Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD issues not settled


  • This topic is locked This topic is locked
11 replies to this topic

#1 GKing

GKing

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:09:23 PM

Posted 29 June 2011 - 02:46 PM

About six weeks ago I brought the following issue to the attention of a Mod in the Hardware/xp area of BC:
[I have gotten two BSofD which I have not recieved for a couple of years. This happens when I have two or more windows open. I have XP SP3. Frist BSoD info was nv4_disp.dll also keyboard error was in BIOs-POST. Ran Combofix right after first erro-1 hidden file. Second erro-I inadvertenly shut down the computer before writing down the info for that- but it seemed like the error specifics were different. I also have some exclaimation marks when viewing device hardware in hidden mode-non plug & Play drop down. Thanks for any help for this.

This post has been edited by hamluis: 11 June 2011 - 08:35 AM
Reason for edit: Moved from Internal Hardware to Am I Infected.]

Update: two weeks ago mOle has returned my request to help-I had to travel these last few weeks so I wasn't able to up and correspond right away.

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:23 AM

Posted 29 June 2011 - 04:27 PM

Hi again,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Okay, let's start with a rootkit check

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#3 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:09:23 PM

Posted 30 June 2011 - 12:58 AM

Ok mOle here's the scan results:

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-30 22:46:33
-----------------------------
22:46:33.484 OS Version: Windows 5.1.2600 Service Pack 3
22:46:33.484 Number of processors: 1 586 0x209
22:46:33.484 ComputerName: HOME-001FAB13A0 UserName: Owner
22:46:35.968 Initialize success
22:49:13.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
22:49:13.125 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 88350MB BusType: 3
22:49:13.125 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
22:49:13.125 Disk 1 Vendor: ST380011A 3.16 Size: 76293MB BusType: 3
22:49:13.140 Disk 0 MBR read successfully
22:49:13.156 Disk 0 MBR scan
22:49:13.156 Disk 0 Windows XP default MBR code
22:49:13.171 Disk 0 scanning sectors +180924030
22:49:13.234 Disk 0 scanning C:\WINDOWS\system32\drivers
22:49:25.000 Service scanning
22:49:29.296 Disk 0 trace - called modules:
22:49:29.312 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
22:49:29.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acb8ab8]
22:49:29.312 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8ac88d98]
22:49:29.812 Scan finished successfully
22:49:56.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
22:49:56.343 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-30 22:46:33
-----------------------------
22:46:33.484 OS Version: Windows 5.1.2600 Service Pack 3
22:46:33.484 Number of processors: 1 586 0x209
22:46:33.484 ComputerName: HOME-001FAB13A0 UserName: Owner
22:46:35.968 Initialize success
22:49:13.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
22:49:13.125 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 88350MB BusType: 3
22:49:13.125 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
22:49:13.125 Disk 1 Vendor: ST380011A 3.16 Size: 76293MB BusType: 3
22:49:13.140 Disk 0 MBR read successfully
22:49:13.156 Disk 0 MBR scan
22:49:13.156 Disk 0 Windows XP default MBR code
22:49:13.171 Disk 0 scanning sectors +180924030
22:49:13.234 Disk 0 scanning C:\WINDOWS\system32\drivers
22:49:25.000 Service scanning
22:49:29.296 Disk 0 trace - called modules:
22:49:29.312 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
22:49:29.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acb8ab8]
22:49:29.312 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8ac88d98]
22:49:29.812 Scan finished successfully
22:49:56.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
22:49:56.343 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
22:56:22.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
22:56:22.187 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:23 AM

Posted 30 June 2011 - 06:02 PM

Please try and run the following two programs

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And


Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE

#5 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:09:23 PM

Posted 01 July 2011 - 12:23 PM

The two logs requested:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6989

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/1/2011 3:58:57 PM
mbam-log-2011-07-01 (15-58-57).txt

Scan type: Full scan (C:\|)
Objects scanned: 248671
Time elapsed: 1 hour(s), 52 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/30/2011 at 10:30 PM

Application Version : 4.55.1000

Core Rules Database Version : 7164
Trace Rules Database Version: 4976

Scan type : Complete Scan
Total Scan Time : 02:15:52

Memory items scanned : 446
Memory threats detected : 0
Registry items scanned : 6492
Registry threats detected : 0
File items scanned : 55373
File threats detected : 3

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@kontera[1].txt
C:\Documents and Settings\Owner\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.bleepingcomputer[2].txt

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:23 AM

Posted 01 July 2011 - 07:10 PM

Really clean logs.

Please run Combofix so I can see the resultant log

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:09:23 PM

Posted 03 July 2011 - 12:56 PM

Ok mOle, here's the combofix log you requested:


ComboFix 11-07-02.03 - Owner 07/03/2011 9:08.18.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.298.1033.18.2559.1866 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\comfix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\HOME-001FAB13A0.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Parameters
-------\Service_Security
.
.
((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))
.
.
2011-07-03 14:22 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79B483CB-B07A-423C-8B76-8A6BAAEF71E7}\mpengine.dll
2011-07-01 03:00 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-01 02:59 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-01 02:04 . 2009-10-22 20:54 37392 ----a-w- c:\windows\system32\drivers\21662692.sys
2011-07-01 02:04 . 2009-10-10 06:31 315408 ----a-w- c:\windows\system32\drivers\2166269.sys
2011-07-01 02:04 . 2009-09-26 00:59 128016 ----a-w- c:\windows\system32\drivers\21662691.sys
2011-06-15 15:25 . 2011-06-15 15:25 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-06-15 03:23 . 2011-02-16 13:22 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2011-06-15 03:23 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-15 03:23 . 2011-04-29 16:19 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-06-15 03:16 . 2011-05-02 15:31 692736 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2011-06-15 03:15 . 2011-04-30 03:01 758784 -c----w- c:\windows\system32\dllcache\vgx.dll
2011-06-12 15:37 . 2003-01-10 21:13 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys
2011-06-12 03:32 . 2011-06-12 03:32 -------- d-----w- c:\program files\Common Files\Java
2011-06-12 03:32 . 2011-06-12 03:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-07 19:35 . 2011-06-07 19:35 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-06-05 05:35 . 2011-06-19 15:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-12 03:31 . 2010-04-26 07:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-07 15:55 . 2011-03-28 19:48 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-20 16:26 . 2011-05-20 16:26 10920 ----a-w- C:\aolconnfix.exe
2011-05-02 15:31 . 2010-03-14 18:24 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 10:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-12 02:21 . 2011-03-28 02:43 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-05-08_23.28.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 05:51 . 2011-04-19 05:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2011-05-14 03:17 . 2011-05-14 03:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-14 02:45 . 2011-05-14 02:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 08:06 . 2011-05-14 08:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 08:23 . 2011-05-14 08:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-14 01:37 . 2011-05-14 01:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2011-07-03 16:20 . 2011-07-03 16:20 16384 c:\windows\temp\Perflib_Perfdata_14c.dat
+ 2002-03-01 02:40 . 2002-03-01 02:40 48944 c:\windows\system32\qfecheck.exe
- 2004-08-04 10:00 . 2011-04-25 22:19 99222 c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2011-06-15 16:07 99222 c:\windows\system32\perfc009.dat
- 2006-03-04 03:33 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
+ 2006-03-04 03:33 . 2011-04-25 16:11 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 11:31 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 11:31 . 2011-04-25 16:11 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-04 10:00 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 10:00 . 2011-04-25 16:11 25600 c:\windows\system32\jsproxy.dll
+ 2011-06-15 03:22 . 2011-04-25 16:11 12800 c:\windows\system32\dllcache\xpshims.dll
- 2006-03-04 03:33 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2011-06-15 03:22 . 2011-04-25 16:11 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2011-06-15 03:22 . 2011-04-25 16:11 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2011-06-15 03:22 . 2011-04-25 16:11 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-04 10:00 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-04 10:00 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2011-06-15 03:22 . 2011-04-25 16:11 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2011-07-02 01:54 . 2011-07-03 16:19 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-15 02:52 . 2011-05-08 21:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-03-15 02:52 . 2011-07-03 16:19 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-06-01 00:47 . 2011-04-23 01:52 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-06-01 00:47 . 2011-07-02 01:53 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2011-03-28 18:26 . 2011-05-08 21:48 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-06-09 04:04 . 2011-07-03 16:19 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-04-12 18:18 . 2011-04-12 18:18 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2011-06-15 15:33 . 2011-06-15 15:33 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2011-03-26 23:43 . 2011-06-15 15:27 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2011-03-26 23:43 . 2011-04-21 07:21 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-09-21 06:07 . 2010-09-21 06:07 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobeextractfiles.dll
+ 2011-06-15 15:22 . 2011-02-22 23:06 12800 c:\windows\ie8updates\KB2530548-IE8\xpshims.dll
+ 2011-06-15 15:22 . 2011-02-22 23:06 66560 c:\windows\ie8updates\KB2530548-IE8\mshtmled.dll
+ 2011-06-15 15:22 . 2011-02-22 23:06 55296 c:\windows\ie8updates\KB2530548-IE8\msfeedsbs.dll
+ 2011-06-15 15:22 . 2011-02-22 23:06 43520 c:\windows\ie8updates\KB2530548-IE8\licmgr10.dll
+ 2011-06-15 15:22 . 2011-02-22 23:06 25600 c:\windows\ie8updates\KB2530548-IE8\jsproxy.dll
+ 2011-06-15 16:20 . 2011-06-15 16:20 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll
+ 2011-06-15 16:43 . 2011-06-15 16:43 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\61c3b1e170de97a8d418b610bd9b0c77\System.Windows.Presentation.ni.dll
+ 2011-06-15 16:42 . 2011-06-15 16:42 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a4173f12a0fea30f95bc56ab04f64cae\System.Web.DynamicData.Design.ni.dll
+ 2011-06-15 16:27 . 2011-06-15 16:27 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ab5802527ce15dbcc25e301dbbb4d666\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-06-15 16:27 . 2011-06-15 16:27 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\177a17af98d803ab79006d6785706462\System.AddIn.Contract.ni.dll
+ 2011-06-15 16:14 . 2011-06-15 16:14 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e9bb32c656a2f80b629f129d738c392b\PresentationFontCache.ni.exe
+ 2011-06-15 16:13 . 2011-06-15 16:13 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\d54d318ae1eb0667badea576d0534f9d\PresentationCFFRasterizer.ni.dll
+ 2011-06-15 16:30 . 2011-06-15 16:30 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\87fe1d01b568b3bc9c750b7cf7802516\Microsoft.Vsa.ni.dll
+ 2011-06-15 16:27 . 2011-06-15 16:27 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f5057c30d89ad8d99e38c946a68def9e\Microsoft.Build.Framework.ni.dll
+ 2011-06-15 16:26 . 2011-06-15 16:26 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll
+ 2011-06-15 16:26 . 2011-06-15 16:26 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c40d3caad8bff3c52db7e7562286406a\dfsvc.ni.exe
+ 2011-06-15 16:24 . 2011-06-15 16:24 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-06-15 16:06 . 2011-06-15 16:06 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-06-15 16:06 . 2011-06-15 16:06 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-06-15 16:06 . 2011-06-15 16:06 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-06-15 16:06 . 2011-06-15 16:06 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-04-12 18:23 . 2011-04-12 18:23 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2011-05-14 08:17 . 2011-05-14 08:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 08:12 . 2011-05-14 08:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 08:11 . 2011-05-14 08:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
+ 2004-08-04 10:00 . 2011-06-15 16:07 562374 c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2011-04-25 22:19 562374 c:\windows\system32\perfh009.dat
+ 2004-08-04 10:00 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
- 2004-08-04 10:00 . 2008-04-14 00:12 551936 c:\windows\system32\oleaut32.dll
+ 2004-08-04 10:00 . 2011-04-25 16:11 206848 c:\windows\system32\occache.dll
- 2004-08-04 10:00 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll
+ 2006-03-04 03:33 . 2011-04-25 16:11 611840 c:\windows\system32\mstime.dll
- 2006-03-04 03:33 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 11:32 . 2011-04-25 16:11 602112 c:\windows\system32\msfeeds.dll
- 2009-03-08 11:32 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll
- 2009-07-23 07:58 . 2009-07-23 07:58 145688 c:\windows\system32\MicrosoftUpdateCatalogWebControl.dll
+ 2009-07-23 07:58 . 2011-02-08 19:52 145688 c:\windows\system32\MicrosoftUpdateCatalogWebControl.dll
+ 2011-06-19 15:40 . 2011-06-19 15:40 240288 c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
+ 2011-06-19 15:40 . 2011-06-19 15:40 321184 c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.dll
+ 2011-06-12 03:32 . 2011-06-12 03:31 157472 c:\windows\system32\javaws.exe
- 2011-03-01 22:54 . 2011-02-03 05:40 157472 c:\windows\system32\javaws.exe
- 2011-03-01 22:54 . 2011-02-03 05:40 145184 c:\windows\system32\javaw.exe
+ 2011-06-12 03:32 . 2011-06-12 03:31 145184 c:\windows\system32\javaw.exe
- 2011-03-01 22:54 . 2011-02-03 05:40 145184 c:\windows\system32\java.exe
+ 2011-06-12 03:32 . 2011-06-12 03:31 145184 c:\windows\system32\java.exe
+ 2006-03-04 03:33 . 2011-04-25 16:11 184320 c:\windows\system32\iepeers.dll
- 2006-03-04 03:33 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 10:00 . 2011-04-25 16:11 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 10:00 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 10:00 . 2011-04-25 12:01 173568 c:\windows\system32\ie4uinit.exe
- 2004-08-04 10:00 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 10:00 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys
- 2004-08-04 10:00 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
+ 2011-06-15 03:22 . 2011-04-25 16:11 916480 c:\windows\system32\dllcache\wininet.dll
- 2006-03-04 03:33 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll
+ 2011-04-29 17:25 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
+ 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
- 2004-08-04 10:00 . 2008-04-14 00:12 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2011-06-15 03:22 . 2011-04-25 16:11 206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 10:00 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
+ 2011-06-15 03:22 . 2011-04-25 16:11 611840 c:\windows\system32\dllcache\mstime.dll
- 2006-03-04 03:33 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
+ 2011-06-15 03:22 . 2011-04-25 16:11 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2011-06-15 03:22 . 2011-04-25 16:11 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2011-06-15 03:22 . 2011-04-25 16:11 184320 c:\windows\system32\dllcache\iepeers.dll
- 2006-03-04 03:33 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2011-06-15 03:22 . 2011-04-25 16:11 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2004-08-04 10:00 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2011-06-15 03:22 . 2011-04-25 16:11 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-04 10:00 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-06-15 03:22 . 2011-04-25 12:01 173568 c:\windows\system32\dllcache\ie4uinit.exe
- 2010-03-16 20:17 . 2010-11-25 15:29 290816 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2010-03-16 20:17 . 2011-05-25 06:51 290816 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2011-03-25 13:15 . 2011-03-25 13:15 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 11:39 . 2011-01-18 11:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2011-01-18 11:39 . 2011-01-18 11:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-03-25 13:15 . 2011-03-25 13:15 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-03-25 13:15 . 2011-03-25 13:15 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2011-01-18 11:39 . 2011-01-18 11:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-06-15 15:33 . 2011-06-15 15:33 223744 c:\windows\Installer\f7cd69b.msi
+ 2011-06-15 15:05 . 2011-06-15 15:05 467456 c:\windows\Installer\f7cd684.msi
+ 2011-06-21 08:09 . 2011-06-21 08:09 620032 c:\windows\Installer\818f3e8.msi
+ 2011-06-12 03:32 . 2011-06-12 03:32 203776 c:\windows\Installer\299762e.msi
+ 2011-06-12 03:31 . 2011-06-12 03:31 677376 c:\windows\Installer\2997620.msi
+ 2010-09-21 06:07 . 2010-09-21 06:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\readerupdater.exe
+ 2010-09-21 06:07 . 2010-09-21 06:07 932288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobearm.exe
+ 2010-09-21 06:07 . 2010-09-21 06:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobatupdater.exe
+ 2011-06-15 15:01 . 2009-03-08 11:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2011-06-15 15:01 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2011-06-15 15:01 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2011-06-15 15:22 . 2011-02-22 23:06 916480 c:\windows\ie8updates\KB2530548-IE8\wininet.dll
+ 2011-06-15 15:22 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2530548-IE8\spuninst\updspapi.dll
+ 2011-06-15 15:22 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2530548-IE8\spuninst\spuninst.exe
+ 2011-06-15 15:22 . 2011-02-22 23:06 206848 c:\windows\ie8updates\KB2530548-IE8\occache.dll
+ 2011-06-15 15:22 . 2011-02-22 23:06 611840 c:\windows\ie8updates\KB2530548-IE8\mstime.dll
+ 2011-06-15 15:22 . 2011-02-22 23:06 602112 c:\windows\ie8updates\KB2530548-IE8\msfeeds.dll
+ 2011-06-15 15:22 . 2011-02-22 23:06 247808 c:\windows\ie8updates\KB2530548-IE8\ieproxy.dll
+ 2011-06-15 15:22 . 2011-02-22 23:06 184320 c:\windows\ie8updates\KB2530548-IE8\iepeers.dll
+ 2011-06-15 15:22 . 2011-02-22 23:06 743424 c:\windows\ie8updates\KB2530548-IE8\iedvtool.dll
+ 2011-06-15 15:22 . 2011-02-22 23:06 387584 c:\windows\ie8updates\KB2530548-IE8\iedkcs32.dll
+ 2011-06-15 15:22 . 2011-02-18 11:49 173568 c:\windows\ie8updates\KB2530548-IE8\ie4uinit.exe
+ 2010-03-14 21:40 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-06-15 16:26 . 2011-06-15 16:26 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\8ba27eaa0f7d987f92319c64aefd2e98\WsatConfig.ni.exe
+ 2011-06-15 16:20 . 2011-06-15 16:20 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\431d5dc1cfcc0c0530e813f370931670\WindowsFormsIntegration.ni.dll
+ 2011-06-15 16:20 . 2011-06-15 16:20 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\3740d6db28af31a6523a79fcdd71fbeb\UIAutomationTypes.ni.dll
+ 2011-06-15 16:20 . 2011-06-15 16:20 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\00dfe5563886a1f69c96b3acb839107b\UIAutomationClient.ni.dll
+ 2011-06-15 16:44 . 2011-06-15 16:44 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\80187a9cfed4fd0ec82746495be76764\System.Xml.Linq.ni.dll
+ 2011-06-15 16:42 . 2011-06-15 16:42 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\58c421c537b1c3f3878458ad306b2a42\System.Web.Routing.ni.dll
+ 2011-06-15 16:43 . 2011-06-15 16:43 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\dc26fff00ce95d24fd190f38904bb2b3\System.Web.RegularExpressions.ni.dll
+ 2011-06-15 16:43 . 2011-06-15 16:43 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4e3dd4d7f9aeda74a2fcefee036e5070\System.Web.Extensions.Design.ni.dll
+ 2011-06-15 16:42 . 2011-06-15 16:42 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\4fb1c0c07f40248b463f2e33444b9477\System.Web.Entity.ni.dll
+ 2011-06-15 16:42 . 2011-06-15 16:42 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\4dfcffc6e6d02bdcdc185d5527a8097e\System.Web.Entity.Design.ni.dll
+ 2011-06-15 16:42 . 2011-06-15 16:42 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b921d1cffcd5e80ea14c51db967edd6\System.Web.DynamicData.ni.dll
+ 2011-06-15 16:42 . 2011-06-15 16:42 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\702b506e56d3a7051aea7822cd915c7f\System.Web.Abstractions.ni.dll
+ 2011-06-15 16:30 . 2011-06-15 16:30 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll
+ 2011-06-15 16:30 . 2011-06-15 16:30 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
+ 2011-06-15 16:26 . 2011-06-15 16:26 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\e4bcb14e8e53c8dcaff3d2c20daf746e\System.Security.ni.dll
+ 2011-06-15 16:30 . 2011-06-15 16:30 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\503ccbb50e9c06c2f0b02ad8c3f2d100\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-06-15 16:30 . 2011-06-15 16:30 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\ac53723e41898bc0e8a591c2e4f6f39b\System.Net.ni.dll
+ 2011-06-15 16:30 . 2011-06-15 16:30 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll
+ 2011-06-15 16:30 . 2011-06-15 16:30 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\4a3a674008d8102c1aa5b3fc18251ef7\System.Management.Instrumentation.ni.dll
+ 2011-06-15 16:24 . 2011-06-15 16:24 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7f5f5bfd5f8d6587c96870751a6eb44d\System.IO.Log.ni.dll
+ 2011-06-15 16:24 . 2011-06-15 16:24 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\de1bf796614ca11afd9fab95edb1b4e2\System.IdentityModel.Selectors.ni.dll
+ 2011-06-15 16:30 . 2011-06-15 16:30 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.Wrapper.dll
+ 2011-06-15 16:30 . 2011-06-15 16:30 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94aae9e592c0f104120572f9925fca12\System.EnterpriseServices.ni.dll
+ 2011-06-15 16:18 . 2011-06-15 16:18 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\1af8683e05c42eb32f46578fe5a8f83f\System.Drawing.Design.ni.dll
+ 2011-06-15 16:30 . 2011-06-15 16:30 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\791a6643b70542b148d977ff42f2f2ef\System.DirectoryServices.Protocols.ni.dll
+ 2011-06-15 16:29 . 2011-06-15 16:29 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\31759ad8be21735f0a369c37514c2efc\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-06-15 16:29 . 2011-06-15 16:29 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\df507a4500e73fa4cfc13f65a1c9055e\System.Data.Services.Client.ni.dll
+ 2011-06-15 16:29 . 2011-06-15 16:29 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d1778fffc09d783bc90512b65d35be66\System.Data.Services.Design.ni.dll
+ 2011-06-15 16:29 . 2011-06-15 16:29 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\5a47a8bf16370c93b3c6a471e48cc67a\System.Data.Entity.Design.ni.dll
+ 2011-06-15 16:27 . 2011-06-15 16:27 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\50492d147392c238edc5a614beccb91b\System.Data.DataSetExtensions.ni.dll
+ 2011-06-15 16:26 . 2011-06-15 16:26 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll
+ 2011-06-15 16:30 . 2011-06-15 16:30 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\fa21b6c9badcf916bb254b4b823c2463\System.Configuration.Install.ni.dll
+ 2011-06-15 16:27 . 2011-06-15 16:27 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\77015cc1e6d9e7d20e63903777afd6df\System.AddIn.ni.dll
+ 2011-06-15 16:26 . 2011-06-15 16:26 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6ca41c7917119c3a9de0bcdca525001d\SMSvcHost.ni.exe
+ 2011-06-15 16:26 . 2011-06-15 16:26 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8ff6d395f8861384bc9bfbe34cafb64e\SMDiagnostics.ni.dll
+ 2011-06-15 16:26 . 2011-06-15 16:26 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\67dc00c24e551003f6dacb73fe9cf881\ServiceModelReg.ni.exe
+ 2011-06-15 16:15 . 2011-06-15 16:15 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e468e9265c844f74577530e4df71f120\PresentationFramework.Aero.ni.dll
+ 2011-06-15 16:15 . 2011-06-15 16:15 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\959709491c71caef88fb41b0eb159714\PresentationFramework.Classic.ni.dll
+ 2011-06-15 16:15 . 2011-06-15 16:15 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\807b62468c2893ee943dffff63a34d8d\PresentationFramework.Royale.ni.dll
+ 2011-06-15 16:15 . 2011-06-15 16:15 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6cf82f370413a2cd1e6bc54060334753\PresentationFramework.Luna.ni.dll
+ 2011-06-15 16:26 . 2011-06-15 16:26 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\0add35a0fbe0c381c998b651c5979902\MSBuild.ni.exe
+ 2011-06-15 16:26 . 2011-06-15 16:26 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\667dc256d9eb3577f2514c89c5974aff\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-06-15 16:27 . 2011-06-15 16:27 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d5561a4ad04c22f0eb5acf4736c7936e\Microsoft.Build.Utilities.ni.dll
+ 2011-06-15 16:27 . 2011-06-15 16:27 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1a0623063225521aa43044314cc5e721\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-06-15 16:27 . 2011-06-15 16:27 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\530f98922474a31636c34fa3db9a63ba\Microsoft.Build.Engine.ni.dll
+ 2011-06-15 16:26 . 2011-06-15 16:26 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\7e75fca3ca1f36df8ac624190d9cd283\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-06-15 16:26 . 2011-06-15 16:26 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\80bd17388778c90f301746ad88700758\CustomMarshalers.ni.dll
+ 2011-06-15 16:26 . 2011-06-15 16:26 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\c0f5f3c318a92212bbe3b413eeb2b374\ComSvcConfig.ni.exe
+ 2011-06-15 16:24 . 2011-06-15 16:24 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\0524928cbd0a686db3960ef688d0d37e\AspNetMMCExt.ni.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-06-15 16:06 . 2011-06-15 16:06 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-06-15 16:06 . 2011-06-15 16:06 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-06-15 16:06 . 2011-06-15 16:06 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-06-15 16:06 . 2011-06-15 16:06 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-06-15 16:06 . 2011-06-15 16:06 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-06-15 16:06 . 2011-06-15 16:06 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-06-15 16:06 . 2011-06-15 16:06 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-06-15 16:06 . 2011-06-15 16:06 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-06-15 16:06 . 2011-06-15 16:06 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 05:51 . 2011-04-19 05:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2011-05-14 03:04 . 2011-05-14 03:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 03:04 . 2011-05-14 03:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2006-03-18 11:09 . 2011-04-25 16:11 1211904 c:\windows\system32\urlmon.dll
+ 2006-03-23 17:32 . 2011-05-30 22:19 5964800 c:\windows\system32\mshtml.dll
+ 2009-03-08 11:32 . 2011-04-25 16:11 1991680 c:\windows\system32\iertutil.dll
- 2009-03-08 11:32 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll
+ 2011-06-15 03:22 . 2011-04-25 16:11 1211904 c:\windows\system32\dllcache\urlmon.dll
+ 2011-06-15 03:22 . 2011-05-30 22:19 5964800 c:\windows\system32\dllcache\mshtml.dll
+ 2011-06-15 03:22 . 2011-04-25 16:11 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-03-25 13:15 . 2011-03-25 13:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2008-07-25 18:17 . 2008-07-25 18:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-01-18 11:39 . 2011-01-18 11:39 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2010-03-23 12:32 . 2010-03-23 12:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-03-25 13:15 . 2011-03-25 13:15 5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-01-18 11:39 . 2011-01-18 11:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-03-25 13:15 . 2011-03-25 13:15 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-04-29 19:28 . 2011-04-29 19:28 1995264 c:\windows\Installer\f7cd6a2.msp
+ 2011-01-19 06:36 . 2011-01-19 06:36 2687488 c:\windows\Installer\f7cd68a.msp
+ 2011-04-29 19:30 . 2011-04-29 19:30 1197056 c:\windows\Installer\44c4507.msp
+ 2011-06-15 15:22 . 2011-02-22 23:06 1210880 c:\windows\ie8updates\KB2530548-IE8\urlmon.dll
+ 2011-06-15 15:22 . 2011-02-22 23:06 5962240 c:\windows\ie8updates\KB2530548-IE8\mshtml.dll
+ 2011-06-15 15:22 . 2011-02-22 23:06 1991680 c:\windows\ie8updates\KB2530548-IE8\iertutil.dll
+ 2011-06-15 16:13 . 2011-06-15 16:13 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\11526c1635b97a7d49e25e72ed6e9662\WindowsBase.ni.dll
+ 2011-06-15 16:20 . 2011-06-15 16:20 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\901c3796073853746fecd8979c679494\UIAutomationClientsideProviders.ni.dll
+ 2011-06-15 16:12 . 2011-06-15 16:13 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
+ 2011-06-15 16:19 . 2011-06-15 16:19 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll
+ 2011-06-15 16:43 . 2011-06-15 16:43 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\2877dda3e0f0faeba527b4bf1efe9cb5\System.WorkflowServices.ni.dll
+ 2011-06-15 16:43 . 2011-06-15 16:43 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d7cb3697989fe6fa3a08d2821d38aa5e\System.Workflow.Runtime.ni.dll
+ 2011-06-15 16:43 . 2011-06-15 16:43 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\4ac04107c35485d415f9e1bebfd155dd\System.Workflow.ComponentModel.ni.dll
+ 2011-06-15 16:43 . 2011-06-15 16:43 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\2169feb8bd57d96e621fa26d9391d463\System.Workflow.Activities.ni.dll
+ 2011-06-15 16:43 . 2011-06-15 16:43 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f31f1579160d87470cba918f06276e0d\System.Web.Services.ni.dll
+ 2011-06-15 16:43 . 2011-06-15 16:43 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\bdad1c0f4eb846543b234353fd2b926f\System.Web.Mobile.ni.dll
+ 2011-06-15 16:42 . 2011-06-15 16:42 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\647bfe6da40e8160b967c41424901dc8\System.Web.Extensions.ni.dll
+ 2011-06-15 16:19 . 2011-06-15 16:19 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2047e63293e067b351b8f0e038253f33\System.Speech.ni.dll
+ 2011-06-15 16:30 . 2011-06-15 16:30 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ead07662976fb7094811461c568643d5\System.ServiceModel.Web.ni.dll
+ 2011-06-15 16:24 . 2011-06-15 16:24 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c889a45c82004537f1620dd3b211af66\System.Runtime.Serialization.ni.dll
+ 2011-06-15 16:19 . 2011-06-15 16:19 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\c64aa916251a45206a805ab6488b9255\System.Printing.ni.dll
+ 2011-06-15 16:24 . 2011-06-15 16:24 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a8039af85f459c19c041313f9fe0d7e8\System.IdentityModel.ni.dll
+ 2011-06-15 16:18 . 2011-06-15 16:18 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a59b17e6040e3f6286a2227dfdb17096\System.Drawing.ni.dll
+ 2011-06-15 16:29 . 2011-06-15 16:29 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\55211bc8f4fcff47c05bfc3020d97148\System.DirectoryServices.ni.dll
+ 2011-06-15 16:29 . 2011-06-15 16:29 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f9ff2fb342cd5102e2d95883b3433a5d\System.Deployment.ni.dll
+ 2011-06-15 16:16 . 2011-06-15 16:16 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll
+ 2011-06-15 16:26 . 2011-06-15 16:26 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef31ab37b0d7c3c1a6d72646966c8911\System.Data.SqlXml.ni.dll
+ 2011-06-15 16:29 . 2011-06-15 16:29 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f945e9c32c775bb604ab83d8933f1b2c\System.Data.Services.ni.dll
+ 2011-06-15 16:17 . 2011-06-15 16:17 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\283e9bf48e17bdb34acdc93bd5721be0\System.Data.Linq.ni.dll
+ 2011-06-15 16:29 . 2011-06-15 16:29 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\368c85cccea8a1206be5c849fd6614e3\System.Data.Entity.ni.dll
+ 2011-06-15 16:15 . 2011-06-15 16:15 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\bd2e04dfab2993479ae17ea3fa4f6222\System.Core.ni.dll
+ 2011-06-15 16:15 . 2011-06-15 16:15 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4f82a0a1b4405ef61dfa088d11161e35\ReachFramework.ni.dll
+ 2011-06-15 16:15 . 2011-06-15 16:15 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\148505f5b0307230de5d355f10d30a20\PresentationUI.ni.dll
+ 2011-06-15 16:13 . 2011-06-15 16:13 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\1fab86af683c04bdb0aaf65ce7fcd9e5\PresentationBuildTasks.ni.dll
+ 2011-06-15 16:27 . 2011-06-15 16:27 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7292ca9d793cb71cf3d41ae663e7139b\Microsoft.VisualBasic.ni.dll
+ 2011-06-15 16:26 . 2011-06-15 16:26 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\abaf7a180354ed5ec099fb69339b538a\Microsoft.Transactions.Bridge.ni.dll
+ 2011-06-15 16:30 . 2011-06-15 16:30 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b41db9f2897f538203911026bb0abd5d\Microsoft.JScript.ni.dll
+ 2011-06-15 16:27 . 2011-06-15 16:27 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a91940f9033c7910f3f64c061571cec9\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-06-15 16:27 . 2011-06-15 16:27 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\5195a94327ccef45d202776e932e847b\Microsoft.Build.Tasks.ni.dll
+ 2011-06-15 16:26 . 2011-06-15 16:26 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3efbca53acdd34586bd7f6f87e71ed62\Microsoft.Build.Engine.ni.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-06-15 16:06 . 2011-06-15 16:06 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-06-15 16:05 . 2011-06-15 16:05 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-04-12 18:23 . 2011-04-12 18:23 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-04-12 18:24 . 2011-04-12 18:24 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-06-15 16:06 . 2011-06-15 16:06 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-09-30 20:39 . 2011-04-12 18:24 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-06-15 16:06 . 2011-06-15 16:06 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-03-15 01:43 . 2011-06-04 00:56 47716296 c:\windows\system32\MRT.exe
+ 2009-03-08 11:39 . 2011-04-26 17:11 11081728 c:\windows\system32\ieframe.dll
+ 2011-04-26 17:11 . 2011-04-26 17:11 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-03-28 10:27 . 2011-03-28 10:27 15456256 c:\windows\Installer\fabc661.msp
+ 2011-06-15 15:24 . 2011-06-15 15:24 20333056 c:\windows\Installer\f7cd695.msp
+ 2011-06-08 04:39 . 2011-06-08 04:39 19798016 c:\windows\Installer\5fbc5.msp
+ 2011-06-15 15:22 . 2011-02-22 23:06 11080704 c:\windows\ie8updates\KB2530548-IE8\ieframe.dll
+ 2011-06-15 16:19 . 2011-06-15 16:19 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\29d16d2f164fe2263539789ecd0d9d4f\System.Windows.Forms.ni.dll
+ 2011-06-15 16:42 . 2011-06-15 16:42 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1fb5d8788c9a9a7f44e2d0fa19c62729\System.Web.ni.dll
+ 2011-06-15 16:25 . 2011-06-15 16:25 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\23abc8e4b535b9cd9c5560266c655ac2\System.ServiceModel.ni.dll
+ 2011-06-15 16:18 . 2011-06-15 16:18 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\ee914f59ad8211e0b6734dccffd9986e\System.Design.ni.dll
+ 2011-06-15 16:15 . 2011-06-15 16:15 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\999df2b262da53356dda514512bb7bb8\PresentationFramework.ni.dll
+ 2011-06-15 16:14 . 2011-06-15 16:14 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\caafa254739e326b0cf55eed815b4333\PresentationCore.ni.dll
+ 2011-06-15 16:10 . 2011-06-15 16:11 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2009-10-28 50536]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-01 2424192]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1268628771\ee\AOLSoftware.exe" [2010-02-10 41800]
"readericon10"="c:\program files\Multimedia Card Reader\readericon10.exe" [2007-05-03 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"nwiz"="nwiz.exe" [BU]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"Logitech Utility"="Logi_MwX.Exe" [2003-05-16 19968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
setup_9.0.0.722_30.06.2011_03-14[1].lnk - c:\documents and settings\Owner\Desktop\Virus Removal Tool\setup_9.0.0.722_30.06.2011_03-14[1]\startup.exe [2011-6-30 72208]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1268628771\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\SpywareBlaster\\spywareblaster.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\NirSoft\\WinUpdatesList\\wul.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Creative\\SBLive\\Program\\Restore.exe"=
"c:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe"=
"c:\\Program Files\\Creative\\SBLive\\Creative Mixer\\CTMix3.exe"=
"c:\\Program Files\\Common Files\\aol\\uninstaller.exe"=
"c:\\Program Files\\Creative\\SBLive\\PlayCenter2\\CTPlay2.exe"=
"c:\\Program Files\\Microsoft Picture It! 7\\Pip.exe"=
"c:\\Program Files\\ASTRA32\\astra32.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\DELL\\Utilities\\Driver Reset Tool\\Driver Reset.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundDestinationUnreachable"= 0 (0x0)
.
R0 21662692;21662692 Boot Guard Driver;c:\windows\system32\drivers\21662692.sys [6/30/2011 7:04 PM 37392]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/1/2010 9:24 PM 28552]
R1 21662691;21662691;c:\windows\system32\drivers\21662691.sys [6/30/2011 7:04 PM 128016]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\ASTRA32\astra32.sys [2/22/2007 12:28 PM 30864]
R2 inpout32;inpout32;c:\windows\system32\drivers\inpout32.sys [11/26/2010 9:41 AM 11936]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [3/25/2010 10:18 AM 14976]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [1/10/2011 7:24 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [1/10/2011 7:24 AM 399416]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [3/1/2011 3:22 PM 15544]
S1 MpKsl13a36811;MpKsl13a36811;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8AFEC573-5343-466B-AD58-DDF32D588B4E}\MpKsl13a36811.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8AFEC573-5343-466B-AD58-DDF32D588B4E}\MpKsl13a36811.sys [?]
S1 MpKsl15b8ae6c;MpKsl15b8ae6c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83C9A332-353B-46CC-8692-6FF4F2F3CCB7}\MpKsl15b8ae6c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83C9A332-353B-46CC-8692-6FF4F2F3CCB7}\MpKsl15b8ae6c.sys [?]
S1 MpKsl5c9da93a;MpKsl5c9da93a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{52B3D63C-3ABD-4E49-8471-D6DF9141847E}\MpKsl5c9da93a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{52B3D63C-3ABD-4E49-8471-D6DF9141847E}\MpKsl5c9da93a.sys [?]
S1 MpKslb73b9aec;MpKslb73b9aec;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8AFEC573-5343-466B-AD58-DDF32D588B4E}\MpKslb73b9aec.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8AFEC573-5343-466B-AD58-DDF32D588B4E}\MpKslb73b9aec.sys [?]
S1 MpKslbf22f074;MpKslbf22f074;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA83400F-DB9E-4902-9D85-28A1EA88EF86}\MpKslbf22f074.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA83400F-DB9E-4902-9D85-28A1EA88EF86}\MpKslbf22f074.sys [?]
S1 MpKsleb6f795d;MpKsleb6f795d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A190FE1-0210-44AB-BC2C-4CB9B2430236}\MpKsleb6f795d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A190FE1-0210-44AB-BC2C-4CB9B2430236}\MpKsleb6f795d.sys [?]
S1 MpKslf05ed431;MpKslf05ed431;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79B483CB-B07A-423C-8B76-8A6BAAEF71E7}\MpKslf05ed431.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79B483CB-B07A-423C-8B76-8A6BAAEF71E7}\MpKslf05ed431.sys [?]
S3 PORTMON;PORTMON;\??\c:\documents and settings\Owner\My Documents\SysinternalsSuite\PORTMSYS.SYS --> c:\documents and settings\Owner\My Documents\SysinternalsSuite\PORTMSYS.SYS [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [3/7/2011 12:10 AM 12984]
S3 uti0mzm1;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\uti0mzm1.sys --> c:\windows\system32\Drivers\uti0mzm1.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
2011-07-03 c:\windows\Tasks\Free File Viewer Update Checker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-01-01 00:50]
.
2011-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-602162358-725345543-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-13 02:26]
.
2011-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-602162358-725345543-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-13 02:26]
.
2011-07-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 19:26]
.
2011-07-03 c:\windows\Tasks\User_Feed_Synchronization-{43F03C03-87F7-4665-8E07-6DDEE2D37DFF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-03 10:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,41,32,ff,ee,e3,ce,64,47,81,0a,68,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,41,32,ff,ee,e3,ce,64,47,81,0a,68,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,d6,c5,c3,a9,72,9e,47,8b,5d,96,\
.
[HKEY_USERS\S-1-5-21-1659004503-602162358-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2464)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\netdde.exe
c:\program files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\locator.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\program files\AOL 9.5\waol.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\AOL 9.5\shellmon.exe
.
**************************************************************************
.
Completion time: 2011-07-03 10:35:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-03 17:35
.
Pre-Run: 71,879,372,800 bytes free
Post-Run: 71,860,686,848 bytes free
.
- - End Of File - - 47FD9DAA8FE9B3436298A41EB9257E8F

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:23 AM

Posted 03 July 2011 - 06:28 PM

Just a locked preferences registry entry

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Nothing else though.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size.
  • List Minidump Files.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Posted Image
m0le is a proud member of UNITE

#9 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:09:23 PM

Posted 04 July 2011 - 12:15 PM

Thanks mOle and here's the reports:


ComboFix 11-07-03.04 - Owner 07/04/2011 9:26.19.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.298.1033.18.2559.2009 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\comfix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Parameters
-------\Service_Security
.
.
((((((((((((((((((((((((( Files Created from 2011-06-04 to 2011-07-04 )))))))))))))))))))))))))))))))
.
.
2011-07-04 16:22 . 2011-07-04 16:23 -------- d-----w- C:\comfix
2011-07-03 17:44 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5F113A30-BA00-4DEA-AE9C-5AF3DE8CD353}\mpengine.dll
2011-07-01 03:00 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-01 02:59 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-01 02:04 . 2009-10-22 20:54 37392 ----a-w- c:\windows\system32\drivers\21662692.sys
2011-07-01 02:04 . 2009-10-10 06:31 315408 ----a-w- c:\windows\system32\drivers\2166269.sys
2011-07-01 02:04 . 2009-09-26 00:59 128016 ----a-w- c:\windows\system32\drivers\21662691.sys
2011-06-15 15:25 . 2011-06-15 15:25 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-06-15 03:23 . 2011-02-16 13:22 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2011-06-15 03:23 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-15 03:23 . 2011-04-29 16:19 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-06-15 03:16 . 2011-05-02 15:31 692736 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2011-06-15 03:15 . 2011-04-30 03:01 758784 -c----w- c:\windows\system32\dllcache\vgx.dll
2011-06-12 15:37 . 2003-01-10 21:13 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys
2011-06-12 03:32 . 2011-06-12 03:32 -------- d-----w- c:\program files\Common Files\Java
2011-06-12 03:32 . 2011-06-12 03:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-07 19:35 . 2011-06-07 19:35 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-06-05 05:35 . 2011-06-19 15:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-12 03:31 . 2010-04-26 07:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-07 15:55 . 2011-03-28 19:48 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-20 16:26 . 2011-05-20 16:26 10920 ----a-w- C:\aolconnfix.exe
2011-05-02 15:31 . 2010-03-14 18:24 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 10:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-12 02:21 . 2011-03-28 02:43 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-07-03_17.21.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-04 16:39 . 2011-07-04 16:39 16384 c:\windows\temp\Perflib_Perfdata_1d4.dat
- 2011-07-02 01:54 . 2011-07-03 16:19 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-02 01:54 . 2011-07-04 16:38 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-15 02:52 . 2011-07-04 16:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-03-15 02:52 . 2011-07-03 16:19 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-06-09 04:04 . 2011-07-04 16:38 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-06-09 04:04 . 2011-07-03 16:19 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2009-10-28 50536]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-01 2424192]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1268628771\ee\AOLSoftware.exe" [2010-02-10 41800]
"readericon10"="c:\program files\Multimedia Card Reader\readericon10.exe" [2007-05-03 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"nwiz"="nwiz.exe" [BU]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"Logitech Utility"="Logi_MwX.Exe" [2003-05-16 19968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
setup_9.0.0.722_30.06.2011_03-14[1].lnk - c:\documents and settings\Owner\Desktop\Virus Removal Tool\setup_9.0.0.722_30.06.2011_03-14[1]\startup.exe [2011-6-30 72208]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1268628771\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\SpywareBlaster\\spywareblaster.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\NirSoft\\WinUpdatesList\\wul.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Creative\\SBLive\\Program\\Restore.exe"=
"c:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe"=
"c:\\Program Files\\Creative\\SBLive\\Creative Mixer\\CTMix3.exe"=
"c:\\Program Files\\Common Files\\aol\\uninstaller.exe"=
"c:\\Program Files\\Creative\\SBLive\\PlayCenter2\\CTPlay2.exe"=
"c:\\Program Files\\Microsoft Picture It! 7\\Pip.exe"=
"c:\\Program Files\\ASTRA32\\astra32.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\DELL\\Utilities\\Driver Reset Tool\\Driver Reset.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundDestinationUnreachable"= 0 (0x0)
.
R0 21662692;21662692 Boot Guard Driver;c:\windows\system32\drivers\21662692.sys [6/30/2011 7:04 PM 37392]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/1/2010 9:24 PM 28552]
R1 21662691;21662691;c:\windows\system32\drivers\21662691.sys [6/30/2011 7:04 PM 128016]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\ASTRA32\astra32.sys [2/22/2007 12:28 PM 30864]
R2 inpout32;inpout32;c:\windows\system32\drivers\inpout32.sys [11/26/2010 9:41 AM 11936]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [3/25/2010 10:18 AM 14976]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [1/10/2011 7:24 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [1/10/2011 7:24 AM 399416]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [3/1/2011 3:22 PM 15544]
S1 MpKsl13a36811;MpKsl13a36811;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8AFEC573-5343-466B-AD58-DDF32D588B4E}\MpKsl13a36811.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8AFEC573-5343-466B-AD58-DDF32D588B4E}\MpKsl13a36811.sys [?]
S1 MpKsl15b8ae6c;MpKsl15b8ae6c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83C9A332-353B-46CC-8692-6FF4F2F3CCB7}\MpKsl15b8ae6c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83C9A332-353B-46CC-8692-6FF4F2F3CCB7}\MpKsl15b8ae6c.sys [?]
S1 MpKsl5c9da93a;MpKsl5c9da93a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{52B3D63C-3ABD-4E49-8471-D6DF9141847E}\MpKsl5c9da93a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{52B3D63C-3ABD-4E49-8471-D6DF9141847E}\MpKsl5c9da93a.sys [?]
S1 MpKsl838a4bda;MpKsl838a4bda;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5F113A30-BA00-4DEA-AE9C-5AF3DE8CD353}\MpKsl838a4bda.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5F113A30-BA00-4DEA-AE9C-5AF3DE8CD353}\MpKsl838a4bda.sys [?]
S1 MpKslb73b9aec;MpKslb73b9aec;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8AFEC573-5343-466B-AD58-DDF32D588B4E}\MpKslb73b9aec.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8AFEC573-5343-466B-AD58-DDF32D588B4E}\MpKslb73b9aec.sys [?]
S1 MpKslbf22f074;MpKslbf22f074;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA83400F-DB9E-4902-9D85-28A1EA88EF86}\MpKslbf22f074.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA83400F-DB9E-4902-9D85-28A1EA88EF86}\MpKslbf22f074.sys [?]
S1 MpKsldc97e1f2;MpKsldc97e1f2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5F113A30-BA00-4DEA-AE9C-5AF3DE8CD353}\MpKsldc97e1f2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5F113A30-BA00-4DEA-AE9C-5AF3DE8CD353}\MpKsldc97e1f2.sys [?]
S1 MpKsleb6f795d;MpKsleb6f795d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A190FE1-0210-44AB-BC2C-4CB9B2430236}\MpKsleb6f795d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A190FE1-0210-44AB-BC2C-4CB9B2430236}\MpKsleb6f795d.sys [?]
S1 MpKslf05ed431;MpKslf05ed431;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79B483CB-B07A-423C-8B76-8A6BAAEF71E7}\MpKslf05ed431.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79B483CB-B07A-423C-8B76-8A6BAAEF71E7}\MpKslf05ed431.sys [?]
S3 PORTMON;PORTMON;\??\c:\documents and settings\Owner\My Documents\SysinternalsSuite\PORTMSYS.SYS --> c:\documents and settings\Owner\My Documents\SysinternalsSuite\PORTMSYS.SYS [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [3/7/2011 12:10 AM 12984]
S3 uti0mzm1;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\uti0mzm1.sys --> c:\windows\system32\Drivers\uti0mzm1.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
2011-07-04 c:\windows\Tasks\Free File Viewer Update Checker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-01-01 00:50]
.
2011-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-602162358-725345543-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-13 02:26]
.
2011-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-602162358-725345543-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-13 02:26]
.
2011-07-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 19:26]
.
2011-07-04 c:\windows\Tasks\User_Feed_Synchronization-{43F03C03-87F7-4665-8E07-6DDEE2D37DFF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-04 09:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-602162358-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(800)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(448)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\netdde.exe
c:\program files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\locator.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\AOL 9.5\waol.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\documents and settings\Owner\Desktop\Virus Removal Tool\setup_9.0.0.722_30.06.2011_03-14[1]\setup_9.0.0.722_30.06.2011_03-14[1].exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\AOL 9.5\shellmon.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-07-04 09:58:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-04 16:58
ComboFix2.txt 2011-07-03 17:35
.
Pre-Run: 71,755,341,824 bytes free
Post-Run: 71,755,485,184 bytes free
.
- - End Of File - - C86BB7A75792572936AC259332B266F1


Result.txt report as an attachment, please delete from post. Thanks.

Edited by m0le, 04 July 2011 - 07:00 PM.


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:23 AM

Posted 04 July 2011 - 07:10 PM

There does not seem to be any malware, that's for certain, so I believe that you should now take this to the XP forum.

Is there anything else you want to ask before I close this topic?
Posted Image
m0le is a proud member of UNITE

#11 GKing

GKing
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SFBayArea
  • Local time:09:23 PM

Posted 05 July 2011 - 01:13 PM

Yeah well-first, thanks for the help mOle to this point. It should be noted I had a feeling any problem likely could be addressed in the hardware or xp forum,...but was switched over by that Mod to the present forum-though I knew you had helped me before and there seemed also to be a disconnect or dorment status for a quite few days so hense my mail to you.
The seems to be minor? PnP driver (!) occurances in hidden view and I still don't know what really caused the two bsod events last 3mo.s. Also noticed an increased slowness in start-up and link response...also a lot of freeze and app. hangs.
Hopefully if you know of anyone or yourself in the aforementioned forum that can help I'd indeed appriciate the effort. :thumbsup2: Thanks again.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:23 AM

Posted 10 July 2011 - 04:58 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users