Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan Agent rjx


  • This topic is locked This topic is locked
171 replies to this topic

#1 mboden

mboden

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 11 April 2011 - 05:28 PM

Main browser (Mozilla) being redirected to Facemood, volume controls not working (both those seem OK now). Rec'd some popups (AVG) when surfing PDGA.com. Running AVG and Malwarebytes showed some problems that couldn't be entirely fixed. I've run DDS (logs attached and below), defogger and gmer. Have a 64 bit OS, couldn't run gmer as a result. Would appreciate any help in ridding my PC of this trojan. Did try a system restore to no avail.

DDS log below:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 11:26:41.78 on Sun 04/10/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2036.1228 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinTV\WinTV7\WinTVTray.exe
C:\Documents and Settings\Owner\Application Data\Microsoft\Windows Media\12.0\wmpacm .exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\TryIt\Defogger.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
mSearchAssistant = hxxp://start.facemoods.com/?a=mtz&s={searchTerms}&f=4
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
mRun: [Alopabusaxupeto] rundll32.exe "c:\windows\opicecis.dll",Startup
mRun: [Windows Media Player ACM] c:\documents and settings\owner\application data\microsoft\windows media\12.0\wmpacm .exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\window~1.lnk - c:\documents and settings\owner\application data\microsoft\windows media\12.0\wmpacm .exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autost~1.lnk - c:\program files\wintv\Ir.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wintvr~1.lnk - c:\program files\wintv\wintv7\WinTVTray.exe
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x5\programs\WPLauncher.hta
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AutorunsDisabled - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 209.172.52.73 www.google.com
Hosts: 209.172.52.74 search.yahoo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\bjiixbhc.default\
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=mtz
FF - prefs.js: keyword.URL - hxxp://myclearsearch.com/?prt=Guppymcs02ff&Keywords=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\bjiixbhc.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\bjiixbhc.default\extensions\oberongamehost@oberongames.com\platform\winnt_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Oberon Game Host: OberonGameHost@OberonGames.com - %profile%\extensions\OberonGameHost@OberonGames.com
FF - Ext: Oberon Game Host: OberonGameHost@OberonGames.com - %profile%\extensions\OberonGameHost@OberonGames.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: XULRunner: {E6352208-702E-4241-B6D2-C47586015439} - c:\documents and settings\owner\local settings\application data\{E6352208-702E-4241-B6D2-C47586015439}
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://myclearsearch.com/?prt=Guppymcs02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 HauppaugeTVServer;HauppaugeTVServer;c:\program files\wintv\tvserver\HauppaugeTVServer.exe [2009-8-7 434176]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-3-19 10384]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-17 3032360]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-8-7 1442816]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\HCW85cir.sys [2009-8-7 28160]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 135664]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2009-8-8 39048]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-11-17 15144]
.
=============== Created Last 30 ================
.
2011-04-10 12:27:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-10 12:26:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-10 12:25:23 -------- d-----w- C:\TryIt
2011-04-10 11:48:44 -------- d-----w- c:\docume~1\owner\applic~1\facemoods.com
2011-04-10 11:31:22 -------- d-----w- c:\program files\facemoods.com
2011-04-10 11:31:17 -------- d-----w- c:\program files\Search Toolbar
2011-04-10 11:31:15 -------- d-----w- c:\program files\YTD Setup
2011-04-10 11:31:12 129536 ----a-w- c:\docume~1\owner\applic~1\microsoft\windows media\12.0\wmpacm .exe
2011-04-10 11:31:12 -------- d-----w- C:\Program
2011-04-10 11:31:09 542283 ----a-w- c:\temp\ee896009-2241-4d1a-94b7-8f476921cf1c\setup_dc665clbofferDP.exe
2011-04-10 11:31:06 232916 ---h--w- c:\temp\ee896009-2241-4d1a-94b7-8f476921cf1c\OfferApp-2538.exe
2011-04-10 11:31:05 62976 --sha-w- c:\docume~1\owner\applic~1\cleanhdd .exe
2011-04-10 00:40:12 0 ----a-w- c:\windows\Ljakisigihaji.bin
2011-04-10 00:40:11 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\{E6352208-702E-4241-B6D2-C47586015439}
2011-04-02 00:23:14 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-02 00:23:14 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-04-02 00:21:30 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Apple
2011-04-02 00:20:59 -------- d-----w- c:\program files\Bonjour
2011-04-02 00:20:13 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Apple Computer
2011-03-20 03:23:40 -------- d-----w- C:\Decoz
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-01-25 07:28:28 2516 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2011-01-25 07:28:27 88 --sh--r- c:\docume~1\alluse~1\applic~1\0CDE84E0E0.sys
2011-01-21 14:42:25 439808 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-17 20:15:04 10194456 ----a-w- c:\program files\SUPERAntiSpyware.exe
2011-01-16 12:47:53 479248 ----a-w- c:\program files\vlc-setup.exe
2010-10-21 22:46:48 4290744 ----a-w- c:\program files\avg_free_stb_all_2011_1136_cnet.exe
2010-10-13 00:39:43 3877883 ----a-r- c:\program files\ComboFix.exe
2010-09-20 22:16:36 361598192 ----a-w- c:\program files\WordPerfectOfficeInstaller.exe
2010-09-20 20:52:08 11862384 ----a-w- c:\program files\mssefullinstall-x86fre-en-us-xp.exe
2010-09-03 03:29:57 1704744 ----a-w- c:\program files\SkypeSetup.exe
2010-07-03 22:26:07 1008936 ----a-w- c:\program files\AmazonMP3Installer.exe
.
============= FINISH: 11:27:20.79 ===============


Pls. ignore the post here: My previous post on this topic I'm new to the boards and posted in the wrong forum w/o running the suggested programs. My apologies.

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,319 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:35 AM

Posted 21 April 2011 - 02:53 PM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 mboden

mboden
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 22 April 2011 - 03:35 PM

Thanks for the reply, I won't be near the infected machine for six hours, I'll respond back at that time. (I do still need help)

Edited by mboden, 22 April 2011 - 03:36 PM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,319 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:35 AM

Posted 22 April 2011 - 04:22 PM

No problem, please take your time. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 mboden

mboden
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 23 April 2011 - 07:28 AM

OK, I'm back, was tired when I got in last nite. I'll be here all weekend tho. I'm having problems booting the machine right now.

I was able to successfully boot it up, but it shut off by itself while using it this morning. My wife has mentioned this happened to her too during the last couple of weeks (twice). After attempting to reboot, it's only got my background pic displayed, no icons. Left or right clicking on the screen does not bring up a menu. However, I can bring up the task manager. I think I can do a safe boot, should I try that?

Edited by mboden, 23 April 2011 - 07:33 AM.


#6 mboden

mboden
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 23 April 2011 - 07:45 AM

I clicked on f8 & f7 when booting, got the safe mode screen, pick "last good configuration" and it booted OK. When I boot, and this has occurred since it got infected, I get a windows screen (explorer or file manager screen) w/an address of c:\Documents and Settings \Owner\Application Data\Microsoft\Windows with the "Theme" icon displayed.

Other symptoms/problems include being redirected on searches (I corrected the switched home page back to Yahoo), this only seems to happen w/Yahoo (not Google).

I was able to successfully delete a folder called "program" on the C drive.

I have not been logging in (using passwords) to any websites on this machine (like email, banking sites, forums, etc...)

Anyhow, it seems to have booted relatively normally, I'm going to attempt to obtain some fresh logs for you. And thanks much for any help you can provide.

Edited by mboden, 23 April 2011 - 07:50 AM.


#7 mboden

mboden
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 23 April 2011 - 08:08 AM

SEE UPDATE IN NEXT POST (No need to read this post)

DDS logs below (from the DDS version I had downloaded on 4/10/11 that was on the machine-I will attempt to create logs from your DDS link next):
First one:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 8:51:39.76 on Sat 04/23/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2036.1338 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Temp\_ex-68.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinTV\WinTV7\WinTVTray.exe
C:\Documents and Settings\Owner\Application Data\Microsoft\Windows Media\12.0\wmpacm .exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=2
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
mSearchAssistant = hxxp://start.facemoods.com/?a=mtz&s={searchTerms}&f=4
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
mRun: [Alopabusaxupeto] rundll32.exe "c:\windows\opicecis.dll",Startup
mRun: [Windows Media Player ACM] c:\documents and settings\owner\application data\microsoft\windows media\12.0\wmpacm .exe
mRun: [SmartIndex] c:\windows\temp\_ex-68.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\window~1.lnk - c:\documents and settings\owner\application data\microsoft\windows media\12.0\wmpacm .exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autost~1.lnk - c:\program files\wintv\Ir.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wintvr~1.lnk - c:\program files\wintv\wintv7\WinTVTray.exe
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x5\programs\WPLauncher.hta
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AutorunsDisabled - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 209.172.52.73 www.google.com
Hosts: 209.172.52.74 search.yahoo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\bjiixbhc.default\
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://myclearsearch.com/?prt=Guppymcs02ff&Keywords=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\bjiixbhc.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\bjiixbhc.default\extensions\oberongamehost@oberongames.com\platform\winnt_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Oberon Game Host: OberonGameHost@OberonGames.com - %profile%\extensions\OberonGameHost@OberonGames.com
FF - Ext: Oberon Game Host: OberonGameHost@OberonGames.com - %profile%\extensions\OberonGameHost@OberonGames.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: XULRunner: {E6352208-702E-4241-B6D2-C47586015439} - c:\documents and settings\owner\local settings\application data\{E6352208-702E-4241-B6D2-C47586015439}
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://myclearsearch.com/?prt=Guppymcs02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 HauppaugeTVServer;HauppaugeTVServer;c:\program files\wintv\tvserver\HauppaugeTVServer.exe [2009-8-7 434176]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-3-19 10384]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-17 3032360]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-8-7 1442816]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\HCW85cir.sys [2009-8-7 28160]
R3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2011-4-23 50704]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 135664]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2009-8-8 39048]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-11-17 15144]
.
=============== Created Last 30 ================
.
2011-04-23 11:42:36 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-04-23 11:42:36 281104 ----a-w- c:\windows\system32\wpcap.dll
2011-04-23 11:42:36 100880 ----a-w- c:\windows\system32\Packet.dll
2011-04-11 21:27:10 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2011-04-10 12:27:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-10 12:26:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-10 12:25:23 -------- d-----w- C:\TryIt
2011-04-10 11:48:44 -------- d-----w- c:\docume~1\owner\applic~1\facemoods.com
2011-04-10 11:31:22 -------- d-----w- c:\program files\facemoods.com
2011-04-10 11:31:17 -------- d-----w- c:\program files\Search Toolbar
2011-04-10 11:31:15 -------- d-----w- c:\program files\YTD Setup
2011-04-10 11:31:12 129536 ----a-w- c:\docume~1\owner\applic~1\microsoft\windows media\12.0\wmpacm .exe
2011-04-10 00:40:12 0 ----a-w- c:\windows\Ljakisigihaji.bin
2011-04-10 00:40:11 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\{E6352208-702E-4241-B6D2-C47586015439}
2011-04-02 00:23:14 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-02 00:23:14 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-04-02 00:21:30 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Apple
2011-04-02 00:20:59 -------- d-----w- c:\program files\Bonjour
2011-04-02 00:20:13 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Apple Computer
.
==================== Find3M ====================
.
2011-03-07 05:31:47 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:27:43 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 23:03:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-01-25 07:28:28 2516 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2011-01-25 07:28:27 88 --sh--r- c:\docume~1\alluse~1\applic~1\0CDE84E0E0.sys
2011-01-17 20:15:04 10194456 ----a-w- c:\program files\SUPERAntiSpyware.exe
2011-01-16 12:47:53 479248 ----a-w- c:\program files\vlc-setup.exe
2010-10-21 22:46:48 4290744 ----a-w- c:\program files\avg_free_stb_all_2011_1136_cnet.exe
2010-10-13 00:39:43 3877883 ----a-r- c:\program files\ComboFix.exe
2010-09-20 22:16:36 361598192 ----a-w- c:\program files\WordPerfectOfficeInstaller.exe
2010-09-20 20:52:08 11862384 ----a-w- c:\program files\mssefullinstall-x86fre-en-us-xp.exe
2010-09-03 03:29:57 1704744 ----a-w- c:\program files\SkypeSetup.exe
2010-07-03 22:26:07 1008936 ----a-w- c:\program files\AmazonMP3Installer.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3320613AS rev.CC2F -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-6
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A79C33B
user & kernel MBR OK
.
============= FINISH: 8:59:44.21 ===============


Second DDS log below:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/6/2009 5:52:47 PM
System Uptime: 4/23/2011 8:41:07 AM (0 hours ago)
.
Motherboard: Intel Corporation | | DG31PR
Processor: Intel® Core™2 CPU E7400 @ 2.80GHz | J3E1 | 2800/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 230.905 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
5500
5500_Help
5500Tour
5500Trb
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 6.0
Adobe Reader 9.4.2
AiO_Scan
AIOMinimal
AiOSoftware
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AudibleManager
AVG 2011
Belarc Advisor 8.1
Bonjour
CCleaner
CDDRV_Installer
Color Efex Pro 3.0 Wacom Edition 3
Copy
Corel Painter Essentials 4
Corel WordPerfect Office - iFilter
CreativeProjects
Digital Voice Editor 3
Director
DocProc
Dot to Dot
erLT
Facebook Plug-In
Facemoods Toolbar
Fax
Google Chrome
Google Earth
Google Update Helper
Hauppauge WinTV 7
Hauppauge WinTV Infrared Remote
HijackThis 2.0.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
hpmdtab
HPSystemDiagnostics
InfraRecorder
InstantShare
Intel® Graphics Media Accelerator Driver
Intel® PRO Ethernet Adapter and Software
iTunes
Jasc Animation Shop 3
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 9
Java™ 6 Update 15
K-Lite Mega Codec Pack 4.3.4
KhalInstallWrapper
Lame ACM MP3 Codec
LightScribe System Software 1.14.25.1
Logitech SetPoint
Logitech Vid HD
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.52
Mile Stones
Mozilla Firefox (3.6.16)
Mozilla Thunderbird (3.1.9)
MSN
MSXML 4.0 SP2 (KB973688)
MySpaceIM
Nero 8 Essentials
neroxml
Only Astrology
Overland
Paltalk Messenger
Pen Tablet
PhotoGallery
PrintScreen
QFolder
QuickProjects
QuickTime
Readme
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Scan
Search Toolbar
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkinsHP1
SkinsHP2
Spelling Dictionaries Support For Adobe Reader 9
The Print Shop 23
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
VCRedistSetup
VideoLAN VLC media player 0.8.6f
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WordPerfect Lightning
WordPerfect Lightning - IPM
WordPerfect Lightning - Messages
WordPerfect Lightning - MSOM
WordPerfect Office X5
WordPerfect Office X5 - Common
Wordperfect Office X5 - EN
WordPerfect Office X5 - Filters
WordPerfect Office X5 - Graphics
WordPerfect Office X5 - IPM
WordPerfect Office X5 - LegalTools
WordPerfect Office X5 - Migration Manager
WordPerfect Office X5 - Oxford
WordPerfect Office X5 - PerfectExperts EN
WordPerfect Office X5 - PR
WordPerfect Office X5 - QP
WordPerfect Office X5 - Setup Files
WordPerfect Office X5 - Sharepoint
WordPerfect Office X5 - Skins
WordPerfect Office X5 - System EN
WordPerfect Office X5 - Templates
WordPerfect Office X5 - WP
WordPerfect Office X5 - WT
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/23/2011 7:51:39 AM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 0007E909B58E has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
4/18/2011 6:55:21 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
4/18/2011 11:44:28 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109).
.
==== End Of File ===========================

Edited by mboden, 23 April 2011 - 08:36 AM.


#8 mboden

mboden
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 23 April 2011 - 08:43 AM

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 8:51:39.76 on Sat 04/23/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2036.1338 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Temp\_ex-68.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinTV\WinTV7\WinTVTray.exe
C:\Documents and Settings\Owner\Application Data\Microsoft\Windows Media\12.0\wmpacm .exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=2
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
mSearchAssistant = hxxp://start.facemoods.com/?a=mtz&s={searchTerms}&f=4
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
mRun: [Alopabusaxupeto] rundll32.exe "c:\windows\opicecis.dll",Startup
mRun: [Windows Media Player ACM] c:\documents and settings\owner\application data\microsoft\windows media\12.0\wmpacm .exe
mRun: [SmartIndex] c:\windows\temp\_ex-68.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\window~1.lnk - c:\documents and settings\owner\application data\microsoft\windows media\12.0\wmpacm .exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autost~1.lnk - c:\program files\wintv\Ir.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wintvr~1.lnk - c:\program files\wintv\wintv7\WinTVTray.exe
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x5\programs\WPLauncher.hta
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AutorunsDisabled - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 209.172.52.73 www.google.com
Hosts: 209.172.52.74 search.yahoo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\bjiixbhc.default\
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://myclearsearch.com/?prt=Guppymcs02ff&Keywords=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\bjiixbhc.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\bjiixbhc.default\extensions\oberongamehost@oberongames.com\platform\winnt_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Oberon Game Host: OberonGameHost@OberonGames.com - %profile%\extensions\OberonGameHost@OberonGames.com
FF - Ext: Oberon Game Host: OberonGameHost@OberonGames.com - %profile%\extensions\OberonGameHost@OberonGames.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: XULRunner: {E6352208-702E-4241-B6D2-C47586015439} - c:\documents and settings\owner\local settings\application data\{E6352208-702E-4241-B6D2-C47586015439}
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://myclearsearch.com/?prt=Guppymcs02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 HauppaugeTVServer;HauppaugeTVServer;c:\program files\wintv\tvserver\HauppaugeTVServer.exe [2009-8-7 434176]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-3-19 10384]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-17 3032360]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-8-7 1442816]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\HCW85cir.sys [2009-8-7 28160]
R3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2011-4-23 50704]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 135664]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2009-8-8 39048]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-11-17 15144]
.
=============== Created Last 30 ================
.
2011-04-23 11:42:36 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-04-23 11:42:36 281104 ----a-w- c:\windows\system32\wpcap.dll
2011-04-23 11:42:36 100880 ----a-w- c:\windows\system32\Packet.dll
2011-04-11 21:27:10 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2011-04-10 12:27:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-10 12:26:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-10 12:25:23 -------- d-----w- C:\TryIt
2011-04-10 11:48:44 -------- d-----w- c:\docume~1\owner\applic~1\facemoods.com
2011-04-10 11:31:22 -------- d-----w- c:\program files\facemoods.com
2011-04-10 11:31:17 -------- d-----w- c:\program files\Search Toolbar
2011-04-10 11:31:15 -------- d-----w- c:\program files\YTD Setup
2011-04-10 11:31:12 129536 ----a-w- c:\docume~1\owner\applic~1\microsoft\windows media\12.0\wmpacm .exe
2011-04-10 00:40:12 0 ----a-w- c:\windows\Ljakisigihaji.bin
2011-04-10 00:40:11 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\{E6352208-702E-4241-B6D2-C47586015439}
2011-04-02 00:23:14 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-02 00:23:14 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-04-02 00:21:30 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Apple
2011-04-02 00:20:59 -------- d-----w- c:\program files\Bonjour
2011-04-02 00:20:13 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Apple Computer
.
==================== Find3M ====================
.
2011-03-07 05:31:47 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:27:43 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 23:03:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-01-25 07:28:28 2516 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2011-01-25 07:28:27 88 --sh--r- c:\docume~1\alluse~1\applic~1\0CDE84E0E0.sys
2011-01-17 20:15:04 10194456 ----a-w- c:\program files\SUPERAntiSpyware.exe
2011-01-16 12:47:53 479248 ----a-w- c:\program files\vlc-setup.exe
2010-10-21 22:46:48 4290744 ----a-w- c:\program files\avg_free_stb_all_2011_1136_cnet.exe
2010-10-13 00:39:43 3877883 ----a-r- c:\program files\ComboFix.exe
2010-09-20 22:16:36 361598192 ----a-w- c:\program files\WordPerfectOfficeInstaller.exe
2010-09-20 20:52:08 11862384 ----a-w- c:\program files\mssefullinstall-x86fre-en-us-xp.exe
2010-09-03 03:29:57 1704744 ----a-w- c:\program files\SkypeSetup.exe
2010-07-03 22:26:07 1008936 ----a-w- c:\program files\AmazonMP3Installer.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3320613AS rev.CC2F -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-6
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A79C33B
user & kernel MBR OK
.
============= FINISH: 8:59:44.21 ===============

Edited by mboden, 23 April 2011 - 08:47 AM.


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,319 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:35 AM

Posted 23 April 2011 - 08:48 AM

Hi again, that looks like a hosts file hijack, so lets get rid of that first. :)

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 mboden

mboden
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 23 April 2011 - 09:11 AM

Good morning! I had just downloaded a zip utility and was going to attemp to zip up the attachment (the other DDS log). I'll stop doing that. I also have not completed the other tasks in your first email (deleting files and such). Glad to hear from you. I'll start w/the instructions on your last post.

#11 mboden

mboden
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 23 April 2011 - 10:06 AM

OK, ran the combofix, log is below:

ComboFix 11-04-22.03 - Owner 04/23/2011 10:33:25.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2036.985 [GMT -4:00]
Running from: E:\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\Adobe\plugs
c:\documents and settings\Owner\Application Data\Adobe\shed
c:\documents and settings\Owner\Application Data\facemoods.com
c:\documents and settings\Owner\Application Data\Microsoft\Windows Media\12.0
c:\documents and settings\Owner\Application Data\Microsoft\Windows Media\12.0\locale.cls
c:\documents and settings\Owner\Application Data\Microsoft\Windows Media\12.0\wmpacm .exe
c:\documents and settings\Owner\Local Settings\Application Data\{E6352208-702E-4241-B6D2-C47586015439}
c:\documents and settings\Owner\Local Settings\Application Data\{E6352208-702E-4241-B6D2-C47586015439}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{E6352208-702E-4241-B6D2-C47586015439}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{E6352208-702E-4241-B6D2-C47586015439}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{E6352208-702E-4241-B6D2-C47586015439}\install.rdf
c:\documents and settings\Owner\WINDOWS
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv .exe
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\opicecis.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\mygp
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
c:\windows\Temp\_ex-68.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-03-23 to 2011-04-23 )))))))))))))))))))))))))))))))
.
.
2011-04-23 14:04 . 2011-04-23 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2011-04-23 12:30 . 2011-04-23 12:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-04-23 12:30 . 2011-04-23 12:30 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-04-23 12:30 . 2011-04-23 12:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-04-11 21:27 . 2008-02-27 17:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2011-04-10 12:27 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-10 12:26 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-10 12:25 . 2011-04-23 14:01 -------- d-----w- C:\TryIt
2011-04-10 11:31 . 2011-04-10 11:31 -------- d-----w- c:\program files\YTD Setup
2011-04-10 11:31 . 2011-04-10 11:31 232916 ---h--w- c:\temp\ee896009-2241-4d1a-94b7-8f476921cf1c\OfferApp-2538.exe
2011-04-10 10:16 . 2011-04-10 10:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-04-10 00:40 . 2011-04-23 10:29 0 ----a-w- c:\windows\Ljakisigihaji.bin
2011-04-08 03:15 . 2011-04-08 03:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-04-02 00:23 . 2011-04-02 00:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2011-04-02 00:23 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-02 00:23 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-04-02 00:21 . 2011-04-10 12:38 -------- d-----w- c:\program files\QuickTime
2011-04-02 00:21 . 2011-04-02 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-04-02 00:21 . 2011-04-02 00:21 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple
2011-04-02 00:21 . 2011-04-02 00:21 -------- d-----w- c:\program files\Apple Software Update
2011-04-02 00:20 . 2011-04-02 00:21 -------- d-----w- c:\program files\Bonjour
2011-04-02 00:20 . 2011-04-02 00:22 -------- d-----w- c:\program files\Common Files\Apple
2011-04-02 00:20 . 2011-04-02 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-04-02 00:20 . 2011-04-02 00:23 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:31 . 2009-08-06 21:49 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-05-09 10:45 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:27 . 2008-10-31 14:52 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2008-10-16 01:04 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:19 . 2008-12-19 15:15 457472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:19 . 2008-12-11 13:33 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-10-24 02:33 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-14 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-15 00:35 . 2010-10-05 02:58 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-09 13:53 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 23:03 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-08 13:33 . 2008-04-14 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-01-25 07:28 . 2010-09-20 22:36 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-01-25 07:28 . 2010-09-20 22:36 88 --sh--r- c:\documents and settings\All Users\Application Data\0CDE84E0E0.sys
2011-01-17 20:15 . 2011-01-17 20:15 10194456 ----a-w- c:\program files\SUPERAntiSpyware.exe
2011-01-16 12:47 . 2011-01-16 12:48 479248 ----a-w- c:\program files\vlc-setup.exe
2010-10-21 22:46 . 2010-10-21 22:47 4290744 ----a-w- c:\program files\avg_free_stb_all_2011_1136_cnet.exe
2010-10-13 00:39 . 2010-10-12 22:59 3877883 ----a-r- c:\program files\ComboFix.exe
2010-09-20 22:16 . 2010-09-20 22:04 361598192 ----a-w- c:\program files\WordPerfectOfficeInstaller.exe
2010-09-20 20:52 . 2010-09-20 20:50 11862384 ----a-w- c:\program files\mssefullinstall-x86fre-en-us-xp.exe
2010-09-03 03:29 . 2010-09-03 03:30 1704744 ----a-w- c:\program files\SkypeSetup.exe
2010-07-03 22:26 . 2010-07-03 22:26 1008936 ----a-w- c:\program files\AmazonMP3Installer.exe
.
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG10\avgtray .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan .exe
c:\program files\QuickTime\qttask   .exe
</pre>
.
------- Sigcheck -------
.
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot_2010-10-14_18.33.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-04-23 14:43 . 2011-04-23 14:43 16384 c:\windows\Temp\Perflib_Perfdata_7f8.dat
+ 2008-10-23 10:17 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
- 2008-10-23 10:17 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 12:00 . 2011-04-16 09:00 80974 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2010-10-13 20:38 80974 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
- 2008-04-14 12:00 . 2010-09-10 05:58 66560 c:\windows\system32\mshtmled.dll
- 2007-08-13 23:54 . 2010-09-10 05:58 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 23:54 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
- 2008-04-14 12:00 . 2010-09-10 05:58 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
+ 2010-10-07 16:23 . 2010-10-07 16:23 75040 c:\windows\system32\jdns_sd.dll
- 2009-08-06 21:49 . 2008-04-14 12:00 81920 c:\windows\system32\isign32.dll
+ 2009-08-06 21:49 . 2010-11-18 18:12 81920 c:\windows\system32\isign32.dll
+ 2011-04-02 00:21 . 2011-02-18 20:36 41984 c:\windows\system32\DRVSTORE\usbaapl_05A32DBD3911A2EF4222EF5BE7BB535FAB37D6C4\usbaapl.sys
+ 2011-04-02 00:21 . 2010-04-19 23:29 18432 c:\windows\system32\DRVSTORE\netaapl_8A27A03003759CB01567E831096473C330131D64\netaapl.sys
+ 2011-04-02 00:23 . 2009-05-18 17:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2008-04-14 12:00 . 2010-11-02 15:17 40960 c:\windows\system32\drivers\ndproxy.sys
+ 2010-10-07 16:23 . 2010-10-07 16:23 91424 c:\windows\system32\dnssd.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 45568 c:\windows\system32\dnsrslvr.dll
+ 2008-04-14 12:00 . 2009-04-20 17:06 45568 c:\windows\system32\dnsrslvr.dll
- 2008-04-14 12:00 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2008-04-14 12:00 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2009-08-06 22:05 . 2011-04-23 12:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-06 22:05 . 2009-08-06 22:05 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-06 22:05 . 2011-04-23 12:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-06 22:05 . 2009-08-06 22:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-04-23 12:30 . 2011-04-23 12:30 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-04-23 12:30 . 2011-04-23 12:30 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-10-16 21:57 . 2010-10-16 21:57 21504 c:\windows\Installer\344f51.msi
+ 2011-03-03 05:58 . 2011-03-03 05:58 38400 c:\windows\Installer\1f65936.msi
+ 2011-04-23 14:04 . 2011-04-23 14:04 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}\IconCD95F6617.exe
+ 2011-04-02 00:21 . 2011-04-02 00:21 27136 c:\windows\Installer\{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe
- 2010-06-09 06:02 . 2010-06-09 06:02 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2011-04-16 08:57 . 2011-04-16 08:57 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2010-01-13 22:53 . 2010-10-13 20:43 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-01-13 22:53 . 2011-04-16 09:03 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-01-13 22:53 . 2010-10-13 20:43 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-13 22:53 . 2011-04-16 09:03 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-01-13 22:53 . 2011-04-16 09:03 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-01-13 22:53 . 2010-10-13 20:43 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-03-03 05:58 . 2011-04-21 09:06 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-09-23 08:47 . 2010-09-23 08:47 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\reader_sl.exe
+ 2010-09-23 07:03 . 2010-09-23 07:03 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\eula.exe
+ 2010-09-23 06:52 . 2010-09-23 06:52 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrotextextractor.exe
+ 2010-09-22 22:12 . 2010-09-22 22:12 15800 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32Info.exe
+ 2011-04-16 09:01 . 2010-12-20 23:59 12800 c:\windows\ie8updates\KB2497640-IE8\xpshims.dll
+ 2011-04-16 09:01 . 2010-12-20 23:59 66560 c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll
+ 2011-04-16 09:01 . 2010-12-20 23:59 55296 c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll
+ 2011-04-16 09:01 . 2010-12-20 23:59 43520 c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll
+ 2011-04-16 09:01 . 2010-12-20 23:59 25600 c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll
+ 2011-02-10 09:59 . 2010-11-06 00:26 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-02-10 09:59 . 2010-11-06 00:26 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-02-10 09:59 . 2010-11-06 00:26 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-02-10 09:59 . 2010-11-06 00:26 43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-02-10 09:59 . 2010-11-06 00:26 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
+ 2010-12-16 16:53 . 2010-09-10 05:58 12800 c:\windows\ie8updates\KB2416400-IE8\xpshims.dll
+ 2010-12-16 16:53 . 2010-09-10 05:58 66560 c:\windows\ie8updates\KB2416400-IE8\mshtmled.dll
+ 2010-12-16 16:53 . 2010-09-10 05:58 55296 c:\windows\ie8updates\KB2416400-IE8\msfeedsbs.dll
+ 2010-12-16 16:53 . 2010-09-10 05:58 43520 c:\windows\ie8updates\KB2416400-IE8\licmgr10.dll
+ 2010-12-16 16:53 . 2010-09-10 05:58 25600 c:\windows\ie8updates\KB2416400-IE8\jsproxy.dll
+ 2011-04-16 09:03 . 2011-04-16 09:03 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\368187bcb570d202a019fc7c53b1df4c\UIAutomationProvider.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\3f621b90371e67197bd4d0b86aa6f21d\System.Windows.Presentation.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\577b049541803541e6b00e2c36c00852\System.Web.DynamicData.Design.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\636ed65b7e5481320e3010b78a5e6cfa\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f83b1e8dd8c90490c8d924826c8b107d\System.AddIn.Contract.ni.dll
+ 2011-04-16 09:01 . 2011-04-16 09:01 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2740ba673b1040f1995f13c6044da64c\PresentationFontCache.ni.exe
+ 2011-04-16 09:01 . 2011-04-16 09:01 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8514e7de63d46b6f8232ef70d93a1650\PresentationCFFRasterizer.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\108426b4dc654100c9a99bfa71f69886\Microsoft.Vsa.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8905268997c77a27c7f9c54aeba37f24\Microsoft.Build.Framework.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\11bb8ef375848eb1c074da1afd5cecdc\Microsoft.Build.Framework.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\6d74b9308a1517bfe959e597c3dd2427\dfsvc.ni.exe
+ 2011-04-16 09:13 . 2011-04-16 09:13 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\fdf7f1404f4a5c7f5a0463d8e7a442e4\Accessibility.ni.dll
+ 2011-04-16 08:59 . 2011-04-16 08:59 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-04-16 08:59 . 2011-04-16 08:59 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-02-10 09:59 . 2009-12-14 07:08 33280 c:\windows\$NtUninstallKB2476687$\csrsrv.dll
+ 2010-12-16 16:52 . 2010-06-21 14:46 46080 c:\windows\$NtUninstallKB2443685$\tzchange.exe
+ 2010-12-16 16:52 . 2010-11-05 05:57 16896 c:\windows\$NtUninstallKB2443685$\spuninst\tzchange.dll
+ 2010-12-16 16:54 . 2008-04-14 12:00 81920 c:\windows\$NtUninstallKB2443105$\isign32.dll
+ 2010-12-16 16:53 . 2008-04-14 12:00 40576 c:\windows\$NtUninstallKB2440591$\ndproxy.sys
+ 2010-12-16 16:47 . 2008-04-14 12:00 46080 c:\windows\$NtUninstallKB2423089$\wab.exe
+ 2011-03-16 15:56 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971029\update\spcustom.dll
+ 2011-03-16 15:56 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971029\spmsg.dll
+ 2011-03-24 08:16 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2524375\update\spcustom.dll
+ 2011-03-24 08:16 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2524375\spmsg.dll
+ 2011-02-10 10:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2485376\update\spcustom.dll
+ 2011-02-10 10:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2485376\spmsg.dll
+ 2011-02-10 09:59 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2482017-IE8\update\spcustom.dll
+ 2011-02-10 09:59 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2482017-IE8\spmsg.dll
+ 2011-02-09 20:23 . 2010-12-20 23:58 12800 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\xpshims.dll
+ 2011-02-09 20:23 . 2010-12-20 23:58 66560 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtmled.dll
+ 2011-02-09 20:23 . 2010-12-20 23:58 55296 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeedsbs.dll
+ 2011-02-09 20:23 . 2010-12-20 23:58 43520 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\licmgr10.dll
+ 2011-02-09 20:23 . 2010-12-20 23:58 25600 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\jsproxy.dll
+ 2011-03-09 07:27 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2479943\update\spcustom.dll
+ 2011-03-09 07:27 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2479943\spmsg.dll
+ 2011-02-10 09:59 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2476687\update\spcustom.dll
+ 2011-02-10 09:59 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2476687\spmsg.dll
+ 2011-02-09 20:23 . 2010-12-09 14:29 33280 c:\windows\$hf_mig$\KB2476687\SP3QFE\csrsrv.dll
+ 2010-12-16 16:52 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2467659\update\spcustom.dll
+ 2010-12-16 16:52 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2467659\spmsg.dll
+ 2010-12-16 16:54 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2443105\update\spcustom.dll
+ 2010-12-16 16:54 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2443105\spmsg.dll
+ 2010-12-15 17:00 . 2010-11-18 18:12 81920 c:\windows\$hf_mig$\KB2443105\SP3QFE\isign32.dll
+ 2010-12-16 16:53 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2440591\update\spcustom.dll
+ 2010-12-16 16:53 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2440591\spmsg.dll
+ 2010-12-15 16:59 . 2010-11-03 05:55 40960 c:\windows\$hf_mig$\KB2440591\SP3QFE\ndproxy.sys
+ 2010-12-16 16:47 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2423089\update\spcustom.dll
+ 2010-12-16 16:47 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2423089\spmsg.dll
+ 2010-12-15 16:59 . 2010-10-11 14:55 45568 c:\windows\$hf_mig$\KB2423089\SP3QFE\wab.exe
+ 2010-12-16 16:53 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2416400-IE8\update\spcustom.dll
+ 2010-12-16 16:53 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2416400-IE8\spmsg.dll
+ 2010-12-15 16:59 . 2010-11-06 00:27 12800 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\xpshims.dll
+ 2010-12-15 16:59 . 2010-11-06 00:27 66560 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtmled.dll
+ 2010-12-15 16:59 . 2010-11-06 00:27 55296 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\msfeedsbs.dll
+ 2010-12-15 16:59 . 2010-11-06 00:27 43520 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\licmgr10.dll
+ 2010-12-15 16:59 . 2010-11-06 00:27 25600 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\jsproxy.dll
+ 2010-12-16 16:55 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2296199\update\spcustom.dll
+ 2010-12-16 16:55 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2296199\spmsg.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-10-11 07:02 . 2010-10-11 07:02 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-04-23 14:43 . 2009-10-07 05:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2008-04-14 12:00 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 135168 c:\windows\system32\shsvcs.dll
+ 2008-04-14 12:00 . 2011-01-21 14:42 439808 c:\windows\system32\shimgvw.dll
+ 2010-06-26 11:01 . 2011-04-10 02:41 210336 c:\windows\system32\Restore\rstrlog.dat
+ 2008-04-14 12:00 . 2011-04-16 09:00 464474 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2010-10-13 20:38 464474 c:\windows\system32\perfh009.dat
+ 2008-09-15 15:09 . 2010-11-09 14:50 253952 c:\windows\system32\odbc32.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll
- 2008-04-14 12:00 . 2010-09-10 05:58 206848 c:\windows\system32\occache.dll
+ 2008-04-14 12:00 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll
- 2008-04-14 12:00 . 2010-09-10 05:58 611840 c:\windows\system32\mstime.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll
+ 2007-08-13 23:54 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll
- 2007-08-13 23:54 . 2010-09-10 05:58 602112 c:\windows\system32\msfeeds.dll
+ 2011-03-23 08:36 . 2011-03-23 08:36 235168 c:\windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe
- 2008-04-17 04:50 . 2009-06-26 19:11 730112 c:\windows\system32\lsasrv.dll
+ 2008-04-17 04:50 . 2010-12-20 17:24 730112 c:\windows\system32\lsasrv.dll
- 2008-04-14 12:00 . 2009-06-25 08:41 301568 c:\windows\system32\kerberos.dll
+ 2008-04-14 12:00 . 2010-12-22 12:32 301568 c:\windows\system32\kerberos.dll
- 2008-05-09 10:45 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
+ 2008-05-09 10:45 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll
- 2008-04-14 12:00 . 2010-09-10 05:58 184320 c:\windows\system32\iepeers.dll
- 2008-04-14 12:00 . 2010-09-10 05:58 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-14 12:00 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe
+ 2011-04-02 00:23 . 2008-04-17 16:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2010-10-07 16:23 . 2010-10-07 16:23 197920 c:\windows\system32\dnssdX.dll
+ 2008-07-28 13:41 . 2011-03-03 06:53 149504 c:\windows\system32\dnsapi.dll
+ 2010-10-07 16:23 . 2010-10-07 16:23 107808 c:\windows\system32\dns-sd.exe
+ 2011-04-10 01:32 . 2010-10-11 18:58 142960 c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
+ 2009-08-08 16:43 . 2011-03-22 03:23 580096 c:\windows\PaltalkScene\uninstall.exe
- 2009-08-08 16:43 . 2010-07-01 21:42 580096 c:\windows\PaltalkScene\uninstall.exe
+ 2011-01-18 08:39 . 2011-01-18 08:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2010-05-11 10:40 . 2010-05-11 10:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2010-05-11 10:40 . 2010-05-11 10:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-04-02 00:20 . 2011-04-02 00:20 811520 c:\windows\Installer\c5d315.msi
+ 2010-07-23 06:03 . 2010-07-23 06:03 338432 c:\windows\Installer\4a732.msp
+ 2010-10-21 22:54 . 2010-10-21 22:54 219648 c:\windows\Installer\1a7d33.msi
+ 2011-02-14 23:06 . 2011-02-14 23:06 236032 c:\windows\Installer\16751ea.msi
+ 2011-04-23 14:04 . 2011-04-23 14:04 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}\IconCD95F66110.exe
- 2010-01-13 22:53 . 2010-10-13 20:43 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-01-13 22:53 . 2011-04-16 09:03 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-01-13 22:53 . 2011-04-16 09:03 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2010-01-13 22:53 . 2010-10-13 20:43 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-01-13 22:53 . 2011-04-16 09:03 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2010-01-13 22:53 . 2010-10-13 20:43 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2010-01-13 22:53 . 2010-10-13 20:43 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-01-13 22:53 . 2011-04-16 09:03 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-01-13 22:53 . 2010-10-13 20:43 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-01-13 22:53 . 2011-04-16 09:03 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-01-13 22:53 . 2011-04-16 09:03 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2010-01-13 22:53 . 2010-10-13 20:43 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-01-13 22:53 . 2011-04-16 09:03 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2010-01-13 22:53 . 2010-10-13 20:43 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-04-02 00:23 . 2011-04-23 12:30 380928 c:\windows\Installer\{2A697B53-0DE3-42DA-B41D-C3F804B1C538}\iTunesIco.exe
+ 2010-09-22 22:10 . 2010-09-22 22:10 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\nppdf32.dll
+ 2010-09-10 22:17 . 2010-09-10 22:17 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\JP2KLib.dll
+ 2010-09-23 00:41 . 2010-09-23 00:41 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AdobeCollabSync.exe
+ 2010-09-23 08:47 . 2010-09-23 08:47 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.exe
+ 2010-09-22 22:04 . 2010-09-22 22:04 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroPDF.dll
+ 2010-09-22 23:39 . 2010-09-22 23:39 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobroker.exe
+ 2010-09-22 22:50 . 2010-09-22 22:50 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\a3dutility.exe
+ 2011-04-16 08:54 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2011-04-16 08:54 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2011-04-16 08:54 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2011-04-16 08:54 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2011-04-16 09:01 . 2010-12-20 23:59 916480 c:\windows\ie8updates\KB2497640-IE8\wininet.dll
+ 2011-04-16 09:01 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2497640-IE8\spuninst\updspapi.dll
+ 2011-04-16 09:01 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2497640-IE8\spuninst\spuninst.exe
+ 2011-04-16 09:01 . 2010-12-20 23:59 206848 c:\windows\ie8updates\KB2497640-IE8\occache.dll
+ 2011-04-16 09:01 . 2010-12-20 23:59 611840 c:\windows\ie8updates\KB2497640-IE8\mstime.dll
+ 2011-04-16 09:01 . 2010-12-20 23:59 602112 c:\windows\ie8updates\KB2497640-IE8\msfeeds.dll
+ 2011-04-16 09:01 . 2010-12-20 23:59 247808 c:\windows\ie8updates\KB2497640-IE8\ieproxy.dll
+ 2011-04-16 09:01 . 2010-12-20 23:59 184320 c:\windows\ie8updates\KB2497640-IE8\iepeers.dll
+ 2011-04-16 09:01 . 2010-12-20 23:59 743424 c:\windows\ie8updates\KB2497640-IE8\iedvtool.dll
+ 2011-04-16 09:01 . 2010-12-20 23:59 387584 c:\windows\ie8updates\KB2497640-IE8\iedkcs32.dll
+ 2011-04-16 09:01 . 2010-12-20 12:55 173568 c:\windows\ie8updates\KB2497640-IE8\ie4uinit.exe
+ 2011-02-10 09:59 . 2010-11-06 00:26 916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-02-10 09:59 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-02-10 09:59 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-02-10 09:59 . 2010-11-06 00:26 206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-02-10 09:59 . 2010-11-06 00:26 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-02-10 09:59 . 2010-11-06 00:26 602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-02-10 09:59 . 2010-11-06 00:26 247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-02-10 09:59 . 2010-11-06 00:26 184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-02-10 09:59 . 2010-11-06 00:26 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-02-10 09:59 . 2010-11-06 00:26 387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-02-10 09:59 . 2010-11-03 12:26 173568 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2010-12-16 16:53 . 2010-09-10 05:58 916480 c:\windows\ie8updates\KB2416400-IE8\wininet.dll
+ 2010-12-16 16:53 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2416400-IE8\spuninst\updspapi.dll
+ 2010-12-16 16:53 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2416400-IE8\spuninst\spuninst.exe
+ 2010-12-16 16:53 . 2010-09-10 05:58 206848 c:\windows\ie8updates\KB2416400-IE8\occache.dll
+ 2010-12-16 16:53 . 2010-09-10 05:58 611840 c:\windows\ie8updates\KB2416400-IE8\mstime.dll
+ 2010-12-16 16:53 . 2010-09-10 05:58 602112 c:\windows\ie8updates\KB2416400-IE8\msfeeds.dll
+ 2010-12-16 16:53 . 2010-09-10 05:58 247808 c:\windows\ie8updates\KB2416400-IE8\ieproxy.dll
+ 2010-12-16 16:53 . 2010-09-10 05:58 184320 c:\windows\ie8updates\KB2416400-IE8\iepeers.dll
+ 2010-12-16 16:53 . 2010-09-10 05:58 743424 c:\windows\ie8updates\KB2416400-IE8\iedvtool.dll
+ 2010-12-16 16:53 . 2010-09-10 05:58 387584 c:\windows\ie8updates\KB2416400-IE8\iedkcs32.dll
+ 2010-12-16 16:53 . 2010-08-26 12:22 173056 c:\windows\ie8updates\KB2416400-IE8\ie4uinit.exe
+ 2010-02-10 17:28 . 2011-02-17 13:19 457472 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-04-16 09:14 . 2011-04-16 09:14 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\95de80b860252231b46014f58226e473\WsatConfig.ni.exe
+ 2011-04-16 09:03 . 2011-04-16 09:03 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\715710f5a31a494ed5c0ec0874dafe3e\WindowsFormsIntegration.ni.dll
+ 2011-04-16 09:03 . 2011-04-16 09:03 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\017be0e6c5f1810f15a696157cd5e2c2\UIAutomationTypes.ni.dll
+ 2011-04-16 09:03 . 2011-04-16 09:03 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\bec5b0a93df12eb26c02c877a4eae678\UIAutomationClient.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\3d8f787002439f4942c33f376cfd8555\System.Xml.Linq.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\4b746fea8062a10ccc6e5331914e7dad\System.Web.Routing.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\103956fdb019bce8a173fe9cb9da3e02\System.Web.RegularExpressions.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c0a156fbf46ad272ac262e45eaa998f4\System.Web.Extensions.Design.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\e3651e13567ce4e3fa7bb2fbab737d9a\System.Web.Entity.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\834d7769f39e4d937eda1ad3707d4716\System.Web.Entity.Design.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\032c96c6206b53bca122d1fbaf5f8ca2\System.Web.DynamicData.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6ce0e4fb33afcfcce43c427e82b987db\System.Web.Abstractions.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\990d96810a21e0fa95f916ffc66f3a94\System.Transactions.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\9e91cca51a5ed6fb13b67558109d2726\System.Security.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fa6a58394a1f162eecce4cd8af0875c3\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\6194eb4bc1e0133d0183d086b747f512\System.Net.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\d6ae8171ae6fd4fe83add34e6d70e5b5\System.Management.Instrumentation.ni.dll
+ 2011-04-16 09:13 . 2011-04-16 09:13 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\abd5a61d39e474f12b30ccbbe6277667\System.IO.Log.ni.dll
+ 2011-04-16 09:13 . 2011-04-16 09:13 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\12c4dba6d4ff0278d208c283d9ed7670\System.IdentityModel.Selectors.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.Wrapper.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff5c7a52497d892f3a3206384d46b5e7\System.EnterpriseServices.ni.dll
+ 2011-04-16 09:03 . 2011-04-16 09:03 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e6b7128278d8c0e8382a5685f5b196c6\System.Drawing.Design.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ef56bf47fc2fc4204e0fcc1f32bab01\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\447d7b4a7d0add13f8d2086088bcc41c\System.DirectoryServices.Protocols.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ce2afe8854ee9cdc834b6f392348c882\System.Data.Services.Design.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\03d4658290e300e437e745ef4a613b59\System.Data.Services.Client.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\7ce21a2855bb7731de4dab797e69f3f6\System.Data.Entity.Design.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\ea57694aea47c05853516c9bb2ad54b4\System.Data.DataSetExtensions.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f312bb844670ebc7458fec9e6b2568b3\System.Configuration.Install.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\afd9595f07a8c68b26e81cf995957f56\System.AddIn.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\3a42b2fbafe93d7b9395e328bea35afa\SMSvcHost.ni.exe
+ 2011-04-16 09:14 . 2011-04-16 09:14 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\97ff96d3fc8d0b10ea294f320acf821e\SMDiagnostics.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\28ed0e9efd938b05b4f53e0d90046701\ServiceModelReg.ni.exe
+ 2011-04-16 09:02 . 2011-04-16 09:02 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ffe13679e6b3e36e5cb6c47f8c4faf9c\PresentationFramework.Aero.ni.dll
+ 2011-04-16 09:02 . 2011-04-16 09:02 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbb40299379f2009c140ddadb04231b4\PresentationFramework.Classic.ni.dll
+ 2011-04-16 09:02 . 2011-04-16 09:02 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a34cd33cec1bdfebe4a3910bceb8723b\PresentationFramework.Royale.ni.dll
+ 2011-04-16 09:02 . 2011-04-16 09:02 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\689bb394bcb437ed085c22a43aba30c6\PresentationFramework.Luna.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5670e74887ef1025c6a8c056ffe86b38\MSBuild.ni.exe
+ 2011-04-16 09:14 . 2011-04-16 09:14 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\653732002ebf5c68f69150a60e145e6a\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\cc62770393640302bd4d7e442b1e49a4\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\352bff1ee71ce114e225f849038dc48d\Microsoft.Build.Utilities.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\7345f4d2d7157bf49de4158e8f2b6847\Microsoft.Build.Engine.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\d7dba901ddd410ca1a0156d0f2a27533\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\010552e529d130ce914765b0801e2367\CustomMarshalers.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\6861f639b13967e9b014b44bbb7c5d4c\ComSvcConfig.ni.exe
+ 2011-04-16 09:13 . 2011-04-16 09:13 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\800da7dec567fadf3392091e9f01ecb9\AspNetMMCExt.ni.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-04-16 08:59 . 2011-04-16 08:59 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-04-16 08:59 . 2011-04-16 08:59 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-04-16 08:59 . 2011-04-16 08:59 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-04-16 08:59 . 2011-04-16 08:59 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-04-16 08:59 . 2011-04-16 08:59 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-03-16 15:56 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971029$\spuninst\updspapi.dll
+ 2011-03-16 15:56 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971029$\spuninst\spuninst.exe
+ 2011-03-16 15:56 . 2008-04-14 12:00 135168 c:\windows\$NtUninstallKB971029$\shsvcs.dll
+ 2011-03-24 08:16 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2524375$\spuninst\updspapi.dll
+ 2011-03-24 08:16 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2524375$\spuninst\spuninst.exe
+ 2011-02-10 10:01 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2485376$\spuninst\updspapi.dll
+ 2011-02-10 10:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2485376$\spuninst\spuninst.exe
+ 2011-02-10 10:01 . 2010-10-28 13:13 290048 c:\windows\$NtUninstallKB2485376$\atmfd.dll
+ 2011-02-10 10:01 . 2010-07-05 23:46 382840 c:\windows\$NtUninstallKB2483185$\spuninst\updspapi.dll
+ 2011-02-10 10:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2483185$\spuninst\spuninst.exe
+ 2011-02-10 10:01 . 2008-04-14 12:00 438272 c:\windows\$NtUninstallKB2483185$\shimgvw.dll
+ 2011-03-09 07:27 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2479943$\spuninst\updspapi.dll
+ 2011-03-09 07:27 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2479943$\spuninst\spuninst.exe
+ 2011-03-09 07:27 . 2008-04-14 12:00 270848 c:\windows\$NtUninstallKB2479943$\sbe.dll
+ 2011-03-09 07:27 . 2008-04-14 12:00 186880 c:\windows\$NtUninstallKB2479943$\encdec.dll
+ 2011-02-10 10:01 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2479628$\spuninst\updspapi.dll
+ 2011-02-10 10:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2479628$\spuninst\spuninst.exe
+ 2011-02-10 10:01 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2478971$\spuninst\updspapi.dll
+ 2011-02-10 10:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2478971$\spuninst\spuninst.exe
+ 2011-02-10 10:01 . 2009-06-25 08:41 301568 c:\windows\$NtUninstallKB2478971$\kerberos.dll
+ 2011-02-10 09:58 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2478960$\spuninst\updspapi.dll
+ 2011-02-10 09:58 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2478960$\spuninst\spuninst.exe
+ 2011-02-10 09:58 . 2009-06-26 19:11 730112 c:\windows\$NtUninstallKB2478960$\lsasrv.dll
+ 2011-02-10 09:59 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2476687$\spuninst\updspapi.dll
+ 2011-02-10 09:59 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2476687$\spuninst\spuninst.exe
+ 2010-12-16 16:52 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2467659$\spuninst\updspapi.dll
+ 2010-12-16 16:52 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2467659$\spuninst\spuninst.exe
+ 2010-12-16 16:52 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2443685$\spuninst\updspapi.dll
+ 2010-12-16 16:52 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2443685$\spuninst\spuninst.exe
+ 2010-12-16 16:54 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2443105$\spuninst\updspapi.dll
+ 2010-12-16 16:54 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2443105$\spuninst\spuninst.exe
+ 2010-12-16 16:53 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2440591$\spuninst\updspapi.dll
+ 2010-12-16 16:53 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2440591$\spuninst\spuninst.exe
+ 2010-12-16 16:52 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2436673$\spuninst\updspapi.dll
+ 2010-12-16 16:52 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2436673$\spuninst\spuninst.exe
+ 2010-12-16 16:47 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2423089$\spuninst\updspapi.dll
+ 2010-12-16 16:47 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2423089$\spuninst\spuninst.exe
+ 2011-01-13 07:16 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2419632$\spuninst\updspapi.dll
+ 2011-01-13 07:16 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2419632$\spuninst\spuninst.exe
+ 2011-01-13 07:16 . 2008-09-15 15:09 249856 c:\windows\$NtUninstallKB2419632$\odbc32.dll
+ 2011-01-13 07:16 . 2008-04-14 12:00 102400 c:\windows\$NtUninstallKB2419632$\msjro.dll
+ 2011-01-13 07:16 . 2008-04-14 12:00 200704 c:\windows\$NtUninstallKB2419632$\msadox.dll
+ 2011-01-13 07:16 . 2008-04-14 12:00 180224 c:\windows\$NtUninstallKB2419632$\msadomd.dll
+ 2011-01-13 07:16 . 2008-09-15 15:09 536576 c:\windows\$NtUninstallKB2419632$\msado15.dll
+ 2011-01-13 07:16 . 2008-04-14 12:00 143360 c:\windows\$NtUninstallKB2419632$\msadco.dll
+ 2011-02-10 09:58 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2393802$\spuninst\updspapi.dll
+ 2011-02-10 09:58 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2393802$\spuninst\spuninst.exe
+ 2011-02-10 09:58 . 2009-02-09 12:10 714752 c:\windows\$NtUninstallKB2393802$\ntdll.dll
+ 2010-12-16 16:55 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2296199$\spuninst\updspapi.dll
+ 2010-12-16 16:55 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2296199$\spuninst\spuninst.exe
+ 2010-12-16 16:55 . 2010-09-01 11:51 285824 c:\windows\$NtUninstallKB2296199$\atmfd.dll
+ 2011-03-16 15:56 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971029\update\updspapi.dll
+ 2011-03-16 15:56 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB971029\update\update.exe
+ 2011-03-16 15:56 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971029\spuninst.exe
+ 2011-03-15 21:19 . 2009-07-27 22:13 135168 c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
+ 2011-03-24 08:16 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2524375\update\updspapi.dll
+ 2011-03-24 08:16 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2524375\update\update.exe
+ 2011-03-24 08:16 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2524375\spuninst.exe
+ 2011-02-10 10:01 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2485376\update\updspapi.dll
+ 2011-02-10 10:01 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2485376\update\update.exe
+ 2011-02-10 10:01 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2485376\spuninst.exe
+ 2011-02-09 20:24 . 2011-01-07 14:09 290048 c:\windows\$hf_mig$\KB2485376\SP3QFE\atmfd.dll
+ 2011-02-10 09:59 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2482017-IE8\update\updspapi.dll
+ 2011-02-10 09:59 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2482017-IE8\update\update.exe
+ 2011-02-10 09:59 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2482017-IE8\spuninst.exe
+ 2011-02-09 20:23 . 2010-12-20 23:58 919552 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
+ 2011-02-09 20:23 . 2010-12-20 23:58 206848 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\occache.dll
+ 2011-02-09 20:23 . 2010-12-20 23:58 611840 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mstime.dll
+ 2011-02-09 20:23 . 2010-12-20 23:58 602112 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeeds.dll
+ 2011-02-09 20:23 . 2010-12-20 23:58 247808 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieproxy.dll
+ 2011-02-09 20:23 . 2010-12-20 23:58 184320 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iepeers.dll
+ 2011-02-09 20:23 . 2010-12-20 23:58 743424 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedvtool.dll
+ 2011-02-09 20:23 . 2010-12-20 23:58 387584 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedkcs32.dll
+ 2011-02-09 20:23 . 2010-12-20 12:48 173568 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ie4uinit.exe
+ 2011-03-09 07:27 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2479943\update\updspapi.dll
+ 2011-03-09 07:27 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2479943\update\update.exe
+ 2011-03-09 07:27 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2479943\spuninst.exe
+ 2011-03-08 22:53 . 2011-02-09 13:52 270848 c:\windows\$hf_mig$\KB2479943\SP3QFE\sbe.dll
+ 2011-03-08 22:53 . 2011-02-09 13:52 186880 c:\windows\$hf_mig$\KB2479943\SP3QFE\encdec.dll
+ 2011-02-10 09:59 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2476687\update\updspapi.dll
+ 2011-02-10 09:59 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2476687\update\update.exe
+ 2011-02-10 09:59 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2476687\spuninst.exe
+ 2010-12-16 16:52 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2467659\update\updspapi.dll
+ 2010-12-16 16:52 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2467659\update\update.exe
+ 2010-12-16 16:52 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2467659\spuninst.exe
+ 2010-12-16 16:54 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2443105\update\updspapi.dll
+ 2010-12-16 16:54 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2443105\update\update.exe
+ 2010-12-16 16:54 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2443105\spuninst.exe
+ 2010-12-16 16:53 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2440591\update\updspapi.dll
+ 2010-12-16 16:53 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2440591\update\update.exe
+ 2010-12-16 16:53 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2440591\spuninst.exe
+ 2010-12-16 16:47 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2423089\update\updspapi.dll
+ 2010-12-16 16:47 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2423089\update\update.exe
+ 2010-12-16 16:47 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2423089\spuninst.exe
+ 2010-12-16 16:53 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2416400-IE8\update\updspapi.dll
+ 2010-12-16 16:53 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2416400-IE8\update\update.exe
+ 2010-12-16 16:53 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2416400-IE8\spuninst.exe
+ 2010-12-15 16:59 . 2010-11-06 00:27 919552 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
+ 2010-12-15 16:59 . 2010-11-06 00:27 206848 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\occache.dll
+ 2010-12-15 16:59 . 2010-11-06 00:27 611840 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mstime.dll
+ 2010-12-15 16:59 . 2010-11-06 00:27 602112 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\msfeeds.dll
+ 2010-12-15 16:59 . 2010-11-06 00:27 247808 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ieproxy.dll
+ 2010-12-15 16:59 . 2010-11-06 00:27 184320 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iepeers.dll
+ 2010-12-15 16:59 . 2010-11-06 00:27 743424 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iedvtool.dll
+ 2010-12-15 16:59 . 2010-11-06 00:27 387584 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iedkcs32.dll
+ 2010-12-15 16:59 . 2010-11-03 12:01 173568 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ie4uinit.exe
+ 2010-12-16 16:55 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2296199\update\updspapi.dll
+ 2010-12-16 16:55 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2296199\update\update.exe
+ 2010-12-16 16:55 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2296199\spuninst.exe
+ 2010-12-15 17:00 . 2010-10-28 13:08 290048 c:\windows\$hf_mig$\KB2296199\SP3QFE\atmfd.dll
+ 2011-04-15 17:03 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2008-10-16 01:04 . 2011-02-22 23:06 1210880 c:\windows\system32\urlmon.dll
- 2008-10-16 01:04 . 2010-09-10 05:58 1210880 c:\windows\system32\urlmon.dll
- 2008-09-09 13:15 . 2010-07-27 06:28 8463360 c:\windows\system32\shell32.dll
+ 2008-09-09 13:15 . 2011-01-21 14:42 8463360 c:\windows\system32\shell32.dll
+ 2008-08-14 10:39 . 2010-12-09 13:47 2148864 c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 06:09 . 2010-12-09 13:09 2027008 c:\windows\system32\ntkrnlpa.exe
+ 2008-12-12 18:14 . 2011-02-22 23:06 5962240 c:\windows\system32\mshtml.dll
+ 2010-01-27 01:07 . 2011-03-23 08:36 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2007-08-13 23:34 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll
+ 2009-08-06 17:41 . 2011-04-16 09:19 1021616 c:\windows\system32\FNTCACHE.DAT
- 2009-08-06 17:41 . 2010-10-14 01:11 1021616 c:\windows\system32\FNTCACHE.DAT
+ 2011-04-02 00:21 . 2011-02-18 20:36 4184352 c:\windows\system32\DRVSTORE\usbaapl_05A32DBD3911A2EF4222EF5BE7BB535FAB37D6C4\usbaaplrc.dll
+ 2011-04-02 00:21 . 2010-04-19 23:29 1461992 c:\windows\system32\DRVSTORE\netaapl_8A27A03003759CB01567E831096473C330131D64\wdfcoinstaller01009.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 5813072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2010-05-11 10:40 . 2010-05-11 10:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-01-18 08:39 . 2011-01-18 08:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-04-02 00:23 . 2011-04-02 00:23 5448704 c:\windows\Installer\c5d32e.msi
+ 2011-04-02 00:22 . 2011-04-02 00:22 9472000 c:\windows\Installer\c5d32a.msi
+ 2011-04-02 00:21 . 2011-04-02 00:21 1554944 c:\windows\Installer\c5d325.msi
+ 2011-04-02 00:21 . 2011-04-02 00:21 3085312 c:\windows\Installer\c5d320.msi
+ 2011-04-02 00:21 . 2011-04-02 00:21 1984000 c:\windows\Installer\c5d31b.msi
+ 2011-03-30 15:40 . 2011-03-30 15:40 3272704 c:\windows\Installer\677ba.msi
+ 2011-03-30 15:38 . 2011-03-30 15:38 1611776 c:\windows\Installer\677a9.msi
+ 2011-04-23 14:04 . 2011-04-23 14:04 1696768 c:\windows\Installer\4c2a9b.msi
+ 2010-10-21 23:10 . 2010-10-21 23:10 3995136 c:\windows\Installer\4a75d.msp
+ 2010-11-21 04:35 . 2010-11-21 04:35 3359744 c:\windows\Installer\4a748.msp
+ 2010-12-17 05:17 . 2010-12-17 05:17 3362304 c:\windows\Installer\35ee652.msp
+ 2010-09-17 11:04 . 2010-09-17 11:04 9401856 c:\windows\Installer\31855.msp
+ 2010-10-21 23:12 . 2010-10-21 23:12 3359744 c:\windows\Installer\3184d.msp
+ 2010-10-07 23:43 . 2010-10-07 23:43 1980416 c:\windows\Installer\31831.msp
+ 2011-02-16 18:54 . 2011-02-16 18:54 4992000 c:\windows\Installer\2e12b01.msp
+ 2011-01-11 22:53 . 2011-01-11 22:53 1763328 c:\windows\Installer\2e12aeb.msp
+ 2011-01-11 22:52 . 2011-01-11 22:52 3360768 c:\windows\Installer\24b2c.msp
+ 2010-11-08 07:14 . 2010-11-08 07:14 3402752 c:\windows\Installer\2401f7f.msp
+ 2011-03-18 00:05 . 2011-03-18 00:05 4989440 c:\windows\Installer\1dab5.msp
+ 2011-01-11 21:49 . 2011-01-11 21:49 9003008 c:\windows\Installer\1da9f.msp
+ 2010-11-21 03:32 . 2010-11-21 03:32 4165120 c:\windows\Installer\1da8a.msp
+ 2010-11-21 03:34 . 2010-11-21 03:34 1198080 c:\windows\Installer\1da68.msp
+ 2011-03-18 00:01 . 2011-03-18 00:01 9563648 c:\windows\Installer\1da4c.msp
+ 2011-01-11 21:50 . 2011-01-11 21:50 8177152 c:\windows\Installer\1da44.msp
+ 2010-11-21 03:33 . 2010-11-21 03:33 1980928 c:\windows\Installer\1da28.msp
+ 2010-01-13 22:53 . 2011-04-16 09:03 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-01-13 22:53 . 2010-10-13 20:43 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-01-13 22:53 . 2011-04-16 09:03 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2010-01-13 22:53 . 2010-10-13 20:43 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-09-22 22:05 . 2010-09-22 22:05 2405784 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\rt3d.dll
+ 2010-09-16 07:08 . 2010-09-16 07:08 6210560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\authplay.dll
+ 2010-06-19 21:51 . 2010-06-19 21:51 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AGM.dll
+ 2011-04-16 09:01 . 2010-12-20 23:59 1210880 c:\windows\ie8updates\KB2497640-IE8\urlmon.dll
+ 2011-04-16 09:01 . 2010-12-20 23:59 5961216 c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
+ 2011-04-16 09:01 . 2010-12-20 23:59 1991680 c:\windows\ie8updates\KB2497640-IE8\iertutil.dll
+ 2011-02-10 09:59 . 2010-11-06 00:26 1210880 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-02-10 09:59 . 2010-11-06 00:26 5959168 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-02-10 09:59 . 2010-11-06 00:26 1991680 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2010-12-16 16:53 . 2010-09-10 05:58 1210880 c:\windows\ie8updates\KB2416400-IE8\urlmon.dll
+ 2010-12-16 16:53 . 2010-09-10 05:58 5957120 c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
+ 2010-12-16 16:53 . 2010-09-10 05:58 1986560 c:\windows\ie8updates\KB2416400-IE8\iertutil.dll
+ 2009-10-24 02:34 . 2010-12-09 13:43 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-10-24 02:34 . 2010-12-09 13:09 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-08-04 22:47 . 2010-12-09 23:39 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-10-24 02:34 . 2010-12-09 13:47 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-04-16 09:01 . 2011-04-16 09:01 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e431fde1b252312b331f7108259fda\WindowsBase.ni.dll
+ 2011-04-16 09:03 . 2011-04-16 09:03 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\9e022c95e79f2b6f383a501ad99f08a9\UIAutomationClientsideProviders.ni.dll
+ 2011-04-16 09:01 . 2011-04-16 09:01 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
+ 2011-04-16 09:03 . 2011-04-16 09:03 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\6346221cecf631e5c0b754d842aad102\System.WorkflowServices.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\1fbcd203ff8d77d561df8bf806417ab6\System.Workflow.Runtime.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\efbaf3696c44fd7d4b3cd925e0437b36\System.Workflow.ComponentModel.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\52a9bc5dd1fa497af7c7f4600bd8e6d1\System.Workflow.Activities.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f5ebeeb0a8aaba9db15ec3df591339ba\System.Web.Services.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\92d6b75e3b63b528d4069bf4ee01983a\System.Web.Mobile.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\02d53154634c8000382942e0f43ead41\System.Web.Extensions.ni.dll
+ 2011-04-16 09:03 . 2011-04-16 09:03 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\dd128c8e21e7fa14c12b71df9892d046\System.Speech.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8b0bb430bb6af96c18b43e3c54cfafe8\System.ServiceModel.Web.ni.dll
+ 2011-04-16 09:13 . 2011-04-16 09:13 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\85090bd451617e204ffda625b8d9fc30\System.Runtime.Serialization.ni.dll
+ 2011-04-16 09:03 . 2011-04-16 09:03 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\85a7a7aace114e78fc6c9b219bcd5551\System.Printing.ni.dll
+ 2011-04-16 09:13 . 2011-04-16 09:13 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\86c59378e9a43bf101a10ad452a4bb8e\System.IdentityModel.ni.dll
+ 2011-04-16 09:03 . 2011-04-16 09:03 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c05d9332116964104c721e97f7ce1058\System.DirectoryServices.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\0118c0c73ea5c77bda7b10b188102ab6\System.Deployment.ni.dll
+ 2011-04-16 09:02 . 2011-04-16 09:02 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\1337829e3df6888464a17aab78bb9b8f\System.Data.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ba3ca7a93e227c32ce7b50d0a7ba935f\System.Data.SqlXml.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de52be5da96059651b5bec800cb4605\System.Data.Services.ni.dll
+ 2011-04-16 09:03 . 2011-04-16 09:03 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\11f1306e0e311a0d0cbd139fb2fa4c36\System.Data.Linq.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\c91e83e85c030bc914ecc302fa9b2c60\System.Data.Entity.ni.dll
+ 2011-04-16 09:02 . 2011-04-16 09:02 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll
+ 2011-04-16 09:02 . 2011-04-16 09:02 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\12efddabe6fe35be21246c88ed9bf8ab\ReachFramework.ni.dll
+ 2011-04-16 09:02 . 2011-04-16 09:02 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\257c9327ba9cc5cd87f58de224aa2e0d\PresentationUI.ni.dll
+ 2011-04-16 09:01 . 2011-04-16 09:01 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b117bf63daa7e587f1bb2d975dccb4af\PresentationBuildTasks.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\269103939243ec6929739c8b9a645c0d\Microsoft.VisualBasic.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\bf7bd26d2828e35156814018939ce4f6\Microsoft.Transactions.Bridge.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\6594c17d7e112b0507b701d5b8a67bba\Microsoft.JScript.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f5eb1e42ccd0f67f7496b94a31949cd0\Microsoft.Build.Tasks.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cc7f05675a5cd8014222be1483d6beaf\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\41cf95aa4ff5765b515d3252abc6353b\Microsoft.Build.Engine.ni.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-04-16 08:59 . 2011-04-16 08:59 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-04-16 08:59 . 2011-04-16 08:59 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-04-16 08:59 . 2011-04-16 08:59 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-04-16 09:00 . 2011-04-16 09:00 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-10-11 07:02 . 2011-04-16 09:00 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-10-11 07:02 . 2010-10-11 07:02 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-02-10 10:01 . 2010-07-27 06:28 8463360 c:\windows\$NtUninstallKB2483185$\shell32.dll
+ 2011-02-10 10:01 . 2010-10-26 13:27 1862272 c:\windows\$NtUninstallKB2479628$\win32k.sys
+ 2010-12-16 16:52 . 2010-08-31 13:38 1861888 c:\windows\$NtUninstallKB2436673$\win32k.sys
+ 2011-02-10 09:58 . 2010-04-27 13:54 2146304 c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
+ 2011-02-10 09:58 . 2010-04-27 13:14 2024448 c:\windows\$NtUninstallKB2393802$\ntkrpamp.exe
+ 2011-02-10 09:58 . 2010-04-27 13:14 2024448 c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
+ 2011-02-10 09:58 . 2010-04-27 13:54 2146304 c:\windows\$NtUninstallKB2393802$\ntkrnlmp.exe
+ 2011-03-15 21:19 . 2009-07-27 22:13 8462848 c:\windows\$hf_mig$\KB971029\SP3QFE\shell32.dll
+ 2011-02-09 20:23 . 2010-12-20 23:58 1211904 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\urlmon.dll
+ 2011-02-09 20:23 . 2010-12-20 23:58 5962240 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
+ 2011-02-09 20:23 . 2010-12-20 23:58 1992192 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iertutil.dll
+ 2010-12-15 16:59 . 2010-11-06 00:27 1211904 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\urlmon.dll
+ 2010-12-15 16:59 . 2010-11-06 00:27 5960704 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
+ 2010-12-15 16:59 . 2010-11-06 00:27 1992192 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iertutil.dll
+ 2009-10-30 17:25 . 2011-04-16 08:54 39828936 c:\windows\system32\MRT.exe
+ 2007-08-13 23:54 . 2011-02-22 23:06 11080704 c:\windows\system32\ieframe.dll
+ 2010-10-09 03:07 . 2010-10-09 03:07 11559424 c:\windows\Installer\4a71d.msp
+ 2010-12-21 18:06 . 2010-12-21 18:06 11570688 c:\windows\Installer\35ee63c.msp
+ 2011-04-21 09:05 . 2011-04-21 09:05 20314624 c:\windows\Installer\1f764.msp
+ 2011-03-03 05:58 . 2011-03-03 05:58 20308992 c:\windows\Installer\1f6593c.msp
+ 2011-02-12 00:47 . 2011-02-12 00:47 12028928 c:\windows\Installer\1da73.msp
+ 2011-02-24 19:15 . 2011-02-24 19:15 11551232 c:\windows\Installer\1da12.msp
+ 2011-01-31 10:45 . 2011-01-31 10:45 11135488 c:\windows\Installer\188e2.msp
+ 2010-09-23 07:03 . 2010-09-23 07:03 20460984 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.dll
+ 2011-04-16 09:01 . 2010-12-21 10:29 11080704 c:\windows\ie8updates\KB2497640-IE8\ieframe.dll
+ 2011-02-10 09:59 . 2010-11-06 00:26 11080704 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
+ 2010-12-16 16:53 . 2010-09-10 05:58 11080192 c:\windows\ie8updates\KB2416400-IE8\ieframe.dll
+ 2011-04-16 09:03 . 2011-04-16 09:03 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
+ 2011-04-16 09:15 . 2011-04-16 09:15 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d7b7ee04166212533ae21eaeb584fb0d\System.Web.ni.dll
+ 2011-04-16 09:14 . 2011-04-16 09:14 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b5f24d96334ea08b99350421450d3ba4\System.ServiceModel.ni.dll
+ 2011-04-16 09:03 . 2011-04-16 09:03 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\5aeadb9ff9a86f49130de5976a9f1744\System.Design.ni.dll
+ 2011-04-16 09:02 . 2011-04-16 09:02 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a5d89d569e2e12842daf4d87c57361a\PresentationFramework.ni.dll
+ 2011-04-16 09:01 . 2011-04-16 09:01 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\46c57d845e55232a89e98101075cd455\PresentationCore.ni.dll
+ 2011-04-16 09:01 . 2011-04-16 09:01 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
+ 2011-02-09 20:23 . 2010-12-20 23:58 11082752 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieframe.dll
+ 2010-11-06 10:57 . 2010-11-06 10:57 11082752 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-16 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-16 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-16 16384512]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Alopabusaxupeto"="c:\windows\opicecis.dll" [N/A]
"Windows Media Player ACM"="c:\documents and settings\Owner\Application Data\Microsoft\Windows Media\12.0\wmpacm .exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Windows Media Player ACM.lnk - c:\documents and settings\Owner\Application Data\Microsoft\Windows Media\12.0\wmpacm .exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2009-8-7 110647]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
WinTV Recording Status..lnk - c:\program files\WinTV\WinTV7\WinTVTray.exe [2009-8-7 98304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1033:TCP"= 1033:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R2 HauppaugeTVServer;HauppaugeTVServer;c:\program files\WinTV\TVServer\HauppaugeTVServer.exe [8/7/2009 5:20 PM 434176]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [3/19/2010 2:00 PM 10384]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [11/17/2009 1:37 PM 3032360]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [8/7/2009 5:16 PM 1442816]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\HCW85cir.sys [8/7/2009 5:16 PM 28160]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/16/2010 6:37 PM 135664]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [8/8/2009 1:33 PM 39048]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [11/17/2009 1:37 PM 15144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-08-22 18:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 22:37]
.
2011-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 22:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=2
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\bjiixbhc.default\
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://myclearsearch.com/?prt=Guppymcs02ff&Keywords=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Oberon Game Host: OberonGameHost@OberonGames.com - %profile%\extensions\OberonGameHost@OberonGames.com
FF - Ext: Oberon Game Host: OberonGameHost@OberonGames.com - %profile%\extensions\OberonGameHost@OberonGames.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: keyword.URL - hxxp://myclearsearch.com/?prt=Guppymcs02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-23 10:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Windows Media Player ACM = c:\documents and settings\Owner\Application Data\Microsoft\Windows Media\12.0\wmpacm .exe??????????5'??-'??????('?h?'??????????('? ??|?3?|????$????????????????X??????????J!@??????????"@??????????????"@??????:@?l#??????YK@???????@? -'???'????&0????K@?????"??
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3320613AS rev.CC2F -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-6
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AA2B33B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(492)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(552)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3476)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\WinTV\TVServer\CaptureGenPCI.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-04-23 10:49:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-23 14:49
ComboFix2.txt 2010-10-15 00:03
ComboFix3.txt 2010-10-14 18:34
ComboFix4.txt 2010-10-13 00:55
ComboFix5.txt 2011-04-23 14:29
.
Pre-Run: 248,873,693,184 bytes free
Post-Run: 250,073,243,648 bytes free
.
- - End Of File - - 5433CD57AF9A00FCDA58696E635215D7

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,319 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:35 AM

Posted 23 April 2011 - 10:16 AM

Attach.txt is already posted, no need to repost it. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,319 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:35 AM

Posted 23 April 2011 - 10:18 AM

Please see also my previous post.

Do you have an XP CD we can use to copy some files from?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 mboden

mboden
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 23 April 2011 - 10:22 AM

Attach.txt is already posted, no need to repost it. :)


I thought I posted it, but I couldn't see it when I went back to my post. Plus, it wasn't zipped as requested. I did get it zipped, but...

Edited by mboden, 23 April 2011 - 11:07 AM.


#15 mboden

mboden
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 23 April 2011 - 10:29 AM

Please see also my previous post.

Do you have an XP CD we can use to copy some files from?

I do have a disc.

Edited by mboden, 23 April 2011 - 11:05 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users