Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Issue with constant attacks coming from \DEVICE\HARDDISKVOLUME1\PROGRAMFILES\MOZILLAFIREFOX\FIREFOX.EXE


  • This topic is locked This topic is locked
6 replies to this topic

#1 Wikizilla

Wikizilla

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 08 July 2010 - 12:39 AM

Hi,

My computer has been under constant attack (i.e. every two minutes). Norton tells me that it is coming from \DEVICE\HARDDISKVOLUME1\PROGRAMFILES\MOZILLAFIREFOX\FIREFOX.EXE In addition, it describes the source as usually coming from 91.212.226.179, the attack URL generally being zl00zxcv1.com. However, I've been receiving apparently different trojan attacks across the board. This morning, I noticed for the first time a piece of spyware called Antimalware Doctor, which I could not remove through Norton or Malwarebytes. I eventually manually deleted the source files that RKill found, those being in my application data under temporary files. However, I continue to experience the attacks constantly. I am also suffering from google redirect searches, in which my searches are diverted to a variety of shady sites. Finally, whenever I boot my computer, I get the RUNDLL error "Error loading C:\WINDOWS\usanufeworitulus.dll The specified module could not be found" These symptoms seem very unusual to me. Please let me know what other specifics I can provide. Thank you so much for helping me!


DDS (Ver_10-03-17.01) - NTFSx86
Run by Robert at 22:15:35.85 on Wed 07/07/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.234 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\MCUI32.EXE
C:\Documents and Settings\Robert\Desktop\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://central.hinsdale86.org/pages/default.aspx
uInternet Settings,ProxyServer =
uInternet Settings,ProxyOverride =
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\program files\virtual account numbers\BhoCitUS.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\17.7.0.12\coIEPlg.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
uRun: [ccleaner] "c:\documents and settings\robert\my documents\ccleaner\CCleaner.exe" /AUTO
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [070700Setup.exe] c:\documents and settings\robert\application data\155e054ea9cff4436ad40244fb09a9db\070700Setup.exe
uRun: [EWABQAF7KL] c:\docume~1\robert\locals~1\temp\Gch.exe
uRun: [Tcahefogu] rundll32.exe "c:\windows\kbrvcorx.dll",Startup
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Ehukufufufufufu] rundll32.exe "c:\windows\usanufeworitulus.dll",Startup
StartupFolder: c:\docume~1\robert\startm~1\programs\startup\antima~1.lnk - c:\documents and settings\robert\application data\155e054ea9cff4436ad40244fb09a9db\070700Setup.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - c:\progra~1\virtua~1\CitiVAN.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} - hxxp://gsampacs.gsam.advocatehealth.com/ami/install/amiviewer.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: NameServer = 93.188.162.223,93.188.166.203
TCP: {2FA546A1-5471-4E5F-9FCD-6377AB49B48E} = 93.188.162.223,93.188.166.203
TCP: {926F8BC9-A3DA-4D69-A5A4-930C176B215F} = 93.188.162.223,93.188.166.203
TCP: {9BC2ED9F-BF64-4797-9F4A-5C7A0D2A8A4C} = 93.188.162.223,93.188.166.203
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\robert\applic~1\mozilla\firefox\profiles\uikth4qk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\robert\application data\mozilla\firefox\profiles\uikth4qk.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\robert\application data\mozilla\firefox\profiles\uikth4qk.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\robert\local settings\application data\yahoo!\browserplus\2.8.1\plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\program files\citrix\secure access client\npagee.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {767509D9-FD6C-4CAC-AF61-51A16D703456} - c:\documents and settings\robert\local settings\application data\{767509d9-fd6c-4cac-af61-51a16d703456}\
FF - HiddenExtension: XULRunner: {A24F6886-05F9-4321-A024-B1FFE187A4E8} - c:\documents and settings\robert\local settings\application data\{a24f6886-05f9-4321-a024-b1ffe187a4e8}\
FF - HiddenExtension: XULRunner: {3BB301AB-3EF8-4776-9107-1E9ED33B3E12} - c:\documents and settings\robert\local settings\application data\{3bb301ab-3ef8-4776-9107-1e9ed33b3e12}\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-25 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-5-25 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-5-25 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\bashdefs\20100619.001\BHDrvx86.sys [2010-6-22 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-5-25 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-5-25 116784]
R2 cag;Citrix cag plugin for Access Gateway;c:\program files\common files\deterministic networks\common files\cag.sys [2009-10-22 80920]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-12-26 10384]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-5-25 126392]
R2 nsverctl;Citrix Secure Access Client Service;c:\program files\citrix\secure access client\nsverctl.exe [2010-1-19 154264]
R3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\drivers\ctxva51.sys [2010-1-19 41624]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-6 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\ipsdefs\20100707.001\IDSXpx86.sys [2010-7-7 331640]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-10-25 38224]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\virusdefs\20100707.025\NAVENG.SYS [2010-7-7 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\virusdefs\20100707.025\NAVEX15.SYS [2010-7-7 1347504]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\robert\locals~1\temp\imspcloj.sys --> c:\docume~1\robert\locals~1\temp\iMSPCLOj.sys [?]
S3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys --> c:\windows\system32\drivers\net6im51.sys [?]

=============== Created Last 30 ================

2010-07-08 02:02:07 711168 ----a-w- c:\windows\isRS-000.tmp
2010-07-07 20:57:46 120 ----a-w- c:\windows\Yqusanu.dat
2010-07-07 20:57:46 0 ----a-w- c:\windows\Pneva.bin
2010-06-30 14:37:37 1075 ----a-w- c:\windows\ATICIM.INI
2010-06-30 14:28:25 0 d-----w- C:\ATI
2010-06-30 00:38:57 0 d-----w- c:\program files\Steam
2010-06-21 01:30:38 0 d-----w- c:\docume~1\robert\applic~1\Atari
2010-06-21 01:26:53 197120 ----a-w- c:\windows\patchw32.dll
2010-06-21 01:26:53 0 d-----w- c:\program files\common files\PocketSoft
2010-06-21 01:17:48 0 d-----w- c:\program files\Atari
2010-06-09 01:48:55 0 d-----w- c:\docume~1\robert\applic~1\OverDrive
2010-06-09 01:48:42 0 d-----w- c:\program files\OverDrive Media Console
2010-06-08 05:57:13 0 d-s---w- C:\ComboFix
2010-06-08 05:24:20 0 d-sha-r- C:\cmdcons

==================== Find3M ====================

2010-06-09 05:30:10 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-01 00:15:38 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-31 22:57:19 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-31 22:48:52 138056 ----a-w- c:\docume~1\robert\applic~1\PnkBstrK.sys
2010-05-31 22:48:34 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-05-12 22:32:14 518 ----a-w- c:\program files\Shortcut to StarCraft II Beta.lnk
2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20:32 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-26 20:58:12 256512 ----a-w- c:\windows\PEV.exe
2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll

============= FINISH: 22:18:45.01 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:38 AM

Posted 08 July 2010 - 12:41 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Wikizilla

Wikizilla
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 08 July 2010 - 04:07 PM

ComboFix 10-07-07.01 - Robert 07/08/2010 1:00.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.672 [GMT -5:00]
Running from: c:\documents and settings\Robert\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
c:\documents and settings\Robert\Start Menu\Antimalware Doctor.lnk
c:\documents and settings\Robert\Start Menu\Programs\Antimalware Doctor
c:\documents and settings\Robert\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\Robert\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\documents and settings\Robert\Start Menu\Programs\Startup\Antimalware Doctor.lnk
c:\windows\kbrvcorx.dll
c:\windows\system32\spool\prtprocs\w32x86\17sK1y.dll
c:\windows\system32\spool\prtprocs\w32x86\C7sKU7.dll
F:\Autorun.inf

Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
.

2010-07-07 21:45 . 2010-07-07 21:45 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\{3BB301AB-3EF8-4776-9107-1E9ED33B3E12}
2010-07-07 21:40 . 2010-07-07 21:40 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\{A24F6886-05F9-4321-A024-B1FFE187A4E8}
2010-07-07 20:57 . 2010-07-07 20:57 120 ----a-w- c:\windows\Yqusanu.dat
2010-07-07 20:57 . 2010-07-07 20:57 0 ----a-w- c:\windows\Pneva.bin
2010-07-07 20:57 . 2010-07-07 20:57 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\{767509D9-FD6C-4CAC-AF61-51A16D703456}
2010-06-30 14:28 . 2010-06-30 14:28 -------- d-----w- C:\ATI
2010-06-30 00:38 . 2010-07-08 04:48 -------- d-----w- c:\program files\Steam
2010-06-21 01:30 . 2010-06-21 01:30 -------- d-----w- c:\documents and settings\Robert\Application Data\Atari
2010-06-21 01:26 . 2010-06-21 01:26 -------- d-----w- c:\program files\Common Files\PocketSoft
2010-06-21 01:26 . 2002-02-27 22:50 197120 ----a-w- c:\windows\patchw32.dll
2010-06-21 01:17 . 2010-06-21 01:17 -------- d-----w- c:\program files\Atari
2010-06-10 03:55 . 2010-03-29 13:53 32576 ----a-w- c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\uikth4qk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-06-10 03:55 . 2010-03-29 13:53 29984 ----a-w- c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\uikth4qk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-06-10 03:00 . 2010-06-10 03:00 85504 ----a-w- c:\documents and settings\Robert\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-06-09 02:13 . 2010-06-09 02:13 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\pcsx2
2010-06-09 01:48 . 2010-06-09 01:48 -------- d-----w- c:\documents and settings\Robert\Application Data\OverDrive
2010-06-09 01:48 . 2010-06-09 01:48 -------- d-----w- c:\program files\OverDrive Media Console

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 02:05 . 2009-10-25 10:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-07 22:32 . 2009-12-14 02:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-05 17:18 . 2010-01-20 23:53 -------- d-----w- c:\documents and settings\Robert\Application Data\Orbit
2010-07-05 04:12 . 2010-01-22 04:25 -------- d-----w- c:\documents and settings\Geoff\Application Data\Orbit
2010-07-04 20:39 . 2010-01-24 22:33 -------- d-----w- c:\documents and settings\Carolyn\Application Data\Orbit
2010-07-02 16:44 . 2010-01-26 22:24 -------- d-----w- c:\documents and settings\Steven\Application Data\Apple Computer
2010-07-02 16:44 . 2010-03-02 02:10 85144 ----a-w- c:\documents and settings\Steven\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-02 02:20 . 2010-01-24 13:14 -------- d-----w- c:\documents and settings\Steven\Application Data\Orbit
2010-06-21 01:18 . 2009-06-02 23:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-10 16:25 . 2010-01-27 03:20 -------- d-----w- c:\documents and settings\Liz\Application Data\Orbit
2010-06-10 03:00 . 2009-07-07 00:17 -------- d-----w- c:\documents and settings\Robert\Application Data\SystemRequirementsLab
2010-06-09 05:49 . 2009-10-30 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-09 05:30 . 2009-10-25 05:28 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-08 19:09 . 2009-07-03 18:34 -------- d-----w- c:\program files\OpenOffice.org 3
2010-06-08 19:06 . 2009-06-11 20:20 -------- d-----w- c:\program files\Canon
2010-06-08 13:48 . 2009-06-12 23:30 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-07 06:30 . 2010-06-07 06:30 43385 ----a-r- c:\documents and settings\Robert\Application Data\Microsoft\Installer\{C3DAC196-8487-4E2E-94F3-9CBE361EB712}\_5760EA0C59009CA8D18846.exe
2010-06-07 06:30 . 2010-06-07 06:30 43385 ----a-r- c:\documents and settings\Robert\Application Data\Microsoft\Installer\{C3DAC196-8487-4E2E-94F3-9CBE361EB712}\_21F3885A18D238E15AAE81.exe
2010-06-07 06:30 . 2010-06-07 06:30 32579 ----a-r- c:\documents and settings\Robert\Application Data\Microsoft\Installer\{C3DAC196-8487-4E2E-94F3-9CBE361EB712}\_6FEFF9B68218417F98F549.exe
2010-06-07 06:30 . 2010-06-07 06:30 -------- d-----w- c:\program files\Microsoft Research
2010-06-05 04:57 . 2010-05-31 01:32 -------- d-----w- c:\documents and settings\Robert\Application Data\Skype
2010-06-04 23:34 . 2010-05-31 01:33 -------- d-----w- c:\documents and settings\Robert\Application Data\skypePM
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-02 16:26 . 2009-08-20 01:11 1 ----a-w- c:\documents and settings\Liz\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-01 00:15 . 2009-10-24 02:19 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-31 22:57 . 2009-10-24 02:19 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-31 22:48 . 2009-10-25 21:15 138056 ----a-w- c:\documents and settings\Robert\Application Data\PnkBstrK.sys
2010-05-31 22:48 . 2009-10-25 21:15 138056 ----a-w- c:\documents and settings\Robert\Application Data\PnkBstrK.sys
2010-05-31 22:48 . 2009-10-24 02:19 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-05-31 01:33 . 2010-05-31 01:33 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-31 01:32 . 2010-05-31 01:32 -------- d-----r- c:\program files\Skype
2010-05-31 01:32 . 2010-05-31 01:32 -------- d-----w- c:\program files\Common Files\Skype
2010-05-31 01:32 . 2010-05-31 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-05-23 21:13 . 2010-05-23 21:13 503808 ----a-w- c:\documents and settings\Liz\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-573e2091-n\msvcp71.dll
2010-05-23 21:13 . 2010-05-23 21:13 499712 ----a-w- c:\documents and settings\Liz\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-573e2091-n\jmc.dll
2010-05-23 21:13 . 2010-05-23 21:13 348160 ----a-w- c:\documents and settings\Liz\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-573e2091-n\msvcr71.dll
2010-05-22 19:14 . 2010-05-22 19:14 503808 ----a-w- c:\documents and settings\Geoff\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-179b8451-n\msvcp71.dll
2010-05-22 19:14 . 2010-05-22 19:14 348160 ----a-w- c:\documents and settings\Geoff\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-179b8451-n\msvcr71.dll
2010-05-22 19:14 . 2010-05-22 19:14 499712 ----a-w- c:\documents and settings\Geoff\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-179b8451-n\jmc.dll
2010-05-21 23:10 . 2010-05-21 21:31 -------- d-----w- c:\documents and settings\Robert\Application Data\Audacity
2010-05-21 21:31 . 2010-05-21 21:30 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-05-17 02:28 . 2009-07-16 19:00 85144 ----a-w- c:\documents and settings\Robert\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-17 02:28 . 2009-12-09 16:20 85144 ----a-w- c:\documents and settings\Geoff\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-14 01:40 . 2010-05-14 01:40 -------- d-----w- c:\program files\Lame for Audacity
2010-05-14 01:39 . 2010-05-14 01:39 -------- d-----w- c:\program files\Audacity
2010-05-12 23:54 . 2009-07-02 04:55 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-12 22:32 . 2010-05-12 22:32 518 ----a-w- c:\program files\Shortcut to StarCraft II Beta.lnk
2010-05-12 22:26 . 2010-05-12 22:00 -------- d-----w- c:\program files\StarCraft II Beta
2010-05-12 22:14 . 2010-05-12 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-05-12 22:14 . 2010-05-12 22:00 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-12 21:40 . 2010-05-12 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-05-10 03:46 . 2009-07-05 21:28 1 ----a-w- c:\documents and settings\Geoff\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-06 04:01 . 2010-05-25 18:54 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-05-04 17:20 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:56 . 2004-08-04 10:00 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 20:39 . 2009-10-25 10:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2009-10-25 10:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 05:03 . 2010-05-25 18:54 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-04-22 03:02 . 2010-05-25 18:54 173104 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-04-22 02:29 . 2010-05-25 18:54 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-04-20 05:51 . 2004-08-04 10:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-04-01 05:47 . 2009-06-11 20:09 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-08_05.36.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-08 05:59 . 2010-07-08 05:59 16384 c:\windows\Temp\Perflib_Perfdata_7c0.dat
+ 2010-07-08 05:58 . 2010-07-08 05:58 16384 c:\windows\Temp\Perflib_Perfdata_648.dat
+ 2008-10-22 09:47 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
- 2008-10-22 09:47 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2010-03-31 05:16 . 2010-03-31 05:16 99176 c:\windows\system32\PresentationHostProxy.dll
- 2006-03-04 03:33 . 2010-03-11 12:38 44544 c:\windows\system32\pngfilt.dll
+ 2006-03-04 03:33 . 2010-05-04 17:20 44544 c:\windows\system32\pngfilt.dll
- 2004-08-04 10:00 . 2010-04-17 11:48 67312 c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2010-06-24 17:23 67312 c:\windows\system32\perfc009.dat
+ 2009-11-07 06:07 . 2009-11-07 06:07 49488 c:\windows\system32\netfxperf.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 11600 c:\windows\system32\mui\0409\mscorees.dll
- 2007-08-13 23:54 . 2010-03-11 12:38 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 23:54 . 2010-05-04 17:20 52224 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 10:00 . 2010-05-04 17:20 27648 c:\windows\system32\jsproxy.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 27648 c:\windows\system32\jsproxy.dll
+ 2007-08-13 23:39 . 2010-05-04 12:39 13824 c:\windows\system32\ieudinit.exe
- 2007-08-13 23:39 . 2010-03-10 13:18 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-04 10:00 . 2010-05-04 17:20 44544 c:\windows\system32\iernonce.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 10:00 . 2010-05-04 12:39 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-04 10:00 . 2010-03-10 13:18 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 23:36 . 2010-05-04 17:20 63488 c:\windows\system32\icardie.dll
- 2007-08-13 23:36 . 2010-03-11 12:38 63488 c:\windows\system32\icardie.dll
+ 2010-06-09 05:32 . 2010-06-09 05:30 64288 c:\windows\system32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys
- 2006-03-04 03:33 . 2010-03-11 12:38 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-03-04 03:33 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2009-08-22 01:37 . 2010-03-11 12:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-08-22 01:37 . 2010-05-04 17:20 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-04 10:00 . 2010-05-04 17:20 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2009-08-22 01:37 . 2010-03-10 13:18 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-08-22 01:37 . 2010-05-04 12:39 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-04 10:00 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 10:00 . 2010-05-04 17:20 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 10:00 . 2010-03-10 13:18 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 10:00 . 2010-05-04 12:39 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-08-22 01:37 . 2010-03-11 12:38 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-08-22 01:37 . 2010-05-04 17:20 63488 c:\windows\system32\dllcache\icardie.dll
+ 2004-08-04 10:00 . 2010-05-04 17:20 17408 c:\windows\system32\dllcache\corpol.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 17408 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-04 10:00 . 2010-03-05 14:57 65536 c:\windows\system32\dllcache\asycfilt.dll
- 2009-06-02 22:27 . 2010-06-07 22:57 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-02 22:27 . 2010-06-29 04:21 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-02 22:27 . 2010-06-29 04:21 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-06-02 22:27 . 2010-06-07 22:57 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-06-02 22:27 . 2010-06-07 22:57 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-06-20 12:19 . 2010-06-29 04:21 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-04 10:00 . 2010-03-05 14:57 65536 c:\windows\system32\asycfilt.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-03-23 10:31 . 2010-03-23 10:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-06-09 01:48 . 2010-06-09 01:48 25214 c:\windows\Installer\{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}\_4ae13d6c.exe
+ 2010-06-09 01:48 . 2010-06-09 01:48 25214 c:\windows\Installer\{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}\_2cd672ae.exe
+ 2010-06-09 01:48 . 2010-06-09 01:48 25214 c:\windows\Installer\{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}\_294823.exe
+ 2010-06-09 01:48 . 2010-06-09 01:48 25214 c:\windows\Installer\{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}\_18be6784.exe
+ 2010-06-09 05:48 . 2010-06-09 05:48 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2010-04-15 19:29 . 2010-04-15 19:29 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2010-01-01 01:09 . 2010-05-14 02:55 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-01-01 01:09 . 2010-06-09 05:49 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-01-01 01:09 . 2010-05-14 02:55 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-01 01:09 . 2010-06-09 05:49 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-01 01:09 . 2010-06-09 05:49 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-01-01 01:09 . 2010-05-14 02:55 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-01-01 19:22 . 2010-05-12 04:44 35088 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-01-01 19:22 . 2010-06-09 05:49 35088 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-01-01 19:22 . 2010-05-12 04:44 18704 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-01 19:22 . 2010-06-09 05:49 18704 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-01 19:22 . 2010-06-09 05:49 20240 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-01-01 19:22 . 2010-05-12 04:44 20240 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-09-23 00:58 . 2009-12-20 09:02 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
+ 2009-09-23 00:58 . 2010-06-09 05:50 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
- 2010-04-15 19:29 . 2010-04-15 19:29 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-06-09 05:48 . 2010-06-09 05:48 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-06-08 07:09 . 2010-06-08 07:09 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-30 00:38 . 2010-06-30 00:38 27648 c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
+ 2010-06-09 05:24 . 2010-03-11 12:38 44544 c:\windows\ie7updates\KB982381-IE7\pngfilt.dll
+ 2010-06-09 05:24 . 2010-03-11 12:38 52224 c:\windows\ie7updates\KB982381-IE7\msfeedsbs.dll
+ 2010-06-09 05:24 . 2010-03-11 12:38 27648 c:\windows\ie7updates\KB982381-IE7\jsproxy.dll
+ 2010-06-09 05:24 . 2010-03-10 13:18 13824 c:\windows\ie7updates\KB982381-IE7\ieudinit.exe
+ 2010-06-09 05:24 . 2010-03-11 12:38 44544 c:\windows\ie7updates\KB982381-IE7\iernonce.dll
+ 2010-06-09 05:24 . 2010-03-11 12:38 78336 c:\windows\ie7updates\KB982381-IE7\ieencode.dll
+ 2010-06-09 05:24 . 2010-03-10 13:18 70656 c:\windows\ie7updates\KB982381-IE7\ie4uinit.exe
+ 2010-06-09 05:24 . 2010-03-11 12:38 63488 c:\windows\ie7updates\KB982381-IE7\icardie.dll
+ 2010-06-09 05:24 . 2010-03-11 12:38 17408 c:\windows\ie7updates\KB982381-IE7\corpol.dll
+ 2010-06-24 17:26 . 2010-06-24 17:26 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll
+ 2010-06-24 17:34 . 2010-06-24 17:34 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll
+ 2010-06-09 15:16 . 2010-06-09 15:16 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\1c1629f536fa9874ef08d09fb19ab0f0\System.Windows.Presentation.ni.dll
+ 2010-06-09 15:15 . 2010-06-09 15:15 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll
+ 2010-06-09 15:13 . 2010-06-09 15:13 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-06-09 05:41 . 2010-06-09 05:41 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e67992626a30603458b0df22841c2423\PresentationFontCache.ni.exe
+ 2010-06-24 17:25 . 2010-06-24 17:25 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe
+ 2010-06-09 05:40 . 2010-06-09 05:40 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\6be27d744e6e2bfc4b0e25bd2998ef7c\PresentationCFFRasterizer.ni.dll
+ 2010-06-24 17:24 . 2010-06-24 17:24 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll
+ 2010-06-09 15:14 . 2010-06-09 15:14 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-24 17:22 . 2010-06-24 17:22 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-08-06 08:06 . 2009-08-06 08:06 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-09 05:40 . 2010-06-09 05:40 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-24 17:22 . 2010-06-24 17:22 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-15 12:21 . 2009-10-15 12:21 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-10-15 12:20 . 2009-10-15 12:20 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-15 12:21 . 2009-10-15 12:21 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-15 12:20 . 2009-10-15 12:20 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-15 12:20 . 2009-10-15 12:20 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-10-15 12:20 . 2009-10-15 12:20 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-15 12:20 . 2009-10-15 12:20 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-15 12:20 . 2009-10-15 12:20 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-15 12:20 . 2009-10-15 12:20 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-15 12:20 . 2009-10-15 12:20 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-10-15 12:21 . 2009-10-15 12:21 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-12-15 02:43 . 2010-06-08 06:56 3540 c:\windows\system32\Restore\rstrlog.dat
- 2009-10-15 12:19 . 2009-10-15 12:19 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-10-15 12:20 . 2009-10-15 12:20 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-10-15 12:20 . 2009-10-15 12:20 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-10-15 12:21 . 2009-10-15 12:21 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 233472 c:\windows\system32\webcheck.dll
+ 2004-08-04 10:00 . 2010-05-04 17:20 233472 c:\windows\system32\webcheck.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 105984 c:\windows\system32\url.dll
+ 2004-08-04 10:00 . 2010-05-04 17:20 105984 c:\windows\system32\url.dll
+ 2010-03-31 05:10 . 2010-03-31 05:10 295264 c:\windows\system32\PresentationHost.exe
+ 2004-08-04 10:00 . 2010-06-24 17:23 432356 c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2010-04-17 11:48 432356 c:\windows\system32\perfh009.dat
+ 2004-08-04 10:00 . 2010-05-04 17:20 102912 c:\windows\system32\occache.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 102912 c:\windows\system32\occache.dll
- 2006-03-04 03:33 . 2010-03-11 12:38 671232 c:\windows\system32\mstime.dll
+ 2006-03-04 03:33 . 2010-05-04 17:20 671232 c:\windows\system32\mstime.dll
+ 2006-03-04 03:33 . 2010-05-04 17:20 193024 c:\windows\system32\msrating.dll
- 2006-03-04 03:33 . 2010-03-11 12:38 193024 c:\windows\system32\msrating.dll
+ 2006-03-04 03:33 . 2010-05-04 17:20 477696 c:\windows\system32\mshtmled.dll
- 2006-03-04 03:33 . 2010-03-11 12:38 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 23:54 . 2010-03-11 12:38 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 23:54 . 2010-05-04 17:20 459264 c:\windows\system32\msfeeds.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 297808 c:\windows\system32\mscoree.dll
+ 2007-08-13 23:34 . 2010-05-04 17:20 268288 c:\windows\system32\iertutil.dll
- 2007-08-13 23:34 . 2010-03-11 12:38 268288 c:\windows\system32\iertutil.dll
+ 2006-03-04 03:33 . 2010-05-04 17:20 192512 c:\windows\system32\iepeers.dll
- 2006-03-04 03:33 . 2010-03-11 12:38 192512 c:\windows\system32\iepeers.dll
+ 2004-08-04 10:00 . 2010-05-04 17:20 385024 c:\windows\system32\iedkcs32.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 17:27 . 2010-05-04 17:20 380928 c:\windows\system32\ieapfltr.dll
- 2007-07-11 17:27 . 2010-03-11 12:38 380928 c:\windows\system32\ieapfltr.dll
- 2004-08-04 10:00 . 2010-02-23 05:18 161792 c:\windows\system32\ieakui.dll
+ 2004-08-04 10:00 . 2010-04-16 11:43 161792 c:\windows\system32\ieakui.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 10:00 . 2010-05-04 17:20 230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-04 10:00 . 2010-05-04 17:20 153088 c:\windows\system32\ieakeng.dll
+ 2009-06-02 15:08 . 2010-06-09 13:52 311584 c:\windows\system32\FNTCACHE.DAT
- 2009-06-02 15:08 . 2010-05-14 20:59 311584 c:\windows\system32\FNTCACHE.DAT
+ 2006-03-04 03:33 . 2010-05-04 17:20 133120 c:\windows\system32\extmgr.dll
- 2006-03-04 03:33 . 2010-03-11 12:38 133120 c:\windows\system32\extmgr.dll
+ 2006-03-04 03:33 . 2010-05-04 17:20 214528 c:\windows\system32\dxtrans.dll
- 2006-03-04 03:33 . 2010-03-11 12:38 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-04 10:00 . 2010-05-04 17:20 347136 c:\windows\system32\dxtmsft.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 347136 c:\windows\system32\dxtmsft.dll
+ 2010-05-25 18:54 . 2009-11-05 22:06 328752 c:\windows\system32\drivers\symds.sys
+ 2010-05-25 18:54 . 2010-02-26 00:22 501888 c:\windows\system32\drivers\cchpx86.sys
+ 2006-03-04 03:33 . 2010-05-04 17:20 832512 c:\windows\system32\dllcache\wininet.dll
- 2006-03-04 03:33 . 2010-03-11 12:38 832512 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 10:00 . 2010-05-04 17:20 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 10:00 . 2010-05-04 17:20 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 10:00 . 2010-05-04 17:20 102912 c:\windows\system32\dllcache\occache.dll
- 2006-03-04 03:33 . 2010-03-11 12:38 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-03-04 03:33 . 2010-05-04 17:20 671232 c:\windows\system32\dllcache\mstime.dll
- 2006-03-04 03:33 . 2010-03-11 12:38 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-03-04 03:33 . 2010-05-04 17:20 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-03-04 03:33 . 2010-05-04 17:20 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2006-03-04 03:33 . 2010-03-11 12:38 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2009-08-22 01:37 . 2010-03-11 12:38 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-08-22 01:37 . 2010-05-04 17:20 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-02 22:22 . 2010-04-16 11:43 634656 c:\windows\system32\dllcache\iexplore.exe
- 2009-08-22 01:37 . 2010-03-11 12:38 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2009-08-22 01:37 . 2010-05-04 17:20 268288 c:\windows\system32\dllcache\iertutil.dll
- 2006-03-04 03:33 . 2010-03-11 12:38 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2006-03-04 03:33 . 2010-05-04 17:20 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 10:00 . 2010-05-04 17:20 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-08-22 01:37 . 2010-05-04 17:20 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2009-08-22 01:37 . 2010-03-11 12:38 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2004-08-04 10:00 . 2010-02-23 05:18 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 10:00 . 2010-04-16 11:43 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 10:00 . 2010-05-04 17:20 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 10:00 . 2010-05-04 17:20 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-03-04 03:33 . 2010-05-04 17:20 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-03-04 03:33 . 2010-03-11 12:38 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2006-03-04 03:33 . 2010-05-04 17:20 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2006-03-04 03:33 . 2010-03-11 12:38 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 10:00 . 2010-05-04 17:20 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2004-08-04 10:00 . 2010-04-20 05:51 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2004-08-04 10:00 . 2010-05-04 17:20 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-04 10:00 . 2010-03-11 12:38 124928 c:\windows\system32\advpack.dll
+ 2004-08-04 10:00 . 2010-05-04 17:20 124928 c:\windows\system32\advpack.dll
+ 2010-03-31 05:16 . 2010-03-31 05:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 10:31 . 2010-03-23 10:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-02-09 17:22 . 2010-02-09 17:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-25 05:14 . 2010-02-25 05:14 543232 c:\windows\Installer\221cb29.msp
+ 2010-06-09 01:48 . 2010-06-09 01:48 493056 c:\windows\Installer\15bc5bc.msi
- 2010-01-01 01:09 . 2010-05-14 02:55 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-01-01 01:09 . 2010-06-09 05:49 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-01-01 01:09 . 2010-06-09 05:49 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2010-01-01 01:09 . 2010-05-14 02:55 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2010-01-01 01:09 . 2010-05-14 02:55 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2010-01-01 01:09 . 2010-06-09 05:49 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2010-01-01 01:09 . 2010-05-14 02:55 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-01-01 01:09 . 2010-06-09 05:49 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2010-01-01 19:22 . 2010-05-12 04:44 272648 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-01-01 19:22 . 2010-06-09 05:49 272648 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\pubs.exe
- 2010-01-01 19:22 . 2010-05-12 04:44 217864 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\misc.exe
+ 2010-01-01 19:22 . 2010-06-09 05:49 217864 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\misc.exe
+ 2009-09-23 00:58 . 2010-06-09 05:50 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-09-23 00:58 . 2009-12-20 09:02 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-06-09 05:24 . 2010-03-11 12:38 832512 c:\windows\ie7updates\KB982381-IE7\wininet.dll
+ 2010-06-09 05:24 . 2010-03-11 12:38 233472 c:\windows\ie7updates\KB982381-IE7\webcheck.dll
+ 2010-06-09 05:24 . 2010-03-11 12:38 105984 c:\windows\ie7updates\KB982381-IE7\url.dll
+ 2010-06-09 05:24 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB982381-IE7\spuninst\updspapi.dll
+ 2010-06-09 05:24 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB982381-IE7\spuninst\spuninst.exe
+ 2010-06-09 05:24 . 2010-03-11 12:38 102912 c:\windows\ie7updates\KB982381-IE7\occache.dll
+ 2010-06-09 05:24 . 2010-03-11 12:38 671232 c:\windows\ie7updates\KB982381-IE7\mstime.dll
+ 2010-06-09 05:24 . 2010-03-11 12:38 193024 c:\windows\ie7updates\KB982381-IE7\msrating.dll
+ 2010-06-09 05:24 . 2010-03-11 12:38 477696 c:\windows\ie7updates\KB982381-IE7\mshtmled.dll
+ 2010-06-09 05:24 . 2010-03-11 12:38 459264 c:\windows\ie7updates\KB982381-IE7\msfeeds.dll
+ 2010-06-09 05:24 . 2010-02-23 05:20 634648 c:\windows\ie7updates\KB982381-IE7\iexplore.exe
+ 2010-06-09 05:24 . 2010-03-11 12:38 268288 c:\windows\ie7updates\KB982381-IE7\iertutil.dll
+ 2010-06-09 05:24 . 2010-03-11 12:38 192512 c:\windows\ie7updates\KB982381-IE7\iepeers.dll
+ 2010-06-09 05:24 . 2010-03-11 12:38 385024 c:\windows\ie7updates\KB982381-IE7\iedkcs32.dll
+ 2010-06-09 05:24 . 2010-03-11 12:38 380928 c:\windows\ie7updates\KB982381-IE7\ieapfltr.dll
+ 2010-06-09 05:24 . 2010-02-23 05:18 161792 c:\windows\ie7updates\KB982381-IE7\ieakui.dll
+ 2010-06-09 05:24 . 2010-03-11 12:38 230400 c:\windows\ie7updates\KB982381-IE7\ieaksie.dll
+ 2010-06-09 05:24 . 2010-03-11 12:38 153088 c:\windows\ie7updates\KB982381-IE7\ieakeng.dll
+ 2010-06-09 05:24 . 2010-03-11 12:38 133120 c:\windows\ie7updates\KB982381-IE7\extmgr.dll
+ 2010-06-09 05:24 . 2010-03-11 12:38 214528 c:\windows\ie7updates\KB982381-IE7\dxtrans.dll
+ 2010-06-09 05:24 . 2010-03-11 12:38 347136 c:\windows\ie7updates\KB982381-IE7\dxtmsft.dll
+ 2010-06-09 05:24 . 2010-03-11 12:38 124928 c:\windows\ie7updates\KB982381-IE7\advpack.dll
+ 2010-06-09 05:38 . 2010-06-09 05:38 113664 c:\windows\assembly\tmp\4CJPW29G\System.EnterpriseServices.Wrapper.dll
+ 2010-06-09 05:38 . 2010-06-09 05:38 258048 c:\windows\assembly\tmp\4CJPW29G\System.EnterpriseServices.dll
+ 2010-06-09 15:12 . 2010-06-09 15:12 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe
+ 2010-06-24 17:26 . 2010-06-24 17:26 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll
+ 2010-06-09 05:47 . 2010-06-09 05:47 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a7c702f75d47bf841b9587e582c2d0b2\WindowsFormsIntegration.ni.dll
+ 2010-06-24 17:26 . 2010-06-24 17:26 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll
+ 2010-06-09 05:47 . 2010-06-09 05:47 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\3a78043c85333d5af49a0d958912ae4a\UIAutomationClient.ni.dll
+ 2010-06-09 15:16 . 2010-06-09 15:16 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll
+ 2010-06-09 15:15 . 2010-06-09 15:15 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll
+ 2010-06-09 15:15 . 2010-06-09 15:15 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
+ 2010-06-09 15:15 . 2010-06-09 15:15 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll
+ 2010-06-09 15:15 . 2010-06-09 15:15 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll
+ 2010-06-09 15:15 . 2010-06-09 15:15 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll
+ 2010-06-09 15:15 . 2010-06-09 15:15 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll
+ 2010-06-09 15:15 . 2010-06-09 15:15 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll
+ 2010-06-09 15:15 . 2010-06-09 15:15 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
+ 2010-06-09 15:15 . 2010-06-09 15:15 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
+ 2010-06-09 15:12 . 2010-06-09 15:12 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
+ 2010-06-09 15:14 . 2010-06-09 15:14 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-06-09 15:14 . 2010-06-09 15:14 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll
+ 2010-06-09 15:14 . 2010-06-09 15:14 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
+ 2010-06-09 15:14 . 2010-06-09 15:14 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll
+ 2010-06-09 05:49 . 2010-06-09 05:49 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll
+ 2010-06-09 15:12 . 2010-06-09 15:12 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
+ 2010-06-09 15:14 . 2010-06-09 15:14 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
+ 2010-06-09 15:14 . 2010-06-09 15:14 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
+ 2010-06-09 05:45 . 2010-06-09 05:45 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
+ 2010-06-09 15:14 . 2010-06-09 15:14 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
+ 2010-06-09 15:14 . 2010-06-09 15:14 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-06-09 15:14 . 2010-06-09 15:14 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll
+ 2010-06-09 15:14 . 2010-06-09 15:14 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll
+ 2010-06-09 15:14 . 2010-06-09 15:14 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll
+ 2010-06-09 15:13 . 2010-06-09 15:13 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll
+ 2010-06-09 15:12 . 2010-06-09 15:12 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
+ 2010-06-09 15:14 . 2010-06-09 15:14 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
+ 2010-06-09 15:13 . 2010-06-09 15:13 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll
+ 2010-06-09 15:12 . 2010-06-09 15:12 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe
+ 2010-06-09 15:12 . 2010-06-09 15:12 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
+ 2010-06-09 15:12 . 2010-06-09 15:12 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe
+ 2010-06-09 05:42 . 2010-06-09 05:42 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae733e4062edba3a33bb0a632bef66bf\PresentationFramework.Royale.ni.dll
+ 2010-06-24 17:26 . 2010-06-24 17:26 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll
+ 2010-06-24 17:26 . 2010-06-24 17:26 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll
+ 2010-06-09 05:42 . 2010-06-09 05:42 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3ffad524016f0aba7b11a8aa33301a65\PresentationFramework.Aero.ni.dll
+ 2010-06-24 17:26 . 2010-06-24 17:26 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll
+ 2010-06-24 17:26 . 2010-06-24 17:26 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll
+ 2010-06-09 05:42 . 2010-06-09 05:42 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\201968d038a23a4688310fed1eeaddaa\PresentationFramework.Classic.ni.dll
+ 2010-06-09 05:42 . 2010-06-09 05:42 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ead87ca8eb84c595c77c70e3b2df88d\PresentationFramework.Luna.ni.dll
+ 2010-06-09 15:12 . 2010-06-09 15:12 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe
+ 2010-06-09 15:12 . 2010-06-09 15:12 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-06-09 15:12 . 2010-06-09 15:12 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll
+ 2010-06-09 15:12 . 2010-06-09 15:12 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-06-09 15:12 . 2010-06-09 15:12 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll
+ 2010-06-09 15:12 . 2010-06-09 15:12 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-06-09 15:11 . 2010-06-09 15:11 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
+ 2010-06-09 15:12 . 2010-06-09 15:12 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll
+ 2010-06-24 17:22 . 2010-06-24 17:22 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-15 12:21 . 2009-10-15 12:21 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-10-15 12:21 . 2009-10-15 12:21 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-09 05:40 . 2010-06-09 05:40 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-09 05:40 . 2010-06-09 05:40 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-10-15 12:21 . 2009-10-15 12:21 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-10-15 12:20 . 2009-10-15 12:20 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-10-15 12:20 . 2009-10-15 12:20 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-10-15 12:21 . 2009-10-15 12:21 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-10-15 12:21 . 2009-10-15 12:21 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-10-15 12:21 . 2009-10-15 12:21 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-10-15 12:20 . 2009-10-15 12:20 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-08-06 08:06 . 2009-08-06 08:06 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-06-09 05:40 . 2010-06-09 05:40 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-15 12:20 . 2009-10-15 12:20 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-15 12:20 . 2009-10-15 12:20 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-06-24 17:22 . 2010-06-24 17:22 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-06-24 17:22 . 2010-06-24 17:22 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2004-08-04 10:00 . 2010-04-06 09:52 2462720 c:\windows\system32\WMVCore.dll
+ 2006-03-18 11:09 . 2010-05-04 17:20 1168384 c:\windows\system32\urlmon.dll
- 2006-03-18 11:09 . 2010-03-11 12:38 1168384 c:\windows\system32\urlmon.dll
+ 2004-08-04 10:00 . 2010-02-05 18:40 1291264 c:\windows\system32\quartz.dll
- 2004-08-04 10:00 . 2009-11-27 17:33 1291264 c:\windows\system32\quartz.dll
+ 2006-03-23 17:32 . 2010-05-04 17:20 3600384 c:\windows\system32\mshtml.dll
- 2007-08-13 23:54 . 2010-03-11 12:38 6067200 c:\windows\system32\ieframe.dll
+ 2007-08-13 23:54 . 2010-05-04 17:20 6067200 c:\windows\system32\ieframe.dll
+ 2004-08-04 10:00 . 2010-04-06 09:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-04 10:00 . 2010-05-02 05:56 1850880 c:\windows\system32\dllcache\win32k.sys
+ 2006-03-18 11:09 . 2010-05-04 17:20 1168384 c:\windows\system32\dllcache\urlmon.dll
- 2006-03-18 11:09 . 2010-03-11 12:38 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 10:00 . 2010-02-05 18:40 1291264 c:\windows\system32\dllcache\quartz.dll
- 2004-08-04 10:00 . 2009-11-27 17:33 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2006-03-23 17:32 . 2010-05-04 17:20 3600384 c:\windows\system32\dllcache\mshtml.dll
- 2009-08-22 01:36 . 2010-03-11 12:38 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-22 01:36 . 2010-05-04 17:20 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2009-11-07 06:06 . 2009-11-07 06:06 1130824 c:\windows\system32\dfshim.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2008-11-25 09:59 . 2008-11-25 09:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 10:32 . 2010-03-23 10:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 10:32 . 2010-03-23 10:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2009-11-09 05:25 . 2009-11-09 05:25 1935360 c:\windows\Installer\36e74.msp
+ 2010-04-24 22:08 . 2010-04-24 22:08 9129984 c:\windows\Installer\221cb9c.msp
+ 2010-03-24 23:54 . 2010-03-24 23:54 2516992 c:\windows\Installer\221cb8a.msp
+ 2010-04-24 22:07 . 2010-04-24 22:07 4667392 c:\windows\Installer\221cb78.msp
+ 2010-04-24 22:05 . 2010-04-24 22:05 4199424 c:\windows\Installer\221cb66.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 2607104 c:\windows\Installer\221cb49.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 4210688 c:\windows\Installer\221cb48.msp
+ 2010-04-24 22:10 . 2010-04-24 22:10 8486400 c:\windows\Installer\221cb0c.msp
+ 2010-06-30 00:38 . 2010-06-30 00:38 1094144 c:\windows\Installer\17fa786.msi
+ 2010-01-01 01:09 . 2010-06-09 05:49 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-01-01 01:09 . 2010-05-14 02:55 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-06-09 05:24 . 2010-03-11 12:38 1168384 c:\windows\ie7updates\KB982381-IE7\urlmon.dll
+ 2010-06-09 05:24 . 2010-03-11 12:38 3599872 c:\windows\ie7updates\KB982381-IE7\mshtml.dll
+ 2010-06-09 05:24 . 2010-03-11 12:38 6067200 c:\windows\ie7updates\KB982381-IE7\ieframe.dll
+ 2009-08-06 08:06 . 2009-08-06 08:06 4210688 c:\windows\assembly\temp\IQW28FMSY4\PresentationCore.dll
+ 2009-08-06 08:06 . 2009-08-06 08:06 1245184 c:\windows\assembly\temp\7FLRY4AGMT\WindowsBase.dll
+ 2010-06-09 05:40 . 2010-06-09 05:40 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f231461883859922a040002dddfb7b12\WindowsBase.ni.dll
+ 2010-06-24 17:25 . 2010-06-24 17:25 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
+ 2010-06-24 17:26 . 2010-06-24 17:26 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll
+ 2010-06-09 05:47 . 2010-06-09 05:47 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\48b66876f72f472db62de48ae4369406\UIAutomationClientsideProviders.ni.dll
+ 2010-06-09 05:40 . 2010-06-09 05:40 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-06-09 05:47 . 2010-06-09 05:47 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
+ 2010-06-09 15:16 . 2010-06-09 15:16 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll
+ 2010-06-09 15:16 . 2010-06-09 15:16 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll
+ 2010-06-09 15:16 . 2010-06-09 15:16 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll
+ 2010-06-09 15:16 . 2010-06-09 15:16 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll
+ 2010-06-09 15:15 . 2010-06-09 15:15 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll
+ 2010-06-09 15:15 . 2010-06-09 15:15 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll
+ 2010-06-09 15:15 . 2010-06-09 15:15 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2010-06-09 05:46 . 2010-06-09 05:46 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll
+ 2010-06-09 15:15 . 2010-06-09 15:15 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll
+ 2010-06-09 05:49 . 2010-06-09 05:49 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
+ 2010-06-24 17:26 . 2010-06-24 17:26 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll
+ 2010-06-09 05:45 . 2010-06-09 05:45 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\161b423dc4e86e569af019e838d39de5\System.Printing.ni.dll
+ 2010-06-09 05:49 . 2010-06-09 05:49 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-06-09 05:45 . 2010-06-09 05:45 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
+ 2010-06-09 15:14 . 2010-06-09 15:14 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll
+ 2010-06-09 15:14 . 2010-06-09 15:14 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-06-09 05:44 . 2010-06-09 05:44 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll
+ 2010-06-09 15:12 . 2010-06-09 15:12 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll
+ 2010-06-09 15:14 . 2010-06-09 15:14 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2010-06-09 05:44 . 2010-06-09 05:44 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-06-09 15:14 . 2010-06-09 15:14 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2010-06-09 05:43 . 2010-06-09 05:43 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2010-06-09 05:43 . 2010-06-09 05:43 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\fc373f0a8dbd173c63b6b95551b1c673\ReachFramework.ni.dll
+ 2010-06-24 17:26 . 2010-06-24 17:26 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll
+ 2010-06-09 05:43 . 2010-06-09 05:43 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\ead93b6a4f0101cb99d09f3e3fc6491c\PresentationUI.ni.dll
+ 2010-06-24 17:26 . 2010-06-24 17:26 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll
+ 2010-06-09 05:40 . 2010-06-09 05:40 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-06-09 15:13 . 2010-06-09 15:13 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll
+ 2010-06-09 15:12 . 2010-06-09 15:12 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll
+ 2010-06-09 15:14 . 2010-06-09 15:14 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll
+ 2010-06-09 15:12 . 2010-06-09 15:12 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-06-09 15:12 . 2010-06-09 15:12 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
+ 2010-06-09 15:12 . 2010-06-09 15:12 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll
+ 2010-06-24 17:24 . 2010-06-24 17:24 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-10-15 12:21 . 2009-10-15 12:21 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-06-24 17:22 . 2010-06-24 17:22 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-09 05:40 . 2010-06-09 05:40 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-24 17:22 . 2010-06-24 17:22 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-24 17:24 . 2010-06-24 17:24 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2009-10-15 12:19 . 2009-10-15 12:19 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-24 17:22 . 2010-06-24 17:22 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-10-15 12:21 . 2009-10-15 12:21 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-06 08:06 . 2009-08-06 08:06 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-06-24 17:24 . 2010-06-24 17:24 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2009-10-15 12:20 . 2009-10-15 12:20 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-06-24 17:23 . 2010-06-24 17:23 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-08-22 01:38 . 2010-05-28 19:37 32472008 c:\windows\system32\MRT.exe
+ 2010-06-08 07:08 . 2010-06-08 07:08 20242432 c:\windows\Installer\a7c0c.msp
+ 2010-03-31 06:23 . 2010-03-31 06:23 15638528 c:\windows\Installer\36e81.msp
+ 2010-05-11 16:30 . 2010-05-11 16:30 11194880 c:\windows\Installer\221cbd2.msp
+ 2010-04-24 22:09 . 2010-04-24 22:09 11750912 c:\windows\Installer\221cba5.msp
+ 2010-04-12 03:17 . 2010-04-12 03:17 14599680 c:\windows\Installer\221cb58.msp
+ 2010-04-24 22:07 . 2010-04-24 22:07 10118144 c:\windows\Installer\221cb3c.msp
+ 2010-06-09 05:46 . 2010-06-09 05:46 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-06-09 15:15 . 2010-06-09 15:15 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
+ 2010-06-09 15:11 . 2010-06-09 15:11 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-06-09 05:45 . 2010-06-09 05:45 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll
+ 2010-06-09 05:42 . 2010-06-09 05:42 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ca898d942e4d85af4c3d5f14a77c359a\PresentationFramework.ni.dll
+ 2010-06-24 17:26 . 2010-06-24 17:26 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll
+ 2010-06-09 05:41 . 2010-06-09 05:41 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ba8f917fd89d7afa8885c2a326379f03\PresentationCore.ni.dll
+ 2010-06-24 17:25 . 2010-06-24 17:25 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\documents and settings\Robert\My Documents\CCleaner\CCleaner.exe" [2009-12-21 1803064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 188416]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

c:\documents and settings\Carolyn\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-09-11 16:56 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 18:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Citrix Access Gateway.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Citrix Access Gateway.lnk
backup=c:\windows\pss\Citrix Access Gateway.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk
backup=c:\windows\pss\Program Neighborhood Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Liz^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Liz\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Robert^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Robert\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Robert^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Robert\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 00:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2007-11-06 03:34 741376 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Citi Virtual Account Numbers]
2007-12-07 20:52 270336 ----a-w- c:\progra~1\VIRTUA~1\CitiVAN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-10-30 21:05 77824 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
2004-04-15 08:32 270336 ----a-w- c:\program files\Dell AIO Printer A920\dlbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2007-05-25 17:16 42032 ----a-w- c:\program files\Common Files\aol\1243984118\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-12 01:01 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 22:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMSXXD]
2001-09-27 18:45 13312 ----a-w- c:\windows\system32\LMSXXD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 15:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"HssTrayService"=3 (0x3)
"HssSrv"=2 (0x2)
"HotspotShieldService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"LBTServ"=3 (0x3)
"gusvc"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1243984118\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Citrix\\Secure Access Client\\nsepa.exe"=
"c:\\Program Files\\Citrix\\Secure Access Client\\nsload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/25/2009 12:28 AM 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [5/25/2010 1:54 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [5/25/2010 1:54 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [6/22/2010 6:56 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [5/25/2010 1:54 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [5/25/2010 1:54 PM 116784]
R2 cag;Citrix cag plugin for Access Gateway;c:\program files\Common Files\Deterministic Networks\Common Files\cag.sys [10/22/2009 3:34 PM 80920]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 2:35 PM 181544]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12/26/2009 12:00 AM 10384]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [5/25/2010 1:53 PM 126392]
R2 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe [1/19/2010 5:56 AM 154264]
R3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\drivers\ctxva51.sys [1/19/2010 5:58 AM 41624]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/6/2010 10:14 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100707.001\IDSXpx86.sys [7/7/2010 8:45 PM 331640]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1352832]
S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\Robert\LOCALS~1\Temp\iMSPCLOj.sys --> c:\docume~1\Robert\LOCALS~1\Temp\iMSPCLOj.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10/25/2009 5:26 AM 38224]
S3 Net6IM;Net6;c:\windows\system32\DRIVERS\net6im51.sys --> c:\windows\system32\DRIVERS\net6im51.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-07-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 02:39]

2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://central.hinsdale86.org/pages/default.aspx
uInternet Settings,ProxyServer =
uInternet Settings,ProxyOverride =
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\uikth4qk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\uikth4qk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\uikth4qk.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Robert\Local Settings\Application Data\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\program files\Citrix\Secure Access Client\npagee.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {767509D9-FD6C-4CAC-AF61-51A16D703456} - c:\documents and settings\Robert\Local Settings\Application Data\{767509D9-FD6C-4CAC-AF61-51A16D703456}\
FF - HiddenExtension: XULRunner: {A24F6886-05F9-4321-A024-B1FFE187A4E8} - c:\documents and settings\Robert\Local Settings\Application Data\{A24F6886-05F9-4321-A024-B1FFE187A4E8}\
FF - HiddenExtension: XULRunner: {3BB301AB-3EF8-4776-9107-1E9ED33B3E12} - c:\documents and settings\Robert\Local Settings\Application Data\{3BB301AB-3EF8-4776-9107-1E9ED33B3E12}\

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-070700Setup.exe - c:\documents and settings\Robert\Application Data\155E054EA9CFF4436AD40244FB09A9DB\070700Setup.exe
HKCU-Run-Tcahefogu - c:\windows\kbrvcorx.dll
HKLM-Run-Ehukufufufufufu - c:\windows\usanufeworitulus.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-08 01:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-1284227242-839522115-1006\Software\SecuROM\License information*]
"datasecu"=hex:5d,bb,a6,f7,c7,34,23,79,15,01,28,7a,af,22,bc,58,aa,29,cd,81,68,
19,0f,10,6e,af,ef,24,59,d5,fc,9b,0a,da,e8,f8,d7,ce,df,33,33,55,e7,56,d9,02,\
"rkeysecu"=hex:bb,76,dc,56,93,ca,8f,79,bb,df,e9,df,70,4d,34,79
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1584)
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2010-07-08 01:14:17
ComboFix-quarantined-files.txt 2010-07-08 06:14
ComboFix2.txt 2010-06-08 05:43

Pre-Run: 39,954,464,768 bytes free
Post-Run: 40,335,958,016 bytes free

- - End Of File - - EDE29EA4EA3DA8B758DBBE2DE22BF418








2. I encountered only one problem throughout the course of running Combofix. During the scan, a error popped up saying "Corrupt File - The File or directory C:\WINDOWS\PREFETCH\TASKMGR.EXE-20256C55.pf is corrupt and unreadable. Please run the Chkdsk utility." After COmbofix had finished, I ran a Check Disk and it cleaned up the corrupted file.

3. After running Combofix, my computer seemed fine until Norton detected a Trojan.Zlob.P attack from 17sk1y.dll.vir and gave me this report.









c:\qoobox\quarantine\c\windows\system32\spool\prtprocs\w32x86\17sk1y.dll.vir
____________________________
____________________________
On computer as of
7/7/2010 at 9:52:42 AM
Last Used:
7/8/2010 at 2:38:16 PM
Startup Item: No
Launched: No
____________________________
____________________________
Very Few Users
Fewer than 10 users in the Norton Community have used this file.
____________________________
High
This file risk is high.
____________________________
Threat Details
Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
____________________________
Origin

Downloaded from Not Available
____________________________
URL Not Available
UNTESTED

Source
17sk1y.dll.vir
____________________________
File Actions
Infected file: c:\qoobox\quarantine\c\windows\system32\spool\prtprocs\w32x86\17sk1y.dll.vir
Removed
Infected file: c:\qoobox\quarantine\c\windows\system32\spool\prtprocs\w32x86\c7sku7.dll.vir
Removed
____________________________
File Thumbprint:
Not Available
____________________________



What should I do?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:38 AM

Posted 08 July 2010 - 04:20 PM

greetings

HelpAsst_mebroot_fix
  • Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
  • Close out all other open programs and windows.
  • Double click the file to run it and follow any prompts.
  • If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
  • Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.
    • helpasst -mbrt
  • Make sure you leave a space between helpasst and -mbrt !
  • When it completes, a log will open.
  • Please post the contents of that log.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Wikizilla

Wikizilla
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 10 July 2010 - 08:57 AM

Thanks for your help. I will do that, but I'm leaving town for a week, so I won't have access to the problem computer. Also, I am considering reinstalling windows. Would that be a viable option? I've done it before.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:38 AM

Posted 10 July 2010 - 10:18 AM

greetings

Also, I am considering reinstalling windows. Would that be a viable option? I've done it before.
That is always an option and it will be 100% gone


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:38 AM

Posted 13 July 2010 - 02:39 AM

Since the issue is resolved, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users