010-05-31 08:02 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-03-21 13:53 . 2010-01-11 05:43 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-03-21 13:53 . 2010-01-11 05:43 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-03-21 13:53 . 2010-05-31 08:02 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-03-21 13:53 . 2010-05-31 08:02 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2008-03-21 13:53 . 2010-01-11 05:43 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-11-02 06:20 . 2010-05-31 08:03 272648 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\pubs.exe
- 2008-11-02 06:20 . 2009-10-17 19:33 272648 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-11-02 06:20 . 2010-05-31 08:03 217864 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\misc.exe
- 2008-11-02 06:20 . 2009-10-17 19:33 217864 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\misc.exe
+ 2008-10-25 11:52 . 2008-10-25 11:52 664968 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL
+ 2008-10-25 11:52 . 2008-10-25 11:52 604056 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL
+ 2010-05-30 00:02 . 2010-02-18 14:21 3550088 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22341_none_6e763a6bca868234\ntoskrnl.exe
+ 2010-05-30 00:02 . 2010-02-18 14:21 3601800 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22341_none_6e763a6bca868234\ntkrnlpa.exe
+ 2010-05-30 00:02 . 2010-02-18 14:07 3548040 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18209_none_6e1fdfa0b1413d5e\ntoskrnl.exe
+ 2010-05-30 00:02 . 2010-02-18 14:07 3600776 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18209_none_6e1fdfa0b1413d5e\ntkrnlpa.exe
+ 2010-05-30 00:02 . 2010-02-18 17:36 3548560 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22636_none_6c9f99e1cd538fd2\ntoskrnl.exe
+ 2010-05-30 00:02 . 2010-02-18 17:36 3600776 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22636_none_6c9f99e1cd538fd2\ntkrnlpa.exe
+ 2010-05-30 00:02 . 2010-02-18 14:49 3545992 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18427_none_6c21cb66b42cf047\ntoskrnl.exe
+ 2010-05-30 00:02 . 2010-02-18 14:49 3598216 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18427_none_6c21cb66b42cf047\ntkrnlpa.exe
+ 2010-05-30 00:02 . 2010-02-18 14:34 3470216 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21226_none_6ac40163d025190b\ntoskrnl.exe
+ 2010-05-30 00:02 . 2010-02-18 14:34 3504008 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21226_none_6ac40163d025190b\ntkrnlpa.exe
+ 2010-05-30 00:02 . 2010-02-18 14:54 3468168 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.17021_none_6a356140b70bfd67\ntoskrnl.exe
+ 2010-05-30 00:02 . 2010-02-18 14:54 3502480 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.17021_none_6a356140b70bfd67\ntkrnlpa.exe
+ 2010-05-29 23:59 . 2010-04-01 11:58 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22386_none_f4a7b4b181f9b16a\OESpamFilter.dat
+ 2010-05-29 23:59 . 2010-04-01 11:57 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18245_none_f448574c68bc8885\OESpamFilter.dat
+ 2010-05-29 23:59 . 2010-04-01 11:58 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22673_none_f2c911d784cdf450\OESpamFilter.dat
+ 2010-05-29 23:59 . 2010-04-01 13:20 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18462_none_f24942c86ba92217\OESpamFilter.dat
+ 2010-05-30 00:02 . 2010-01-29 13:49 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.22325_none_5ade3b513b99bff2\MSOERES.dll
+ 2010-05-30 00:02 . 2010-01-29 16:08 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.22325_none_5ade3b513b99bff2\msoe.dll
+ 2006-11-02 12:34 . 2006-11-02 12:34 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.18197_none_5a0aedc022b31946\MSOERES.dll
+ 2010-05-30 00:02 . 2010-01-29 15:40 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.18197_none_5a0aedc022b31946\msoe.dll
+ 2010-05-30 00:02 . 2010-01-29 13:57 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.22621_none_58f3c8413e770572\MSOERES.dll
+ 2010-05-30 00:02 . 2010-01-29 16:09 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.22621_none_58f3c8413e770572\msoe.dll
+ 2006-11-02 12:34 . 2006-11-02 12:34 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.18416_none_5879faee254ccb43\MSOERES.dll
+ 2010-05-30 00:02 . 2010-01-29 16:22 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.18416_none_5879faee254ccb43\msoe.dll
+ 2010-05-30 00:02 . 2010-03-11 16:49 6081536 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22360_none_66d1a548c49397a0\ieframe.dll
+ 2010-05-30 00:02 . 2010-03-09 15:39 6080000 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18226_none_667949e9ab50201c\ieframe.dll
+ 2010-05-30 00:01 . 2010-03-11 14:55 6072832 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22653_none_64f9042ac7627290\ieframe.dll
+ 2010-05-30 00:01 . 2010-03-09 16:25 6069248 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18444_none_647b35afae3bd305\ieframe.dll
+ 2010-05-30 00:01 . 2010-03-09 16:27 6070784 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21242_none_631c6b62ca34e272\ieframe.dll
+ 2010-05-30 00:01 . 2010-03-09 16:50 6067200 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.17037_none_62a29e0fb10aa843\ieframe.dll
+ 2010-05-30 00:02 . 2010-03-11 16:50 3602944 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22360_none_15724b45389e0973\mshtml.dll
+ 2010-05-30 00:02 . 2010-03-09 15:40 3601920 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18226_none_1519efe61f5a91ef\mshtml.dll
+ 2010-05-30 00:02 . 2010-03-11 16:39 3587072 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22653_none_1399aa273b6ce463\mshtml.dll
+ 2010-05-30 00:02 . 2010-03-09 16:26 3586048 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18444_none_131bdbac224644d8\mshtml.dll
+ 2010-05-30 00:02 . 2010-03-09 16:29 3602944 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21242_none_11bd115f3e3f5445\mshtml.dll
+ 2010-05-30 00:02 . 2010-03-09 16:52 3599872 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.17037_none_1143440c25151a16\mshtml.dll
+ 2009-07-28 23:06 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6002.22360_none_fdc14f0082331a90\ieapfltr.dat
+ 2009-07-28 23:06 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6002.18226_none_fd68f3a168efa30c\ieapfltr.dat
+ 2009-07-28 23:06 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.22653_none_fbe8ade28501f580\ieapfltr.dat
+ 2009-07-28 23:06 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.18444_none_fb6adf676bdb55f5\ieapfltr.dat
+ 2009-07-28 23:06 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21242_none_fa0c151a87d46562\ieapfltr.dat
+ 2009-07-28 23:06 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.17037_none_f99247c76eaa2b33\ieapfltr.dat
+ 2010-05-30 00:01 . 2010-03-11 16:52 1176576 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22360_none_b7125084ed3e79aa\urlmon.dll
+ 2010-05-30 00:01 . 2010-03-09 15:42 1176064 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18226_none_b6b9f525d3fb0226\urlmon.dll
+ 2010-05-30 00:01 . 2010-03-11 16:40 1175552 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22653_none_b539af66f00d549a\urlmon.dll
+ 2010-05-30 00:01 . 2010-03-09 16:28 1174528 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18444_none_b4bbe0ebd6e6b50f\urlmon.dll
+ 2010-05-30 00:01 . 2010-03-09 16:31 1171968 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21242_none_b35d169ef2dfc47c\urlmon.dll
+ 2010-05-30 00:01 . 2010-03-09 16:54 1168384 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.17037_none_b2e3494bd9b58a4d\urlmon.dll
+ 2009-08-26 03:47 . 2009-04-11 06:28 1696768 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18005_none_43ebc81abe5eccc7\gameux.dll
- 2010-02-15 12:13 . 2009-12-18 13:05 1174528 c:\windows\System32\urlmon.dll
+ 2010-05-30 00:01 . 2010-03-09 16:28 1174528 c:\windows\System32\urlmon.dll
+ 2006-11-02 10:22 . 2010-05-31 08:24 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2010-02-21 02:26 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-05-30 00:02 . 2010-03-09 16:26 3586048 c:\windows\System32\mshtml.dll
+ 2010-05-30 00:01 . 2010-03-09 16:25 6069248 c:\windows\System32\ieframe.dll
- 2010-02-15 12:13 . 2009-12-18 13:01 6069248 c:\windows\System32\ieframe.dll
+ 2006-11-02 12:47 . 2010-05-31 08:23 2333784 c:\windows\System32\FNTCACHE.DAT
+ 2008-07-24 18:40 . 2010-05-31 13:14 1310720 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-24 18:40 . 2010-05-29 22:38 1310720 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 12:47 . 2010-05-31 08:24 2637641 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
- 2006-11-02 12:47 . 2010-01-11 06:10 2637641 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2010-02-21 05:03 . 2010-02-21 05:03 4472832 c:\windows\Installer\734cd1f.msp
+ 2010-02-04 21:24 . 2010-02-04 21:24 9122304 c:\windows\Installer\734cd07.msp
+ 2009-10-16 11:08 . 2009-10-16 11:08 2237952 c:\windows\Installer\734ccdd.msp
+ 2010-02-21 05:00 . 2010-02-21 05:00 8480768 c:\windows\Installer\734ccbb.msp
+ 2010-02-21 05:02 . 2010-02-21 05:02 4195840 c:\windows\Installer\734ccb2.msp
+ 2008-03-21 13:53 . 2010-05-31 08:02 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-03-21 13:53 . 2010-01-11 05:43 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-08-26 02:50 . 2008-08-26 02:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VBE6.DLL
+ 2009-03-06 08:00 . 2009-03-06 08:00 6596472 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONMAIN.DLL
+ 2008-11-10 14:49 . 2008-11-10 14:49 1165680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONLIBS.DLL
+ 2008-11-25 02:16 . 2008-11-25 02:16 1020776 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTE.EXE
+ 2010-05-30 21:13 . 2010-05-31 19:15 6328320 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2010-05-30 00:02 . 2009-10-14 14:10 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9\MOVIEMK.dll
+ 2010-05-30 00:02 . 2009-10-14 13:58 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\MOVIEMK.dll
+ 2010-05-30 00:02 . 2009-10-14 15:06 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459\MOVIEMK.dll
+ 2010-05-30 00:02 . 2009-10-14 14:45 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\MOVIEMK.dll
+ 2010-05-30 00:02 . 2009-10-14 14:48 10921984 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a\MOVIEMK.dll
+ 2010-05-30 00:02 . 2009-10-14 15:02 10922496 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290\MOVIEMK.dll
+ 2006-11-02 10:24 . 2010-04-30 15:51 32058312 c:\windows\System32\mrt.exe
+ 2010-03-22 20:03 . 2010-03-22 20:03 11732992 c:\windows\Installer\734cd9e.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-29 02:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-29 02:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Lou\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-07 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]

c:\users\Debby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
TrayMin1300.lnk - c:\program files\Philips\Philips SPC1300NC Webcam\TrayMin1300.exe [2009-1-6 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-29 02:46 90112 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-6683308-3889578530-3044928126-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 KmxAMVet;KmxAMVet;c:\windows\system32\Drivers\KmxAMVet.sys [2009-03-27 598656]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 NVIDIAHWAccess;NVIDIAHWAccess;c:\users\Lou\AppData\Roaming\NVIDIA\HWAccess.sys [x]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2007-07-16 88320]
R3 SPC1300;USB2.0 PC Camera (SPC1300);c:\windows\system32\DRIVERS\spc1300.sys [2007-10-18 3033728]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-08 721904]
S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys [2009-12-23 132088]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2009-12-23 78840]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2010-04-22 206160]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-09-07 1373480]
S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2009-08-04 887288]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2009-07-13 760664]
S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2009-07-27 227832]
S3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2009-09-30 239608]
S3 MSTabBtn;Quanta Computer Tablet PC Buttons HID Driver;c:\windows\system32\DRIVERS\mstabbtn.sys [2007-03-09 10496]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2008-07-31 11048]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2008-07-31 14120]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2008-07-31 16808]
S3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\DRIVERS\wisdpen.sys [2007-07-30 30248]


--- Other Services/Drivers In Memory ---

*Deregistered* - opdgzwu

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-6683308-3889578530-3044928126-1000Core.job
- c:\users\Lou\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-07 02:18]

2010-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-6683308-3889578530-3044928126-1000UA.job
- c:\users\Lou\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-07 02:18]

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-6683308-3889578530-3044928126-1001Core.job
- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 01:45]

2010-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-6683308-3889578530-3044928126-1001UA.job
- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 01:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\6n4jtiuu.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\GameTap\bin\Release\npgametaptool.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Lou\AppData\Local\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\users\Lou\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Lou\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\Lou\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 15:28
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\opdgzwu]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-6683308-3889578530-3044928126-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2277A9DF-385D-864C-096F-3E7A78B30374}*]
"hahihlfipdnjkldl"=hex:6a,61,6e,66,62,6a,62,6a,61,6d,62,6b,62,65,6d,6c,6b,70,
61,69,00,00
"iabjpkkdkigkflhgib"=hex:6a,61,6b,66,6f,69,67,70,6a,63,6a,6d,62,6c,69,65,65,63,
63,69,00,00

[HKEY_USERS\S-1-5-21-6683308-3889578530-3044928126-1000\Software\SecuROM\License information*]
"datasecu"=hex:67,c8,f0,d7,c0,3e,80,28,c8,b5,c0,28,97,b6,2d,47,d6,d5,51,10,88,
77,25,a2,a9,2f,31,3b,ff,d3,66,45,aa,07,56,99,32,56,8a,41,05,a4,c5,5c,b9,25,\
"rkeysecu"=hex:e2,26,6d,94,9c,ba,ad,1d,64,79,70,1b,d8,19,de,23

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2277A9DF-385D-864C-096F-3E7A78B30374}\InProcServer32*]
"jaliaphkhfodcohifjnc"=hex:6a,61,6b,66,6f,69,67,70,6a,63,6a,6d,62,6c,69,65,65,
63,63,69,00,00
"ialioononjcajfillb"=hex:6a,61,6e,66,62,6a,62,6a,61,6d,62,6b,62,65,6d,6c,6b,70,
61,69,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'Explorer.exe'(7212)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\btmmhook.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-05-31 15:32:25
ComboFix-quarantined-files.txt 2010-05-31 19:32
ComboFix2.txt 2010-05-30 21:30
ComboFix3.txt 2010-05-29 22:41

Pre-Run: 137,032,347,648 bytes free
Post-Run: 136,987,668,480 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6
- - End Of File - - E1DFF15473A1E22F1EFA9C99D79843BB


#13 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:49 AM

Posted 31 May 2010 - 06:26 PM

QUOTE
None of my three web browsers work on my own user account anymore (some registry error,) but they work on my brother's account fine.



What is the registry error you are seeing on your account?

When did the three web browsers stop working?
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 Lou Lessing

Lou Lessing
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 31 May 2010 - 07:54 PM

"Illegal operation attempted on a registry key that has been marked for deletion." Or something very like that.

Apparently it's any application, Paint isn't working either. (I tried to take a screenshot.)

And it happened as soon as combofix was finished running. Everything works perfectly on other user accounts, just not the account that I ran combofix for.

#15 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:49 AM

Posted 31 May 2010 - 08:47 PM



Reboot the computer again. That should fix the issue.

Edited by SifuMike, 31 May 2010 - 09:57 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users