Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help highjacked


  • This topic is locked This topic is locked
25 replies to this topic

#1 davehill50

davehill50

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 15 June 2010 - 12:24 PM

Need help!

Internet has been highjacked, Microsoft updates blocked and Google Chrome has been disabled,very frustrated. Have run Spybot, AVG, Malwarebytes and Microsoft security they have picked up a few things, but not all.

Thank you Dave





DDS (Ver_10-03-17.01) - NTFSx86
Run by Dave at 13:31:23.32 on 15/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.228 [GMT -3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============
y
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\Dave\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Dave\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\dave\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-6 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-22 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-22 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-22 242896]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-28 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-1-16 237568]
S2 gupdate1c9b539d92a6a6e;Google Update Service (gupdate1c9b539d92a6a6e);c:\program files\google\update\GoogleUpdate.exe [2009-4-4 133104]
S2 ppdrv;ppdrv;c:\windows\system32\SvchOst.eXE -k ppdrv [2009-1-16 14336]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-16 30192]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-1-16 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

=============== Created Last 30 ================

2010-06-15 02:23:16 0 d-----w- c:\program files\Microsoft Security Essentials
2010-06-15 00:22:41 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-15 00:22:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-12 14:25:09 0 d-----w- c:\docume~1\dave\applic~1\Malwarebytes
2010-06-10 00:06:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-10 00:06:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-10 00:06:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-10 00:06:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-06-03 14:00:06 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-29 19:56:13 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-28 18:27:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-01-17 00:40:47 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-04-04 17:00:41 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040420090405\index.dat
2009-07-22 17:24:34 32768 --sha-w- c:\windows\temp\cookies\index.dat
2009-07-22 17:24:34 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-07-22 17:24:37 98304 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 13:33:45.96 ===============


Attached Files

  • Attached File  DDS.txt   10.99KB   8 downloads

Edited by davehill50, 15 June 2010 - 12:53 PM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:42 AM

Posted 21 June 2010 - 11:00 AM

Hi,

If you still need help with this post fresh dds logs (dds.txt + attach.txt). Also, do this please:
Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck files option and then click scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 davehill50

davehill50
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 21 June 2010 - 09:16 PM


DDS (Ver_10-03-17.01) - NTFSx86
Run by Dave at 23:01:20.84 on 21/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.251 [GMT -3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning enabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\Dave\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dave\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\dave\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-6 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-22 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-22 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-22 242896]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-28 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-1-16 237568]
S2 gupdate1c9b539d92a6a6e;Google Update Service (gupdate1c9b539d92a6a6e);c:\program files\google\update\GoogleUpdate.exe [2009-4-4 133104]
S2 ppdrv;ppdrv;c:\windows\system32\SvchOst.eXE -k ppdrv [2009-1-16 14336]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-16 30192]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-1-16 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

=============== Created Last 30 ================

2010-06-18 07:12:38 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-17 12:55:30 95 ----a-w- c:\windows\wininit.ini
2010-06-15 02:23:16 0 d-----w- c:\program files\Microsoft Security Essentials
2010-06-15 00:22:41 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-15 00:22:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-12 14:25:09 0 d-----w- c:\docume~1\dave\applic~1\Malwarebytes
2010-06-10 00:06:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-10 00:06:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-10 00:06:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-10 00:06:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-06-03 14:00:06 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-29 19:56:13 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-28 18:27:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-01-17 00:40:47 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-04-04 17:00:41 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040420090405\index.dat
2009-07-22 17:24:34 32768 --sha-w- c:\windows\temp\cookies\index.dat
2009-07-22 17:24:34 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-07-22 17:24:37 98304 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 23:06:43.93 ===============

Attached Files



#4 davehill50

davehill50
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 21 June 2010 - 09:46 PM

Good Day!

Every time I run the GMER the scan will start, but will be interupted by a bluescreeen saying your computer has detected a serious problem and will shut down and restart

Thanks Dave

#5 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:42 AM

Posted 22 June 2010 - 04:38 AM

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#6 davehill50

davehill50
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 22 June 2010 - 10:37 PM

ComboFix 10-06-22.02 - Dave 23/06/2010 0:11.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.397 [GMT -3:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\cooper.mine
c:\windows\system32\Desktop_.ini
c:\windows\system32\h7t.wt
c:\windows\system32\hgtd.ruy
c:\windows\system32\nlyj
c:\windows\system32\nmklo.dll

Infected copy of c:\windows\system32\drivers\ql12160.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PPDRV
-------\Service_ppdrv


((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 )))))))))))))))))))))))))))))))
.

2010-06-18 20:36 . 2010-06-18 20:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-06-18 07:12 . 2010-06-23 02:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-15 02:23 . 2010-06-15 13:05 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-15 00:22 . 2010-06-15 13:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-15 00:22 . 2010-06-15 13:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-12 14:25 . 2010-06-12 14:25 -------- d-----w- c:\documents and settings\Dave\Application Data\Malwarebytes
2010-06-10 01:14 . 2010-06-10 01:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-10 01:14 . 2010-06-10 01:14 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-10 00:06 . 2010-06-10 00:06 -------- d-----w- c:\documents and settings\Bobbi\Application Data\Malwarebytes
2010-06-10 00:06 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-10 00:06 . 2010-06-10 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-10 00:06 . 2010-06-10 00:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-10 00:06 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-03 14:00 . 2010-06-03 14:00 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-03 14:00 . 2010-06-03 14:00 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-05-27 10:18 . 2010-05-27 10:18 503808 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-665e25de-n\msvcp71.dll
2010-05-27 10:18 . 2010-05-27 10:18 499712 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-665e25de-n\jmc.dll
2010-05-27 10:18 . 2010-05-27 10:18 61440 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-39885246-n\decora-sse.dll
2010-05-27 10:18 . 2010-05-27 10:18 348160 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-665e25de-n\msvcr71.dll
2010-05-27 10:18 . 2010-05-27 10:18 12800 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-39885246-n\decora-d3d.dll
2010-05-26 16:41 . 2010-05-26 16:41 503808 ----a-w- c:\documents and settings\Bobbi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2289b84c-n\msvcp71.dll
2010-05-26 16:41 . 2010-05-26 16:41 499712 ----a-w- c:\documents and settings\Bobbi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2289b84c-n\jmc.dll
2010-05-26 16:41 . 2010-05-26 16:41 348160 ----a-w- c:\documents and settings\Bobbi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2289b84c-n\msvcr71.dll
2010-05-26 16:41 . 2010-05-26 16:41 61440 ----a-w- c:\documents and settings\Bobbi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4247a531-n\decora-sse.dll
2010-05-26 16:41 . 2010-05-26 16:41 12800 ----a-w- c:\documents and settings\Bobbi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4247a531-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 03:17 . 2009-01-16 23:18 578560 ----a-w- c:\windows\system32\user32.dll
2010-06-15 03:30 . 2010-06-15 13:01 143104 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2010-06-12 14:27 . 2009-01-17 00:37 -------- d-----w- c:\program files\Google
2010-06-03 14:00 . 2009-07-22 17:52 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 14:00 . 2009-07-22 17:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-29 19:57 . 2010-04-29 19:57 -------- d-----w- c:\program files\Common Files\Java
2010-04-29 19:56 . 2010-04-29 19:56 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-28 18:28 . 2009-07-22 17:52 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-28 18:27 . 2009-07-22 17:52 12464 ----a-w- c:\windows\system32\avgrsstx.dll
.
Infected c:\windows\system32\user32.dll hex repaired


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-04 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-27 30192]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2008-11-03 196608]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-06 520024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-1-16 565248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-28 18:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:pdrv

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [06/07/2009 2:42 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22/07/2009 2:52 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22/07/2009 2:52 PM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [28/03/2010 3:23 PM 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 4:06 PM 1029456]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [16/01/2009 10:02 PM 237568]
S2 gupdate1c9b539d92a6a6e;Google Update Service (gupdate1c9b539d92a6a6e);c:\program files\Google\Update\GoogleUpdate.exe [04/04/2009 12:27 PM 133104]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [16/01/2009 9:37 PM 30192]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [16/01/2009 9:26 PM 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-05-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 18:09]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 15:27]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 15:27]

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1017937101-2170371235-3233042676-1006Core.job
- c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-12 23:17]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1017937101-2170371235-3233042676-1006UA.job
- c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-12 23:17]

2010-06-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 21:02]

2010-06-23 c:\windows\Tasks\User_Feed_Synchronization-{2CAFC2C9-0E6E-47CC-ADAF-B878EF0DDE2A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 00:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000001C76F6785F6868515D 524288 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4020)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\docume~1\Dave\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Completion time: 2010-06-23 00:34:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-23 03:34

Pre-Run: 117,816,086,528 bytes free
Post-Run: 118,567,362,560 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 0116289BD030A4DB50A7FE53A23ECD38


#7 davehill50

davehill50
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 22 June 2010 - 10:40 PM


DDS (Ver_10-03-17.01) - NTFSx86
Run by Dave at 0:37:31.09 on 23/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.408 [GMT -3:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\DOCUME~1\Dave\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Dave\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\dave\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-6 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-22 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-22 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-22 242896]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-28 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-1-16 237568]
S2 gupdate1c9b539d92a6a6e;Google Update Service (gupdate1c9b539d92a6a6e);c:\program files\google\update\GoogleUpdate.exe [2009-4-4 133104]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-16 30192]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-1-16 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

=============== Created Last 30 ================

2010-06-23 03:02:09 0 d-sha-r- C:\cmdcons
2010-06-23 02:58:00 77312 ----a-w- c:\windows\MBR.exe
2010-06-23 02:58:00 256512 ----a-w- c:\windows\PEV.exe
2010-06-23 02:58:00 161792 ----a-w- c:\windows\SWREG.exe
2010-06-23 02:57:59 98816 ----a-w- c:\windows\sed.exe
2010-06-18 07:12:38 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-17 12:55:30 95 ----a-w- c:\windows\wininit.ini
2010-06-15 02:23:16 0 d-----w- c:\program files\Microsoft Security Essentials
2010-06-15 00:22:41 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-15 00:22:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-12 14:25:09 0 d-----w- c:\docume~1\dave\applic~1\Malwarebytes
2010-06-10 00:06:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-10 00:06:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-10 00:06:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-10 00:06:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-06-23 03:17:13 578560 ----a-w- c:\windows\system32\user32.dll
2010-06-03 14:00:06 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-29 19:56:13 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-28 18:27:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-01-17 00:40:47 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-04-04 17:00:41 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040420090405\index.dat

============= FINISH: 0:37:48.93 ===============


#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:42 AM

Posted 23 June 2010 - 12:13 AM

Hi again,

It's recommended to have just one antivirus program installed. Decide which one, AVG or Microsoft Security Essentials, you want to keep.


Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
    and OK any prompts.
  • Restart your computer


Open notepad and copy/paste the text in the quotebox below into it:

CODE
Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"=-



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.



Download ATF (Atribune Temp File) Cleanerę by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.


Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 davehill50

davehill50
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 23 June 2010 - 03:02 PM

ComboFix 10-06-23.01 - Dave 23/06/2010 16:48:51.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.462 [GMT -3:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dave\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 )))))))))))))))))))))))))))))))
.

2010-06-23 04:49 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-18 20:36 . 2010-06-18 20:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-06-18 07:12 . 2010-06-23 02:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-15 00:22 . 2010-06-23 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-15 00:22 . 2010-06-23 15:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-12 14:25 . 2010-06-12 14:25 -------- d-----w- c:\documents and settings\Dave\Application Data\Malwarebytes
2010-06-10 01:14 . 2010-06-10 01:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-10 01:14 . 2010-06-10 01:14 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-10 00:06 . 2010-06-10 00:06 -------- d-----w- c:\documents and settings\Bobbi\Application Data\Malwarebytes
2010-06-10 00:06 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-10 00:06 . 2010-06-10 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-10 00:06 . 2010-06-10 00:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-10 00:06 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-03 14:00 . 2010-06-03 14:00 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-03 14:00 . 2010-06-03 14:00 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-05-27 10:18 . 2010-05-27 10:18 503808 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-665e25de-n\msvcp71.dll
2010-05-27 10:18 . 2010-05-27 10:18 499712 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-665e25de-n\jmc.dll
2010-05-27 10:18 . 2010-05-27 10:18 61440 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-39885246-n\decora-sse.dll
2010-05-27 10:18 . 2010-05-27 10:18 348160 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-665e25de-n\msvcr71.dll
2010-05-27 10:18 . 2010-05-27 10:18 12800 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-39885246-n\decora-d3d.dll
2010-05-26 16:41 . 2010-05-26 16:41 503808 ----a-w- c:\documents and settings\Bobbi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2289b84c-n\msvcp71.dll
2010-05-26 16:41 . 2010-05-26 16:41 499712 ----a-w- c:\documents and settings\Bobbi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2289b84c-n\jmc.dll
2010-05-26 16:41 . 2010-05-26 16:41 348160 ----a-w- c:\documents and settings\Bobbi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2289b84c-n\msvcr71.dll
2010-05-26 16:41 . 2010-05-26 16:41 61440 ----a-w- c:\documents and settings\Bobbi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4247a531-n\decora-sse.dll
2010-05-26 16:41 . 2010-05-26 16:41 12800 ----a-w- c:\documents and settings\Bobbi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4247a531-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 03:17 . 2009-01-16 23:18 578560 ----a-w- c:\windows\system32\user32.dll
2010-06-15 03:30 . 2010-06-15 13:01 143104 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2010-06-12 14:27 . 2009-01-17 00:37 -------- d-----w- c:\program files\Google
2010-06-03 14:00 . 2009-07-22 17:52 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 14:00 . 2009-07-22 17:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-06 10:41 . 2009-01-16 23:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2009-01-16 23:18 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:57 . 2010-04-29 19:57 -------- d-----w- c:\program files\Common Files\Java
2010-04-29 19:56 . 2010-04-29 19:56 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 05:30 . 2009-01-16 23:18 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-03-31 03:16 . 2010-03-31 03:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 03:10 . 2010-03-31 03:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-28 18:28 . 2009-07-22 17:52 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-28 18:27 . 2009-07-22 17:52 12464 ----a-w- c:\windows\system32\avgrsstx.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-23_03.28.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-23 15:28 . 2010-06-23 15:28 16384 c:\windows\Temp\Perflib_Perfdata_160.dat
+ 2010-02-24 18:34 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2010-02-24 18:34 . 2009-05-26 09:01 17272 c:\windows\system32\spmsg.dll
+ 2009-01-16 23:18 . 2010-06-23 19:40 90014 c:\windows\system32\perfc009.dat
+ 2009-11-07 04:07 . 2009-11-07 04:07 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 11600 c:\windows\system32\mui\0409\mscorees.dll
- 2007-08-14 02:54 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-14 02:54 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
+ 2009-12-05 15:45 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-12-05 15:45 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-04-04 17:58 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-04-04 17:58 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-01-16 23:18 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2009-01-16 23:18 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2010-04-08 02:48 . 2010-04-08 02:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2008-07-29 23:16 . 2008-07-29 23:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-03-23 08:31 . 2010-03-23 08:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
- 2010-04-15 19:24 . 2010-04-15 19:24 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-06-23 05:01 . 2010-06-23 05:01 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-06-23 05:18 . 2010-02-25 06:24 12800 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\11b5c5344eb40eeb36a818d2824fe3a1\WindowsLiveWriter.ni.exe
+ 2010-06-23 05:39 . 2010-06-23 05:39 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c69cc7d4e4fca9aa892ddfacc64cddb2\WindowsLive.Writer.Api.ni.dll
+ 2010-06-23 05:31 . 2010-06-23 05:31 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll
+ 2010-06-23 05:44 . 2010-06-23 05:44 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll
+ 2010-06-23 05:40 . 2010-06-23 05:40 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-06-23 05:28 . 2010-06-23 05:28 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe
+ 2010-06-23 05:24 . 2010-06-23 05:24 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-12-05 15:59 . 2009-12-05 15:59 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-23 05:12 . 2010-06-23 05:12 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-23 05:21 . 2010-06-23 05:21 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-06-15 00:32 . 2010-06-23 05:01 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-12-07 11:21 . 2009-12-07 11:21 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-01-16 23:18 . 2010-06-23 19:40 487070 c:\windows\system32\perfh009.dat
+ 2009-01-16 23:18 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2007-08-14 02:54 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 297808 c:\windows\system32\mscoree.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
- 2009-01-16 23:18 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
+ 2009-01-16 23:18 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
- 2009-01-16 15:28 . 2009-12-05 16:23 341032 c:\windows\system32\FNTCACHE.DAT
+ 2009-01-16 15:28 . 2010-06-23 05:26 341032 c:\windows\system32\FNTCACHE.DAT
- 2009-01-16 23:18 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-04-04 17:58 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-12-05 15:45 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-12-05 15:45 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-01-16 23:18 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-01-16 23:18 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-01-16 23:18 . 2008-04-14 12:00 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2009-01-16 23:18 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2010-03-31 03:16 . 2010-03-31 03:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 02:48 . 2010-04-08 02:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2010-04-08 02:48 . 2010-04-08 02:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
- 2008-07-29 23:16 . 2008-07-29 23:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 08:31 . 2010-03-23 08:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 15:22 . 2010-02-09 15:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-25 03:14 . 2010-02-25 03:14 543232 c:\windows\Installer\504773.msp
- 2009-06-15 00:32 . 2010-05-13 10:33 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-06-23 05:18 . 2010-02-25 06:24 916480 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-06-23 05:18 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-06-23 05:18 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-06-23 05:18 . 2010-02-25 06:24 206848 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 247808 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 184320 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-06-23 05:18 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 387584 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-06-23 05:18 . 2010-02-24 09:54 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-06-23 05:36 . 2010-06-23 05:36 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe
+ 2010-06-23 05:39 . 2010-06-23 05:39 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\31a06c9eb6c083d9b8710ac6ce1be937\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f0530ae077336e0eca143d4b32e8d34e\WindowsLive.Writer.Interop.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e50904b2c1e6e1ac5a4c7df032c2123c\WindowsLive.Writer.Mshtml.ni.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c6f20d937db1a69d005f791db60ee326\WindowsLive.Writer.Controls.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c35124ff18874635fa84856596f154cc\WindowsLive.Writer.Extensibility.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c1992981a0cafba5e0d3753b8ec39b21\WindowsLive.Writer.HtmlParser.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bea5a870bbb250130356c5dd8c2f3ca9\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b07e085adf681435595a729c5f8ca528\WindowsLive.Writer.Localization.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a148f5e5315f10bd4dfb626fdcf001c2\WindowsLive.Writer.FileDestinations.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\53a0614cafe16513d774a5d7b0473a73\WindowsLive.Writer.BlogClient.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4190016a1225c8f33b8ebd96addb2a8e\WindowsLive.Writer.Instrumentation.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\27e34aec3681f62ec3791cdfe9ac0230\WindowsLive.Writer.SpellChecker.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\18dce358e91aedbd9656a6a0d0da582a\WindowsLive.Writer.Passport.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\06657a351a8cafd8101bbd06c31c6194\WindowsLive.Writer.BrowserControl.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\3aca1d7df14c17850246ef5ebca827c5\WindowsLive.Client.ni.dll
+ 2010-06-23 05:31 . 2010-06-23 05:31 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll
+ 2010-06-23 05:31 . 2010-06-23 05:31 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll
+ 2010-06-23 05:44 . 2010-06-23 05:44 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2077ce69bd24a095dd54683ae26454d4\System.Runtime.Remoting.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll
+ 2010-06-23 05:19 . 2010-06-23 05:19 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
+ 2010-06-23 05:17 . 2010-06-23 05:17 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll
+ 2010-06-23 05:40 . 2010-06-23 05:40 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
+ 2010-06-23 05:40 . 2010-06-23 05:40 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll
+ 2010-06-23 05:36 . 2010-06-23 05:36 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe
+ 2010-06-23 05:36 . 2010-06-23 05:36 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
+ 2010-06-23 05:36 . 2010-06-23 05:36 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe
+ 2010-06-23 05:30 . 2010-06-23 05:30 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll
+ 2010-06-23 05:30 . 2010-06-23 05:30 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll
+ 2010-06-23 05:30 . 2010-06-23 05:30 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll
+ 2010-06-23 05:30 . 2010-06-23 05:30 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe
+ 2010-06-23 05:36 . 2010-06-23 05:36 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-06-23 05:36 . 2010-06-23 05:36 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
+ 2010-06-23 05:37 . 2010-06-23 05:37 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-23 05:12 . 2010-06-23 05:12 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-23 05:12 . 2010-06-23 05:12 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-23 05:12 . 2010-06-23 05:12 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-12-05 15:59 . 2009-12-05 15:59 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-23 05:21 . 2010-06-23 05:21 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-01-16 23:19 . 2010-04-06 07:52 2462720 c:\windows\system32\WMVCore.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll
- 2009-01-16 23:18 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2009-01-16 23:18 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
+ 2008-03-20 21:06 . 2008-03-20 21:06 1480232 c:\windows\system32\LegitCheckControl.dll
+ 2007-08-14 02:34 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
- 2007-08-14 02:34 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll
+ 2009-01-16 23:19 . 2010-04-06 07:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-01-16 23:18 . 2010-05-02 05:22 1851264 c:\windows\system32\dllcache\win32k.sys
+ 2009-01-16 23:18 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll
- 2009-01-16 23:18 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2009-01-16 23:18 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
+ 2009-04-04 17:58 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2009-04-04 17:58 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-11-07 04:06 . 2009-11-07 04:06 1130824 c:\windows\system32\dfshim.dll
+ 2010-04-08 02:48 . 2010-04-08 02:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2010-03-23 08:32 . 2010-03-23 08:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2008-11-25 08:59 . 2008-11-25 08:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 08:32 . 2010-03-23 08:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2009-11-09 03:25 . 2009-11-09 03:25 1935360 c:\windows\Installer\5047a7.msp
+ 2010-04-12 01:17 . 2010-04-12 01:17 2607104 c:\windows\Installer\50477f.msp
+ 2010-04-12 01:17 . 2010-04-12 01:17 4210688 c:\windows\Installer\50477e.msp
+ 2010-04-24 20:10 . 2010-04-24 20:10 8486400 c:\windows\Installer\504768.msp
+ 2010-05-05 01:25 . 2010-05-05 01:25 7681024 c:\windows\Installer\504743.msp
+ 2010-05-03 19:11 . 2010-05-03 19:11 4149760 c:\windows\Installer\50472e.msp
+ 2010-03-30 15:34 . 2010-03-30 15:34 3826688 c:\windows\Installer\504719.msp
+ 2010-05-03 19:27 . 2010-05-03 19:27 6825472 c:\windows\Installer\504705.msp
+ 2010-05-03 19:06 . 2010-05-03 19:06 5053952 c:\windows\Installer\5046f0.msp
+ 2010-05-10 20:17 . 2010-05-10 20:17 5520896 c:\windows\Installer\5046db.msp
+ 2010-06-23 05:18 . 2010-02-25 06:24 1209344 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 5944832 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 1985536 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\af8ff11dbab485d5d13323bbf6a5be79\WindowsLive.Writer.PostEditor.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\590ced109c1eb276203e1561a695ab99\WindowsLive.Writer.CoreServices.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0654d7056eddd323f13f38ff67325ca7\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2010-06-23 05:24 . 2010-06-23 05:24 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
+ 2010-06-23 05:31 . 2010-06-23 05:31 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll
+ 2010-06-23 05:12 . 2010-06-23 05:12 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-06-23 05:18 . 2010-06-23 05:18 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2010-06-23 05:44 . 2010-06-23 05:44 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2010-06-23 05:44 . 2010-06-23 05:44 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
+ 2010-06-23 05:44 . 2010-06-23 05:44 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
+ 2010-06-23 05:44 . 2010-06-23 05:44 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2010-06-23 05:17 . 2010-06-23 05:17 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2010-06-23 05:20 . 2010-06-23 05:20 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-06-23 05:31 . 2010-06-23 05:31 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll
+ 2010-06-23 05:19 . 2010-06-23 05:19 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-06-23 05:17 . 2010-06-23 05:17 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-06-23 05:16 . 2010-06-23 05:16 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\f249a2dbc8dcb91860d0997c163c73ff\System.Data.OracleClient.ni.dll
+ 2010-06-23 05:16 . 2010-06-23 05:16 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2010-06-23 05:15 . 2010-06-23 05:15 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2010-06-23 05:30 . 2010-06-23 05:30 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll
+ 2010-06-23 05:30 . 2010-06-23 05:30 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll
+ 2010-06-23 05:12 . 2010-06-23 05:12 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-06-23 05:40 . 2010-06-23 05:40 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
+ 2010-06-23 05:36 . 2010-06-23 05:36 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
+ 2010-06-23 05:23 . 2010-06-23 05:23 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-23 05:21 . 2010-06-23 05:21 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-23 05:12 . 2010-06-23 05:12 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-23 05:23 . 2010-06-23 05:23 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-06-23 05:21 . 2010-06-23 05:21 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-12-07 11:20 . 2009-12-07 11:20 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-12-05 15:59 . 2009-12-05 15:59 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-06-23 05:23 . 2010-06-23 05:23 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-04-06 22:30 . 2010-05-28 19:37 32472008 c:\windows\system32\MRT.exe
+ 2007-08-14 02:54 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2009-04-04 17:58 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll
+ 2010-03-31 04:23 . 2010-03-31 04:23 15638528 c:\windows\Installer\5047b3.msp
+ 2010-04-12 01:17 . 2010-04-12 01:17 14599680 c:\windows\Installer\50478d.msp
+ 2010-04-24 20:09 . 2010-04-24 20:09 11750912 c:\windows\Installer\504760.msp
+ 2010-05-11 14:30 . 2010-05-11 14:30 11194880 c:\windows\Installer\504758.msp
+ 2010-06-23 05:18 . 2010-02-25 14:54 11070976 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2010-06-23 05:17 . 2010-06-23 05:17 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
+ 2010-06-23 05:36 . 2010-06-23 05:36 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-06-23 05:17 . 2010-06-23 05:17 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2010-06-23 05:29 . 2010-06-23 05:29 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll
+ 2010-06-23 05:27 . 2010-06-23 05:27 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-04 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-27 30192]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2008-11-03 196608]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-06-23 524632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-1-16 565248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-28 18:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [06/07/2009 2:42 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22/07/2009 2:52 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22/07/2009 2:52 PM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [28/03/2010 3:23 PM 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 4:06 PM 1029456]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [16/01/2009 10:02 PM 237568]
S2 gupdate1c9b539d92a6a6e;Google Update Service (gupdate1c9b539d92a6a6e);c:\program files\Google\Update\GoogleUpdate.exe [04/04/2009 12:27 PM 133104]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [16/01/2009 9:37 PM 30192]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [16/01/2009 9:26 PM 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-05-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:55]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 15:27]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 15:27]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1017937101-2170371235-3233042676-1006Core.job
- c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-12 23:17]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1017937101-2170371235-3233042676-1006UA.job
- c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-12 23:17]

2010-06-23 c:\windows\Tasks\User_Feed_Synchronization-{2CAFC2C9-0E6E-47CC-ADAF-B878EF0DDE2A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 16:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1184)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-23 16:58:21
ComboFix-quarantined-files.txt 2010-06-23 19:58
ComboFix2.txt 2010-06-23 04:30
ComboFix3.txt 2010-06-23 03:34

Pre-Run: 117,348,089,856 bytes free
Post-Run: 117,375,160,320 bytes free

- - End Of File - - 6BAC0755911D8B8BD0DB616834A941A0


#10 davehill50

davehill50
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 23 June 2010 - 08:29 PM

ComboFix 10-06-23.01 - Dave 23/06/2010 16:48:51.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.462 [GMT -3:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dave\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 )))))))))))))))))))))))))))))))
.

2010-06-23 04:49 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-18 20:36 . 2010-06-18 20:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-06-18 07:12 . 2010-06-23 02:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-15 00:22 . 2010-06-23 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-15 00:22 . 2010-06-23 15:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-12 14:25 . 2010-06-12 14:25 -------- d-----w- c:\documents and settings\Dave\Application Data\Malwarebytes
2010-06-10 01:14 . 2010-06-10 01:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-10 01:14 . 2010-06-10 01:14 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-10 00:06 . 2010-06-10 00:06 -------- d-----w- c:\documents and settings\Bobbi\Application Data\Malwarebytes
2010-06-10 00:06 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-10 00:06 . 2010-06-10 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-10 00:06 . 2010-06-10 00:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-10 00:06 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-03 14:00 . 2010-06-03 14:00 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-03 14:00 . 2010-06-03 14:00 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-05-27 10:18 . 2010-05-27 10:18 503808 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-665e25de-n\msvcp71.dll
2010-05-27 10:18 . 2010-05-27 10:18 499712 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-665e25de-n\jmc.dll
2010-05-27 10:18 . 2010-05-27 10:18 61440 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-39885246-n\decora-sse.dll
2010-05-27 10:18 . 2010-05-27 10:18 348160 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-665e25de-n\msvcr71.dll
2010-05-27 10:18 . 2010-05-27 10:18 12800 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-39885246-n\decora-d3d.dll
2010-05-26 16:41 . 2010-05-26 16:41 503808 ----a-w- c:\documents and settings\Bobbi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2289b84c-n\msvcp71.dll
2010-05-26 16:41 . 2010-05-26 16:41 499712 ----a-w- c:\documents and settings\Bobbi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2289b84c-n\jmc.dll
2010-05-26 16:41 . 2010-05-26 16:41 348160 ----a-w- c:\documents and settings\Bobbi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2289b84c-n\msvcr71.dll
2010-05-26 16:41 . 2010-05-26 16:41 61440 ----a-w- c:\documents and settings\Bobbi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4247a531-n\decora-sse.dll
2010-05-26 16:41 . 2010-05-26 16:41 12800 ----a-w- c:\documents and settings\Bobbi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4247a531-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 03:17 . 2009-01-16 23:18 578560 ----a-w- c:\windows\system32\user32.dll
2010-06-15 03:30 . 2010-06-15 13:01 143104 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2010-06-12 14:27 . 2009-01-17 00:37 -------- d-----w- c:\program files\Google
2010-06-03 14:00 . 2009-07-22 17:52 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 14:00 . 2009-07-22 17:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-06 10:41 . 2009-01-16 23:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2009-01-16 23:18 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:57 . 2010-04-29 19:57 -------- d-----w- c:\program files\Common Files\Java
2010-04-29 19:56 . 2010-04-29 19:56 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 05:30 . 2009-01-16 23:18 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-03-31 03:16 . 2010-03-31 03:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 03:10 . 2010-03-31 03:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-28 18:28 . 2009-07-22 17:52 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-28 18:27 . 2009-07-22 17:52 12464 ----a-w- c:\windows\system32\avgrsstx.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-23_03.28.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-23 15:28 . 2010-06-23 15:28 16384 c:\windows\Temp\Perflib_Perfdata_160.dat
+ 2010-02-24 18:34 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2010-02-24 18:34 . 2009-05-26 09:01 17272 c:\windows\system32\spmsg.dll
+ 2009-01-16 23:18 . 2010-06-23 19:40 90014 c:\windows\system32\perfc009.dat
+ 2009-11-07 04:07 . 2009-11-07 04:07 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 11600 c:\windows\system32\mui\0409\mscorees.dll
- 2007-08-14 02:54 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-14 02:54 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
+ 2009-12-05 15:45 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-12-05 15:45 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-04-04 17:58 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-04-04 17:58 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-01-16 23:18 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2009-01-16 23:18 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2010-04-08 02:48 . 2010-04-08 02:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2008-07-29 23:16 . 2008-07-29 23:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-03-23 08:31 . 2010-03-23 08:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
- 2010-04-15 19:24 . 2010-04-15 19:24 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-06-23 05:01 . 2010-06-23 05:01 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-06-23 05:18 . 2010-02-25 06:24 12800 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\11b5c5344eb40eeb36a818d2824fe3a1\WindowsLiveWriter.ni.exe
+ 2010-06-23 05:39 . 2010-06-23 05:39 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c69cc7d4e4fca9aa892ddfacc64cddb2\WindowsLive.Writer.Api.ni.dll
+ 2010-06-23 05:31 . 2010-06-23 05:31 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll
+ 2010-06-23 05:44 . 2010-06-23 05:44 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll
+ 2010-06-23 05:40 . 2010-06-23 05:40 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-06-23 05:28 . 2010-06-23 05:28 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe
+ 2010-06-23 05:24 . 2010-06-23 05:24 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-12-05 15:59 . 2009-12-05 15:59 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-23 05:12 . 2010-06-23 05:12 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-23 05:21 . 2010-06-23 05:21 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-06-15 00:32 . 2010-06-23 05:01 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-12-07 11:21 . 2009-12-07 11:21 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-01-16 23:18 . 2010-06-23 19:40 487070 c:\windows\system32\perfh009.dat
+ 2009-01-16 23:18 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2007-08-14 02:54 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 297808 c:\windows\system32\mscoree.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
- 2009-01-16 23:18 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
+ 2009-01-16 23:18 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
- 2009-01-16 15:28 . 2009-12-05 16:23 341032 c:\windows\system32\FNTCACHE.DAT
+ 2009-01-16 15:28 . 2010-06-23 05:26 341032 c:\windows\system32\FNTCACHE.DAT
- 2009-01-16 23:18 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-04-04 17:58 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-12-05 15:45 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-12-05 15:45 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-01-16 23:18 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-01-16 23:18 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-01-16 23:18 . 2008-04-14 12:00 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2009-01-16 23:18 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2010-03-31 03:16 . 2010-03-31 03:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 02:48 . 2010-04-08 02:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2010-04-08 02:48 . 2010-04-08 02:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
- 2008-07-29 23:16 . 2008-07-29 23:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 08:31 . 2010-03-23 08:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 15:22 . 2010-02-09 15:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-25 03:14 . 2010-02-25 03:14 543232 c:\windows\Installer\504773.msp
- 2009-06-15 00:32 . 2010-05-13 10:33 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-06-23 05:18 . 2010-02-25 06:24 916480 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-06-23 05:18 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-06-23 05:18 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-06-23 05:18 . 2010-02-25 06:24 206848 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 247808 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 184320 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-06-23 05:18 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 387584 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-06-23 05:18 . 2010-02-24 09:54 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-06-23 05:36 . 2010-06-23 05:36 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe
+ 2010-06-23 05:39 . 2010-06-23 05:39 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\31a06c9eb6c083d9b8710ac6ce1be937\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f0530ae077336e0eca143d4b32e8d34e\WindowsLive.Writer.Interop.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e50904b2c1e6e1ac5a4c7df032c2123c\WindowsLive.Writer.Mshtml.ni.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c6f20d937db1a69d005f791db60ee326\WindowsLive.Writer.Controls.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c35124ff18874635fa84856596f154cc\WindowsLive.Writer.Extensibility.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c1992981a0cafba5e0d3753b8ec39b21\WindowsLive.Writer.HtmlParser.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bea5a870bbb250130356c5dd8c2f3ca9\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b07e085adf681435595a729c5f8ca528\WindowsLive.Writer.Localization.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a148f5e5315f10bd4dfb626fdcf001c2\WindowsLive.Writer.FileDestinations.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\53a0614cafe16513d774a5d7b0473a73\WindowsLive.Writer.BlogClient.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4190016a1225c8f33b8ebd96addb2a8e\WindowsLive.Writer.Instrumentation.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\27e34aec3681f62ec3791cdfe9ac0230\WindowsLive.Writer.SpellChecker.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\18dce358e91aedbd9656a6a0d0da582a\WindowsLive.Writer.Passport.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\06657a351a8cafd8101bbd06c31c6194\WindowsLive.Writer.BrowserControl.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\3aca1d7df14c17850246ef5ebca827c5\WindowsLive.Client.ni.dll
+ 2010-06-23 05:31 . 2010-06-23 05:31 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll
+ 2010-06-23 05:31 . 2010-06-23 05:31 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll
+ 2010-06-23 05:44 . 2010-06-23 05:44 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2077ce69bd24a095dd54683ae26454d4\System.Runtime.Remoting.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll
+ 2010-06-23 05:19 . 2010-06-23 05:19 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
+ 2010-06-23 05:17 . 2010-06-23 05:17 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll
+ 2010-06-23 05:40 . 2010-06-23 05:40 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
+ 2010-06-23 05:40 . 2010-06-23 05:40 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll
+ 2010-06-23 05:36 . 2010-06-23 05:36 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe
+ 2010-06-23 05:36 . 2010-06-23 05:36 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
+ 2010-06-23 05:36 . 2010-06-23 05:36 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe
+ 2010-06-23 05:30 . 2010-06-23 05:30 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll
+ 2010-06-23 05:30 . 2010-06-23 05:30 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll
+ 2010-06-23 05:30 . 2010-06-23 05:30 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll
+ 2010-06-23 05:30 . 2010-06-23 05:30 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe
+ 2010-06-23 05:36 . 2010-06-23 05:36 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-06-23 05:36 . 2010-06-23 05:36 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
+ 2010-06-23 05:37 . 2010-06-23 05:37 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-23 05:12 . 2010-06-23 05:12 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-23 05:12 . 2010-06-23 05:12 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-23 05:12 . 2010-06-23 05:12 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-12-05 15:59 . 2009-12-05 15:59 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-23 05:21 . 2010-06-23 05:21 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-01-16 23:19 . 2010-04-06 07:52 2462720 c:\windows\system32\WMVCore.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll
- 2009-01-16 23:18 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2009-01-16 23:18 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
+ 2008-03-20 21:06 . 2008-03-20 21:06 1480232 c:\windows\system32\LegitCheckControl.dll
+ 2007-08-14 02:34 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
- 2007-08-14 02:34 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll
+ 2009-01-16 23:19 . 2010-04-06 07:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-01-16 23:18 . 2010-05-02 05:22 1851264 c:\windows\system32\dllcache\win32k.sys
+ 2009-01-16 23:18 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll
- 2009-01-16 23:18 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2009-01-16 23:18 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
+ 2009-04-04 17:58 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2009-04-04 17:58 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-11-07 04:06 . 2009-11-07 04:06 1130824 c:\windows\system32\dfshim.dll
+ 2010-04-08 02:48 . 2010-04-08 02:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2010-03-23 08:32 . 2010-03-23 08:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2008-11-25 08:59 . 2008-11-25 08:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 08:32 . 2010-03-23 08:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2009-11-09 03:25 . 2009-11-09 03:25 1935360 c:\windows\Installer\5047a7.msp
+ 2010-04-12 01:17 . 2010-04-12 01:17 2607104 c:\windows\Installer\50477f.msp
+ 2010-04-12 01:17 . 2010-04-12 01:17 4210688 c:\windows\Installer\50477e.msp
+ 2010-04-24 20:10 . 2010-04-24 20:10 8486400 c:\windows\Installer\504768.msp
+ 2010-05-05 01:25 . 2010-05-05 01:25 7681024 c:\windows\Installer\504743.msp
+ 2010-05-03 19:11 . 2010-05-03 19:11 4149760 c:\windows\Installer\50472e.msp
+ 2010-03-30 15:34 . 2010-03-30 15:34 3826688 c:\windows\Installer\504719.msp
+ 2010-05-03 19:27 . 2010-05-03 19:27 6825472 c:\windows\Installer\504705.msp
+ 2010-05-03 19:06 . 2010-05-03 19:06 5053952 c:\windows\Installer\5046f0.msp
+ 2010-05-10 20:17 . 2010-05-10 20:17 5520896 c:\windows\Installer\5046db.msp
+ 2010-06-23 05:18 . 2010-02-25 06:24 1209344 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 5944832 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 1985536 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\af8ff11dbab485d5d13323bbf6a5be79\WindowsLive.Writer.PostEditor.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\590ced109c1eb276203e1561a695ab99\WindowsLive.Writer.CoreServices.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0654d7056eddd323f13f38ff67325ca7\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2010-06-23 05:24 . 2010-06-23 05:24 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
+ 2010-06-23 05:31 . 2010-06-23 05:31 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll
+ 2010-06-23 05:12 . 2010-06-23 05:12 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-06-23 05:18 . 2010-06-23 05:18 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2010-06-23 05:44 . 2010-06-23 05:44 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2010-06-23 05:44 . 2010-06-23 05:44 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
+ 2010-06-23 05:44 . 2010-06-23 05:44 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
+ 2010-06-23 05:44 . 2010-06-23 05:44 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2010-06-23 05:17 . 2010-06-23 05:17 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2010-06-23 05:20 . 2010-06-23 05:20 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-06-23 05:31 . 2010-06-23 05:31 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll
+ 2010-06-23 05:19 . 2010-06-23 05:19 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-06-23 05:17 . 2010-06-23 05:17 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-06-23 05:16 . 2010-06-23 05:16 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\f249a2dbc8dcb91860d0997c163c73ff\System.Data.OracleClient.ni.dll
+ 2010-06-23 05:16 . 2010-06-23 05:16 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2010-06-23 05:15 . 2010-06-23 05:15 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2010-06-23 05:30 . 2010-06-23 05:30 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll
+ 2010-06-23 05:30 . 2010-06-23 05:30 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll
+ 2010-06-23 05:12 . 2010-06-23 05:12 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-06-23 05:40 . 2010-06-23 05:40 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
+ 2010-06-23 05:36 . 2010-06-23 05:36 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
+ 2010-06-23 05:23 . 2010-06-23 05:23 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-23 05:21 . 2010-06-23 05:21 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-23 05:12 . 2010-06-23 05:12 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-23 05:23 . 2010-06-23 05:23 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-06-23 05:21 . 2010-06-23 05:21 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-12-07 11:20 . 2009-12-07 11:20 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-12-05 15:59 . 2009-12-05 15:59 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-06-23 05:23 . 2010-06-23 05:23 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-04-06 22:30 . 2010-05-28 19:37 32472008 c:\windows\system32\MRT.exe
+ 2007-08-14 02:54 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2009-04-04 17:58 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll
+ 2010-03-31 04:23 . 2010-03-31 04:23 15638528 c:\windows\Installer\5047b3.msp
+ 2010-04-12 01:17 . 2010-04-12 01:17 14599680 c:\windows\Installer\50478d.msp
+ 2010-04-24 20:09 . 2010-04-24 20:09 11750912 c:\windows\Installer\504760.msp
+ 2010-05-11 14:30 . 2010-05-11 14:30 11194880 c:\windows\Installer\504758.msp
+ 2010-06-23 05:18 . 2010-02-25 14:54 11070976 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2010-06-23 05:17 . 2010-06-23 05:17 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
+ 2010-06-23 05:36 . 2010-06-23 05:36 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-06-23 05:17 . 2010-06-23 05:17 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2010-06-23 05:29 . 2010-06-23 05:29 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll
+ 2010-06-23 05:27 . 2010-06-23 05:27 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-04 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-27 30192]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2008-11-03 196608]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-06-23 524632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-1-16 565248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-28 18:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [06/07/2009 2:42 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22/07/2009 2:52 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22/07/2009 2:52 PM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [28/03/2010 3:23 PM 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 4:06 PM 1029456]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [16/01/2009 10:02 PM 237568]
S2 gupdate1c9b539d92a6a6e;Google Update Service (gupdate1c9b539d92a6a6e);c:\program files\Google\Update\GoogleUpdate.exe [04/04/2009 12:27 PM 133104]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [16/01/2009 9:37 PM 30192]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [16/01/2009 9:26 PM 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-05-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:55]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 15:27]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 15:27]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1017937101-2170371235-3233042676-1006Core.job
- c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-12 23:17]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1017937101-2170371235-3233042676-1006UA.job
- c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-12 23:17]

2010-06-23 c:\windows\Tasks\User_Feed_Synchronization-{2CAFC2C9-0E6E-47CC-ADAF-B878EF0DDE2A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 16:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1184)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-23 16:58:21
ComboFix-quarantined-files.txt 2010-06-23 19:58
ComboFix2.txt 2010-06-23 04:30
ComboFix3.txt 2010-06-23 03:34

Pre-Run: 117,348,089,856 bytes free
Post-Run: 117,375,160,320 bytes free

- - End Of File - - 6BAC0755911D8B8BD0DB616834A941A0


#11 davehill50

davehill50
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 23 June 2010 - 08:39 PM

ComboFix 10-06-23.01 - Dave 23/06/2010 16:48:51.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.462 [GMT -3:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dave\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 )))))))))))))))))))))))))))))))
.

2010-06-23 04:49 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-18 20:36 . 2010-06-18 20:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-06-18 07:12 . 2010-06-23 02:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-15 00:22 . 2010-06-23 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-15 00:22 . 2010-06-23 15:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-12 14:25 . 2010-06-12 14:25 -------- d-----w- c:\documents and settings\Dave\Application Data\Malwarebytes
2010-06-10 01:14 . 2010-06-10 01:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-10 01:14 . 2010-06-10 01:14 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-10 00:06 . 2010-06-10 00:06 -------- d-----w- c:\documents and settings\Bobbi\Application Data\Malwarebytes
2010-06-10 00:06 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-10 00:06 . 2010-06-10 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-10 00:06 . 2010-06-10 00:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-10 00:06 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-03 14:00 . 2010-06-03 14:00 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-03 14:00 . 2010-06-03 14:00 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-05-27 10:18 . 2010-05-27 10:18 503808 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-665e25de-n\msvcp71.dll
2010-05-27 10:18 . 2010-05-27 10:18 499712 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-665e25de-n\jmc.dll
2010-05-27 10:18 . 2010-05-27 10:18 61440 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-39885246-n\decora-sse.dll
2010-05-27 10:18 . 2010-05-27 10:18 348160 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-665e25de-n\msvcr71.dll
2010-05-27 10:18 . 2010-05-27 10:18 12800 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-39885246-n\decora-d3d.dll
2010-05-26 16:41 . 2010-05-26 16:41 503808 ----a-w- c:\documents and settings\Bobbi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2289b84c-n\msvcp71.dll
2010-05-26 16:41 . 2010-05-26 16:41 499712 ----a-w- c:\documents and settings\Bobbi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2289b84c-n\jmc.dll
2010-05-26 16:41 . 2010-05-26 16:41 348160 ----a-w- c:\documents and settings\Bobbi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2289b84c-n\msvcr71.dll
2010-05-26 16:41 . 2010-05-26 16:41 61440 ----a-w- c:\documents and settings\Bobbi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4247a531-n\decora-sse.dll
2010-05-26 16:41 . 2010-05-26 16:41 12800 ----a-w- c:\documents and settings\Bobbi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4247a531-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 03:17 . 2009-01-16 23:18 578560 ----a-w- c:\windows\system32\user32.dll
2010-06-15 03:30 . 2010-06-15 13:01 143104 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2010-06-12 14:27 . 2009-01-17 00:37 -------- d-----w- c:\program files\Google
2010-06-03 14:00 . 2009-07-22 17:52 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 14:00 . 2009-07-22 17:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-06 10:41 . 2009-01-16 23:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2009-01-16 23:18 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:57 . 2010-04-29 19:57 -------- d-----w- c:\program files\Common Files\Java
2010-04-29 19:56 . 2010-04-29 19:56 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 05:30 . 2009-01-16 23:18 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-03-31 03:16 . 2010-03-31 03:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 03:10 . 2010-03-31 03:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-28 18:28 . 2009-07-22 17:52 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-28 18:27 . 2009-07-22 17:52 12464 ----a-w- c:\windows\system32\avgrsstx.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-23_03.28.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-23 15:28 . 2010-06-23 15:28 16384 c:\windows\Temp\Perflib_Perfdata_160.dat
+ 2010-02-24 18:34 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2010-02-24 18:34 . 2009-05-26 09:01 17272 c:\windows\system32\spmsg.dll
+ 2009-01-16 23:18 . 2010-06-23 19:40 90014 c:\windows\system32\perfc009.dat
+ 2009-11-07 04:07 . 2009-11-07 04:07 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 11600 c:\windows\system32\mui\0409\mscorees.dll
- 2007-08-14 02:54 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-14 02:54 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
+ 2009-12-05 15:45 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-12-05 15:45 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-04-04 17:58 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-04-04 17:58 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-01-16 23:18 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2009-01-16 23:18 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2010-04-08 02:48 . 2010-04-08 02:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2008-07-29 23:16 . 2008-07-29 23:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-03-23 08:31 . 2010-03-23 08:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
- 2010-04-15 19:24 . 2010-04-15 19:24 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-06-23 05:01 . 2010-06-23 05:01 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-06-23 05:18 . 2010-02-25 06:24 12800 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\11b5c5344eb40eeb36a818d2824fe3a1\WindowsLiveWriter.ni.exe
+ 2010-06-23 05:39 . 2010-06-23 05:39 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c69cc7d4e4fca9aa892ddfacc64cddb2\WindowsLive.Writer.Api.ni.dll
+ 2010-06-23 05:31 . 2010-06-23 05:31 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll
+ 2010-06-23 05:44 . 2010-06-23 05:44 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll
+ 2010-06-23 05:40 . 2010-06-23 05:40 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-06-23 05:28 . 2010-06-23 05:28 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe
+ 2010-06-23 05:24 . 2010-06-23 05:24 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-12-05 15:59 . 2009-12-05 15:59 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-23 05:12 . 2010-06-23 05:12 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-23 05:21 . 2010-06-23 05:21 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-06-15 00:32 . 2010-06-23 05:01 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-12-07 11:21 . 2009-12-07 11:21 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-01-16 23:18 . 2010-06-23 19:40 487070 c:\windows\system32\perfh009.dat
+ 2009-01-16 23:18 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2007-08-14 02:54 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2009-11-07 04:07 . 2009-11-07 04:07 297808 c:\windows\system32\mscoree.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
- 2009-01-16 23:18 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
+ 2009-01-16 23:18 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
- 2009-01-16 15:28 . 2009-12-05 16:23 341032 c:\windows\system32\FNTCACHE.DAT
+ 2009-01-16 15:28 . 2010-06-23 05:26 341032 c:\windows\system32\FNTCACHE.DAT
- 2009-01-16 23:18 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-04-04 17:58 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-12-05 15:45 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-12-05 15:45 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-01-16 23:18 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-01-16 23:18 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-01-16 23:18 . 2008-04-14 12:00 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2009-01-16 23:18 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2010-03-31 03:16 . 2010-03-31 03:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 02:48 . 2010-04-08 02:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2010-04-08 02:48 . 2010-04-08 02:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
- 2008-07-29 23:16 . 2008-07-29 23:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 08:31 . 2010-03-23 08:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 15:22 . 2010-02-09 15:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-25 03:14 . 2010-02-25 03:14 543232 c:\windows\Installer\504773.msp
- 2009-06-15 00:32 . 2010-05-13 10:33 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-06-15 00:32 . 2010-06-23 05:01 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-06-15 00:32 . 2010-05-13 10:33 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-06-23 05:18 . 2010-02-25 06:24 916480 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-06-23 05:18 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-06-23 05:18 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-06-23 05:18 . 2010-02-25 06:24 206848 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 247808 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 184320 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-06-23 05:18 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 387584 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-06-23 05:18 . 2010-02-24 09:54 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-06-23 05:36 . 2010-06-23 05:36 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe
+ 2010-06-23 05:39 . 2010-06-23 05:39 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\31a06c9eb6c083d9b8710ac6ce1be937\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f0530ae077336e0eca143d4b32e8d34e\WindowsLive.Writer.Interop.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e50904b2c1e6e1ac5a4c7df032c2123c\WindowsLive.Writer.Mshtml.ni.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c6f20d937db1a69d005f791db60ee326\WindowsLive.Writer.Controls.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c35124ff18874635fa84856596f154cc\WindowsLive.Writer.Extensibility.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c1992981a0cafba5e0d3753b8ec39b21\WindowsLive.Writer.HtmlParser.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bea5a870bbb250130356c5dd8c2f3ca9\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b07e085adf681435595a729c5f8ca528\WindowsLive.Writer.Localization.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a148f5e5315f10bd4dfb626fdcf001c2\WindowsLive.Writer.FileDestinations.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\53a0614cafe16513d774a5d7b0473a73\WindowsLive.Writer.BlogClient.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4190016a1225c8f33b8ebd96addb2a8e\WindowsLive.Writer.Instrumentation.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\27e34aec3681f62ec3791cdfe9ac0230\WindowsLive.Writer.SpellChecker.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\18dce358e91aedbd9656a6a0d0da582a\WindowsLive.Writer.Passport.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\06657a351a8cafd8101bbd06c31c6194\WindowsLive.Writer.BrowserControl.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\3aca1d7df14c17850246ef5ebca827c5\WindowsLive.Client.ni.dll
+ 2010-06-23 05:31 . 2010-06-23 05:31 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll
+ 2010-06-23 05:31 . 2010-06-23 05:31 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll
+ 2010-06-23 05:44 . 2010-06-23 05:44 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2077ce69bd24a095dd54683ae26454d4\System.Runtime.Remoting.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll
+ 2010-06-23 05:19 . 2010-06-23 05:19 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
+ 2010-06-23 05:17 . 2010-06-23 05:17 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll
+ 2010-06-23 05:40 . 2010-06-23 05:40 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
+ 2010-06-23 05:40 . 2010-06-23 05:40 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll
+ 2010-06-23 05:36 . 2010-06-23 05:36 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe
+ 2010-06-23 05:36 . 2010-06-23 05:36 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
+ 2010-06-23 05:36 . 2010-06-23 05:36 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe
+ 2010-06-23 05:30 . 2010-06-23 05:30 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll
+ 2010-06-23 05:30 . 2010-06-23 05:30 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll
+ 2010-06-23 05:30 . 2010-06-23 05:30 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll
+ 2010-06-23 05:30 . 2010-06-23 05:30 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe
+ 2010-06-23 05:36 . 2010-06-23 05:36 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-06-23 05:36 . 2010-06-23 05:36 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
+ 2010-06-23 05:37 . 2010-06-23 05:37 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-23 05:12 . 2010-06-23 05:12 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-23 05:12 . 2010-06-23 05:12 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-23 05:12 . 2010-06-23 05:12 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-12-05 15:59 . 2009-12-05 15:59 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-23 05:21 . 2010-06-23 05:21 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-01-16 23:19 . 2010-04-06 07:52 2462720 c:\windows\system32\WMVCore.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll
- 2009-01-16 23:18 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2009-01-16 23:18 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
+ 2008-03-20 21:06 . 2008-03-20 21:06 1480232 c:\windows\system32\LegitCheckControl.dll
+ 2007-08-14 02:34 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
- 2007-08-14 02:34 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll
+ 2009-01-16 23:19 . 2010-04-06 07:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-01-16 23:18 . 2010-05-02 05:22 1851264 c:\windows\system32\dllcache\win32k.sys
+ 2009-01-16 23:18 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
- 2009-01-16 23:18 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll
- 2009-01-16 23:18 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2009-01-16 23:18 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2009-01-16 23:18 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
+ 2009-04-04 17:58 . 2010-05-06 10:41 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2009-04-04 17:58 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-11-07 04:06 . 2009-11-07 04:06 1130824 c:\windows\system32\dfshim.dll
+ 2010-04-08 02:48 . 2010-04-08 02:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2010-03-23 08:32 . 2010-03-23 08:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2008-11-25 08:59 . 2008-11-25 08:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 08:32 . 2010-03-23 08:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2009-11-09 03:25 . 2009-11-09 03:25 1935360 c:\windows\Installer\5047a7.msp
+ 2010-04-12 01:17 . 2010-04-12 01:17 2607104 c:\windows\Installer\50477f.msp
+ 2010-04-12 01:17 . 2010-04-12 01:17 4210688 c:\windows\Installer\50477e.msp
+ 2010-04-24 20:10 . 2010-04-24 20:10 8486400 c:\windows\Installer\504768.msp
+ 2010-05-05 01:25 . 2010-05-05 01:25 7681024 c:\windows\Installer\504743.msp
+ 2010-05-03 19:11 . 2010-05-03 19:11 4149760 c:\windows\Installer\50472e.msp
+ 2010-03-30 15:34 . 2010-03-30 15:34 3826688 c:\windows\Installer\504719.msp
+ 2010-05-03 19:27 . 2010-05-03 19:27 6825472 c:\windows\Installer\504705.msp
+ 2010-05-03 19:06 . 2010-05-03 19:06 5053952 c:\windows\Installer\5046f0.msp
+ 2010-05-10 20:17 . 2010-05-10 20:17 5520896 c:\windows\Installer\5046db.msp
+ 2010-06-23 05:18 . 2010-02-25 06:24 1209344 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 5944832 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-06-23 05:18 . 2010-02-25 06:24 1985536 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\af8ff11dbab485d5d13323bbf6a5be79\WindowsLive.Writer.PostEditor.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\590ced109c1eb276203e1561a695ab99\WindowsLive.Writer.CoreServices.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0654d7056eddd323f13f38ff67325ca7\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2010-06-23 05:24 . 2010-06-23 05:24 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
+ 2010-06-23 05:31 . 2010-06-23 05:31 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll
+ 2010-06-23 05:12 . 2010-06-23 05:12 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-06-23 05:18 . 2010-06-23 05:18 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2010-06-23 05:44 . 2010-06-23 05:44 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2010-06-23 05:44 . 2010-06-23 05:44 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
+ 2010-06-23 05:44 . 2010-06-23 05:44 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
+ 2010-06-23 05:44 . 2010-06-23 05:44 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2010-06-23 05:17 . 2010-06-23 05:17 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2010-06-23 05:20 . 2010-06-23 05:20 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-06-23 05:31 . 2010-06-23 05:31 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll
+ 2010-06-23 05:19 . 2010-06-23 05:19 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-06-23 05:17 . 2010-06-23 05:17 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-06-23 05:16 . 2010-06-23 05:16 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-06-23 05:37 . 2010-06-23 05:37 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\f249a2dbc8dcb91860d0997c163c73ff\System.Data.OracleClient.ni.dll
+ 2010-06-23 05:16 . 2010-06-23 05:16 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-06-23 05:42 . 2010-06-23 05:42 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2010-06-23 05:15 . 2010-06-23 05:15 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2010-06-23 05:30 . 2010-06-23 05:30 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll
+ 2010-06-23 05:30 . 2010-06-23 05:30 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll
+ 2010-06-23 05:12 . 2010-06-23 05:12 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-06-23 05:40 . 2010-06-23 05:40 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
+ 2010-06-23 05:36 . 2010-06-23 05:36 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-06-23 05:43 . 2010-06-23 05:43 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
+ 2010-06-23 05:39 . 2010-06-23 05:39 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
+ 2010-06-23 05:23 . 2010-06-23 05:23 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-23 05:21 . 2010-06-23 05:21 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-23 05:12 . 2010-06-23 05:12 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-23 05:23 . 2010-06-23 05:23 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-06-23 05:21 . 2010-06-23 05:21 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-12-07 11:20 . 2009-12-07 11:20 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-12-05 15:59 . 2009-12-05 15:59 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-06-23 05:23 . 2010-06-23 05:23 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-06-23 05:22 . 2010-06-23 05:22 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-12-07 11:21 . 2009-12-07 11:21 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-04-06 22:30 . 2010-05-28 19:37 32472008 c:\windows\system32\MRT.exe
+ 2007-08-14 02:54 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2009-04-04 17:58 . 2010-05-06 10:41 11076096 c:\windows\system32\dllcache\ieframe.dll
+ 2010-03-31 04:23 . 2010-03-31 04:23 15638528 c:\windows\Installer\5047b3.msp
+ 2010-04-12 01:17 . 2010-04-12 01:17 14599680 c:\windows\Installer\50478d.msp
+ 2010-04-24 20:09 . 2010-04-24 20:09 11750912 c:\windows\Installer\504760.msp
+ 2010-05-11 14:30 . 2010-05-11 14:30 11194880 c:\windows\Installer\504758.msp
+ 2010-06-23 05:18 . 2010-02-25 14:54 11070976 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2010-06-23 05:17 . 2010-06-23 05:17 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-06-23 05:38 . 2010-06-23 05:38 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
+ 2010-06-23 05:36 . 2010-06-23 05:36 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-06-23 05:17 . 2010-06-23 05:17 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2010-06-23 05:29 . 2010-06-23 05:29 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll
+ 2010-06-23 05:27 . 2010-06-23 05:27 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-04 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-27 30192]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2008-11-03 196608]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-06-23 524632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-1-16 565248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-28 18:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [06/07/2009 2:42 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22/07/2009 2:52 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22/07/2009 2:52 PM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [28/03/2010 3:23 PM 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 4:06 PM 1029456]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [16/01/2009 10:02 PM 237568]
S2 gupdate1c9b539d92a6a6e;Google Update Service (gupdate1c9b539d92a6a6e);c:\program files\Google\Update\GoogleUpdate.exe [04/04/2009 12:27 PM 133104]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [16/01/2009 9:37 PM 30192]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [16/01/2009 9:26 PM 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-05-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:55]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 15:27]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-04 15:27]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1017937101-2170371235-3233042676-1006Core.job
- c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-12 23:17]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1017937101-2170371235-3233042676-1006UA.job
- c:\documents and settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-12 23:17]

2010-06-23 c:\windows\Tasks\User_Feed_Synchronization-{2CAFC2C9-0E6E-47CC-ADAF-B878EF0DDE2A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 16:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1184)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-23 16:58:21
ComboFix-quarantined-files.txt 2010-06-23 19:58
ComboFix2.txt 2010-06-23 04:30
ComboFix3.txt 2010-06-23 03:34

Pre-Run: 117,348,089,856 bytes free
Post-Run: 117,375,160,320 bytes free

- - End Of File - - 6BAC0755911D8B8BD0DB616834A941A0


#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:42 AM

Posted 24 June 2010 - 02:19 AM

Hi,

Did you accidentally post same ComboFix report three times instead of Kaspersky + dds.txt logs?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 davehill50

davehill50
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 24 June 2010 - 07:28 AM

OPPS!!!

DDS (Ver_10-03-17.01) - NTFSx86
Run by Dave at 9:25:27.89 on 24/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.505 [GMT -3:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\DOCUME~1\Dave\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Dave\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\dave\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-6 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-22 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-22 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-22 242896]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-1-16 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

=============== Created Last 30 ================

2010-06-23 04:49:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-23 03:02:09 0 d-sha-r- C:\cmdcons
2010-06-23 02:58:00 77312 ----a-w- c:\windows\MBR.exe
2010-06-23 02:58:00 256512 ----a-w- c:\windows\PEV.exe
2010-06-23 02:58:00 161792 ----a-w- c:\windows\SWREG.exe
2010-06-23 02:57:59 98816 ----a-w- c:\windows\sed.exe
2010-06-18 07:12:38 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-17 12:55:30 95 ----a-w- c:\windows\wininit.ini
2010-06-15 00:22:41 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-15 00:22:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-12 14:25:09 0 d-----w- c:\docume~1\dave\applic~1\Malwarebytes
2010-06-10 00:06:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-10 00:06:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-10 00:06:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-10 00:06:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-06-23 03:17:13 578560 ----a-w- c:\windows\system32\user32.dll
2010-06-03 14:00:06 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:56:13 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-03-31 03:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 03:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-28 18:27:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-01-17 00:40:47 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-04-04 17:00:41 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040420090405\index.dat

============= FINISH: 9:26:51.57 ===============

Edited by davehill50, 24 June 2010 - 07:30 AM.


#14 davehill50

davehill50
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 24 June 2010 - 07:41 AM

KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, June 23, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, June 23, 2010 12:52:11
Records in database: 4313866


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
C:\

Scan statistics
Objects scanned 53262
Threats found 6
Infected objects found 10
Suspicious objects found 0
Scan duration 03:46:08

File name Threat Threats count
C:\Documents and Settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\41\10b0f429-15fedf17 Infected: Exploit.Java.Agent.f 1

C:\Documents and Settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\43\359efaab-24213ac1 Infected: Exploit.Java.Agent.a 1

C:\Documents and Settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\43\359efaab-24213ac1 Infected: Exploit.Java.Agent.f 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\cooper.mine.vir Infected: Packed.Win32.Krap.ao 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ql12160.sys.vir Infected: Rootkit.Win32.TDSS.ap 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\nmklo.dll.vir Infected: Worm.Win32.Pinit.kn 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\user32.dll.vir.vir Infected: Trojan.Win32.Patched.gq 1

C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP148\A0044138.dll Infected: Trojan.Win32.Patched.gq 1

C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP148\A0044139.DLL Infected: Trojan.Win32.Patched.gq 1

C:\System Volume Information\_restore{EECCC067-5764-4761-8178-47FA5F6368E3}\RP148\A0044141.dll Infected: Worm.Win32.Pinit.kn 1

Selected area has been scanned.


#15 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:42 AM

Posted 24 June 2010 - 10:48 AM

Hi,

Delete these files if found:
C:\Documents and Settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\41\10b0f429-15fedf17
C:\Documents and Settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\43\359efaab-24213ac1

How's the system running?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users