Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus takeover of xp


  • This topic is locked This topic is locked
12 replies to this topic

#1 BMTex

BMTex

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 16 February 2012 - 02:09 PM

I am starting new thread here as requested by mod. Original thread linked here. I had an infection that would freeze windows when I logged in either on "loading your personal settings" or when it reached the actual desktop. I ran MBAM it found nothing. I ran combofix (yes I know I shouldnt run it without someone here directing me I know that now) and it removed a program named pricegong. The freezing problem has been addressed, but I feel the infection problem is still there. Avast will not restart, says fix now.

Edited by BMTex, 16 February 2012 - 02:10 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:25 AM

Posted 21 February 2012 - 10:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.

#3 BMTex

BMTex
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 23 February 2012 - 03:53 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by papa 2 at 13:46:27 on 2012-02-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3583.2615 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\G930\G930.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Documents and Settings\papa 2\Local Settings\Application Data\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14196
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;192.168.*.*;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10v_Plugin.exe -update plugin
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Logitech G930] c:\program files\logitech\g930\G930.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [D-Link Wireless G WUA-1340] c:\program files\d-link\wireless g wua-1340\AirGCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [DATAMNGR] c:\progra~1\bearsh~1\mediabar\datamngr\DATAMN~1.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\documents and settings\papa 2\start menu\programs\startup\PowerReg Scheduler.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2E6442CC-66F2-4B78-AC52-16DB6CDB9638} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\progra~1\stardock\object~1\desksc~1\deskscapes.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\papa 2\application data\mozilla\firefox\profiles\x8lho26m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - plugin: c:\documents and settings\papa 2\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\papa 2\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-1 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-3-6 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-6 19544]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\documents and settings\papa 2\my documents\HWiNFO32.sys [2009-1-14 16872]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-12-2 218432]
R3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\drivers\ladfBakerCi386.sys [2011-12-6 378568]
R3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\drivers\ladfBakerRi386.sys [2011-12-6 312136]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-6-11 30560]
S2 gupdate1c9fb5099ee08c0;Google Update Service (gupdate1c9fb5099ee08c0);c:\program files\google\update\GoogleUpdate.exe [2009-7-2 133104]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys --> c:\windows\system32\drivers\motfilt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-2 133104]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\motousbnet.sys --> c:\windows\system32\drivers\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]
S4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-19 42184]
.
=============== Created Last 30 ================
.
2012-02-13 00:57:21 -------- d-sha-r- C:\cmdcons
2012-02-13 00:55:14 98816 ----a-w- c:\windows\sed.exe
2012-02-13 00:55:14 518144 ----a-w- c:\windows\SWREG.exe
2012-02-13 00:55:14 256000 ----a-w- c:\windows\PEV.exe
2012-02-13 00:55:14 208896 ----a-w- c:\windows\MBR.exe
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 13:47:40.12 ===============

#4 BMTex

BMTex
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 23 February 2012 - 03:57 PM

attach.txt

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:25 AM

Posted 24 February 2012 - 08:49 AM

Remove the proxy settings.

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:5555 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.
===

Please run the ComboFix.exe again. You may be asked to update the tool. please do.
Post the log.
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#6 BMTex

BMTex
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 24 February 2012 - 08:57 PM

ComboFix 12-02-24.02 - papa 2 02/24/2012 18:32:16.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3583.2748 [GMT -7:00]
Running from: c:\documents and settings\papa 2\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-25 to 2012-02-25 )))))))))))))))))))))))))))))))
.
.
2012-02-09 18:10 . 2012-02-11 12:01 -------- d-----w- c:\program files\Microsoft Works
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2006-02-28 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-13_01.47.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-15 12:22 . 2012-02-15 12:22 16384 c:\windows\temp\Perflib_Perfdata_9c.dat
+ 2012-02-15 12:22 . 2012-02-15 12:22 16384 c:\windows\temp\Perflib_Perfdata_1b4.dat
+ 2006-02-28 12:00 . 2012-02-15 15:10 68286 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll
+ 2007-08-14 01:54 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-14 01:54 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
- 2006-02-28 12:00 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
- 2009-06-09 18:09 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-09 18:09 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2007-08-14 01:54 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-14 01:54 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2009-02-21 07:57 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-02-21 07:57 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-14 01:44 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2007-08-14 01:44 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-14 01:54 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2007-08-14 01:54 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2012-02-13 22:54 . 2012-02-13 22:54 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2012-02-11 12:02 . 2012-02-11 12:02 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2012-02-11 12:01 . 2012-02-11 12:01 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-02-13 22:54 . 2012-02-13 22:54 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-02-23 23:56 . 2012-02-23 23:56 65536 c:\windows\Installer\{5C4D532E-4EC9-11E1-9544-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2012-02-23 23:56 . 2012-02-23 23:56 65536 c:\windows\Installer\{5C4D532E-4EC9-11E1-9544-B8AC6F97B88E}\ARPPRODUCTICON.exe
+ 2009-02-26 20:06 . 2009-02-26 20:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 20:06 . 2009-02-26 20:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2012-02-15 12:01 . 2011-11-04 19:20 12800 c:\windows\ie8updates\KB2647516-IE8\xpshims.dll
+ 2012-02-15 12:01 . 2011-11-04 19:20 66560 c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll
+ 2012-02-15 12:01 . 2011-11-04 19:20 55296 c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll
+ 2012-02-15 12:01 . 2011-11-04 19:20 43520 c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll
+ 2012-02-15 12:01 . 2011-11-04 19:20 25600 c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll
+ 2012-02-15 12:12 . 2012-02-15 12:12 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
+ 2012-02-15 12:12 . 2012-02-15 12:12 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
+ 2012-02-15 12:10 . 2012-02-15 12:10 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-15 12:06 . 2012-02-15 12:06 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3aa4296d4aa01fe0533de2c15f818d5f\PresentationFontCache.ni.exe
+ 2012-02-15 12:07 . 2012-02-15 12:07 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\820acb71782d9cd006800b3ac7e1ca53\PresentationCFFRasterizer.ni.dll
+ 2012-02-15 12:11 . 2012-02-15 12:11 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-01-12 12:03 . 2012-01-12 12:03 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-01-12 12:03 . 2012-01-12 12:03 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll
- 2006-02-28 12:00 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
+ 2006-02-28 12:00 . 2012-02-15 15:10 433774 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll
- 2006-02-28 12:00 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll
- 2007-08-14 01:54 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
+ 2007-08-14 01:54 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll
- 2006-02-28 12:00 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll
- 2006-02-28 12:00 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll
+ 2006-02-28 12:00 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe
- 2006-02-28 12:00 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
+ 2008-09-16 16:59 . 2012-02-15 12:22 175464 c:\windows\system32\FNTCACHE.DAT
- 2008-09-16 16:59 . 2012-02-11 04:23 175464 c:\windows\system32\FNTCACHE.DAT
- 2009-02-13 11:53 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
+ 2009-02-13 11:53 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-14 01:44 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-14 01:44 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-14 01:44 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll
- 2007-08-14 01:44 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-08-14 01:54 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll
- 2007-08-14 01:54 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-02-21 07:57 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-02-21 07:57 . 2011-12-17 19:46 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-09 18:09 . 2011-12-17 19:46 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-09 18:09 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2007-08-14 01:54 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-14 01:54 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-09-20 04:48 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-09-20 04:48 . 2011-12-17 19:46 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2007-08-14 01:39 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-14 01:39 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-14 01:39 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-14 01:39 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2012-02-23 23:56 . 2012-02-23 23:56 923648 c:\windows\Installer\2bae99c3.msi
+ 2012-02-15 12:01 . 2011-11-04 19:20 916992 c:\windows\ie8updates\KB2647516-IE8\wininet.dll
+ 2012-02-15 12:01 . 2011-11-04 19:20 105984 c:\windows\ie8updates\KB2647516-IE8\url.dll
+ 2012-02-15 12:01 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2647516-IE8\spuninst\updspapi.dll
+ 2012-02-15 12:01 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2647516-IE8\spuninst\spuninst.exe
+ 2012-02-15 12:01 . 2011-11-04 19:20 206848 c:\windows\ie8updates\KB2647516-IE8\occache.dll
+ 2012-02-15 12:01 . 2011-11-04 19:20 611840 c:\windows\ie8updates\KB2647516-IE8\mstime.dll
+ 2012-02-15 12:01 . 2011-11-04 19:20 602112 c:\windows\ie8updates\KB2647516-IE8\msfeeds.dll
+ 2012-02-15 12:01 . 2011-11-04 19:20 247808 c:\windows\ie8updates\KB2647516-IE8\ieproxy.dll
+ 2012-02-15 12:01 . 2011-11-04 19:20 184320 c:\windows\ie8updates\KB2647516-IE8\iepeers.dll
+ 2012-02-15 12:01 . 2011-11-04 19:20 743424 c:\windows\ie8updates\KB2647516-IE8\iedvtool.dll
+ 2012-02-15 12:01 . 2011-11-04 19:20 387584 c:\windows\ie8updates\KB2647516-IE8\iedkcs32.dll
+ 2012-02-15 12:01 . 2011-11-04 11:24 174080 c:\windows\ie8updates\KB2647516-IE8\ie4uinit.exe
+ 2012-02-15 12:10 . 2012-02-15 12:10 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\edc5691acfb65ac37f49de2ec497083a\WsatConfig.ni.exe
+ 2012-02-15 12:08 . 2012-02-15 12:08 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4ad8369d6a60765d7e9b43cdf9023f41\WindowsFormsIntegration.ni.dll
+ 2012-02-15 12:08 . 2012-02-15 12:08 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\68f4157e570c77df653057c0583395bd\UIAutomationClient.ni.dll
+ 2012-02-15 12:12 . 2012-02-15 12:12 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
+ 2012-02-15 12:12 . 2012-02-15 12:12 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc63b434b2f253cd27625487f7b02ac0\System.Web.Routing.ni.dll
+ 2012-02-15 12:08 . 2012-02-15 12:08 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
+ 2012-02-15 12:12 . 2012-02-15 12:12 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\86650d4fb220f94f25bb5da42a03d454\System.Web.Extensions.Design.ni.dll
+ 2012-02-15 12:12 . 2012-02-15 12:12 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\654465871e547e131668874de7c60b8c\System.Web.Entity.ni.dll
+ 2012-02-15 12:12 . 2012-02-15 12:12 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f0d6895f6e709d425cb5da6053c603d2\System.Web.Entity.Design.ni.dll
+ 2012-02-15 12:12 . 2012-02-15 12:12 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3f3b7dc7208e302e39a2dfb5b2cb953b\System.Web.DynamicData.ni.dll
+ 2012-02-15 12:11 . 2012-02-15 12:11 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll
+ 2012-02-15 12:07 . 2012-02-15 12:07 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
+ 2012-02-15 12:06 . 2012-02-15 12:06 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
+ 2012-02-15 12:06 . 2012-02-15 12:06 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
+ 2012-02-15 12:06 . 2012-02-15 12:06 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1335dd98ce5ce22ad1f51cc274ca5a1d\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-15 12:07 . 2012-02-15 12:07 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
+ 2012-02-15 12:11 . 2012-02-15 12:11 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a4b2b1ee81acd843970d9a81b281f1c1\System.Net.ni.dll
+ 2012-02-15 12:12 . 2012-02-15 12:12 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\ab7515dcbeff3f7d9533902e98278283\System.Messaging.ni.dll
+ 2012-02-15 12:11 . 2012-02-15 12:11 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
+ 2012-02-15 12:11 . 2012-02-15 12:11 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e3436edde657a5111d39d5b2eecf9715\System.Management.Instrumentation.ni.dll
+ 2012-02-15 12:10 . 2012-02-15 12:10 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\974ded7dd3bca225a1b90de778846c78\System.IO.Log.ni.dll
+ 2012-02-15 12:10 . 2012-02-15 12:10 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\01eba24390736a59c39becd825b5756e\System.IdentityModel.Selectors.ni.dll
+ 2012-02-15 12:07 . 2012-02-15 12:07 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
+ 2012-02-15 12:07 . 2012-02-15 12:07 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
+ 2012-02-15 12:08 . 2012-02-15 12:08 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e9ae7ae6d1e9edc7aaf819889cd1c692\System.Drawing.Design.ni.dll
+ 2012-02-15 12:08 . 2012-02-15 12:08 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\78a370dc153011708dd9e4cb0e606bfc\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-15 12:11 . 2012-02-15 12:11 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6e644fc7464d9fe23fc9cd6001296f2f\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-15 12:11 . 2012-02-15 12:11 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bac39be66bb9f987c1948b766833f8e6\System.Data.Services.Client.ni.dll
+ 2012-02-15 12:11 . 2012-02-15 12:11 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\2b5ecd231320e57010043c408783d80b\System.Data.Services.Design.ni.dll
+ 2012-02-15 12:11 . 2012-02-15 12:11 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\4ac9ac2326720485aefd4d79d2024945\System.Data.Entity.Design.ni.dll
+ 2012-02-15 12:10 . 2012-02-15 12:10 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\d504d550fd0a6994fcb1466ea7be92af\System.Data.DataSetExtensions.ni.dll
+ 2012-02-15 12:06 . 2012-02-15 12:06 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
+ 2012-02-15 12:06 . 2012-02-15 12:06 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\28637135c6939e74450bbbf110b12643\System.Configuration.Install.ni.dll
+ 2012-02-15 12:10 . 2012-02-15 12:10 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\958b5c0114d664ab5ba72575c301e2ea\System.AddIn.ni.dll
+ 2012-02-15 12:10 . 2012-02-15 12:10 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4dcff3b0e79fc27e31549bb2af00efb5\SMSvcHost.ni.exe
+ 2012-02-15 12:10 . 2012-02-15 12:10 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
+ 2012-02-15 12:10 . 2012-02-15 12:10 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\edec83be646eb52204c991371751a428\ServiceModelReg.ni.exe
+ 2012-02-15 12:08 . 2012-02-15 12:08 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\52015457bc28e7a9a563d9eab8ab0015\PresentationFramework.Royale.ni.dll
+ 2012-02-15 12:08 . 2012-02-15 12:08 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\46a680814559114706a33282e9df4b7a\PresentationFramework.Classic.ni.dll
+ 2012-02-15 12:08 . 2012-02-15 12:08 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2713754549b1114c9152d33efe5f72c7\PresentationFramework.Aero.ni.dll
+ 2012-02-15 12:08 . 2012-02-15 12:08 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
+ 2012-02-15 12:10 . 2012-02-15 12:10 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7c51497b188c82e2ccbe6315549ce023\MSBuild.ni.exe
+ 2012-02-15 12:10 . 2012-02-15 12:10 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f0f6dd614d294295c5d8386cc4192034\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-15 12:07 . 2012-02-15 12:07 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fd1338828beec8737fed8f50f4fcc567\Microsoft.Build.Utilities.ni.dll
+ 2012-02-15 12:10 . 2012-02-15 12:10 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\0d5f999c4b7e51151548c37c676c1b8e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-15 12:10 . 2012-02-15 12:10 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\792168ce8fe03a3db43e12cf736cf91e\Microsoft.Build.Engine.ni.dll
+ 2012-02-15 12:10 . 2012-02-15 12:10 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0a5277c34ddc1f55df1defb4231e814f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-15 12:10 . 2012-02-15 12:10 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a8df37aadb089f1f34d3d2f103966fbc\ComSvcConfig.ni.exe
+ 2012-02-15 12:10 . 2012-02-15 12:10 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\25ce400b547f517258c8afb0480390ea\AspNetMMCExt.ni.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2006-02-28 12:00 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46 1212416 c:\windows\system32\urlmon.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46 5979136 c:\windows\system32\mshtml.dll
+ 2007-08-14 01:34 . 2011-12-17 19:46 2000384 c:\windows\system32\iertutil.dll
- 2007-08-14 01:34 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
+ 2009-02-13 11:36 . 2012-01-12 16:53 1859968 c:\windows\system32\dllcache\win32k.sys
+ 2009-02-13 11:53 . 2011-12-17 19:46 1212416 c:\windows\system32\dllcache\urlmon.dll
- 2009-02-13 11:53 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2009-02-13 11:30 . 2011-12-17 19:46 5979136 c:\windows\system32\dllcache\mshtml.dll
- 2009-02-21 07:57 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2009-02-21 07:57 . 2011-12-17 19:46 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-10-26 10:39 . 2011-10-26 10:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-02-14 20:09 . 2012-02-14 20:09 3947520 c:\windows\Installer\1cfb9.msi
+ 2011-11-01 20:34 . 2011-11-01 20:34 1552384 c:\windows\Installer\1af72.msp
+ 2011-11-01 20:34 . 2011-11-01 20:34 2247168 c:\windows\Installer\1af6a.msp
+ 2011-11-01 20:34 . 2011-11-01 20:34 2531840 c:\windows\Installer\1af4c.msp
+ 2011-11-11 23:16 . 2011-11-11 23:16 8458240 c:\windows\Installer\1af2d.msp
+ 2011-10-31 05:54 . 2011-10-31 05:54 2748416 c:\windows\Installer\1570530.msp
+ 2011-07-27 11:44 . 2011-07-27 11:44 1791824 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PPCNV.DLL
+ 2011-07-07 09:58 . 2011-07-07 09:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OGL.DLL
+ 2011-08-03 07:14 . 2011-08-03 07:14 8579448 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OARTCONV.DLL
+ 2012-02-15 12:01 . 2011-11-04 19:20 1212416 c:\windows\ie8updates\KB2647516-IE8\urlmon.dll
+ 2012-02-15 12:01 . 2011-11-04 19:20 5978112 c:\windows\ie8updates\KB2647516-IE8\mshtml.dll
+ 2012-02-15 12:01 . 2011-11-04 19:20 2000384 c:\windows\ie8updates\KB2647516-IE8\iertutil.dll
+ 2012-02-15 12:07 . 2012-02-15 12:07 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
+ 2012-02-15 12:08 . 2012-02-15 12:08 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\94f5164ff4f664c5e4e7fb4c3af1abad\UIAutomationClientsideProviders.ni.dll
+ 2012-02-15 12:06 . 2012-02-15 12:06 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
+ 2012-02-15 12:06 . 2012-02-15 12:06 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
+ 2012-02-15 12:12 . 2012-02-15 12:12 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c4c671c737b553db8e07664816475333\System.WorkflowServices.ni.dll
+ 2012-02-15 12:12 . 2012-02-15 12:12 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\248ea47105ff4af6ee75e6fdd5b450a1\System.Workflow.Runtime.ni.dll
+ 2012-02-15 12:12 . 2012-02-15 12:12 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\80a288b6611668160334668cc2608e4a\System.Workflow.ComponentModel.ni.dll
+ 2012-02-15 12:12 . 2012-02-15 12:12 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4c27548df5897320840ee0d65db38742\System.Workflow.Activities.ni.dll
+ 2012-02-15 12:08 . 2012-02-15 12:08 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
+ 2012-02-15 12:12 . 2012-02-15 12:12 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\030cde14924eefebc06c240dbfe093a4\System.Web.Mobile.ni.dll
+ 2012-02-15 12:12 . 2012-02-15 12:12 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6379c8ca8ae11effb415139990923ff1\System.Web.Extensions.ni.dll
+ 2012-02-15 12:11 . 2012-02-15 12:11 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e456140d5d6c43d7383bd36d3f9e12c6\System.Speech.ni.dll
+ 2012-02-15 12:11 . 2012-02-15 12:11 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\285dfbf2380436e187cb624bd1cd4683\System.ServiceModel.Web.ni.dll
+ 2012-02-15 12:10 . 2012-02-15 12:10 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
+ 2012-02-15 12:07 . 2012-02-15 12:07 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d51e6bb07124a1d780d1e024858e0dc1\System.Printing.ni.dll
+ 2012-02-15 12:10 . 2012-02-15 12:10 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\8ef05061cd205c4f2a8583d97f32a603\System.IdentityModel.ni.dll
+ 2012-02-15 12:06 . 2012-02-15 12:06 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
+ 2012-02-15 12:07 . 2012-02-15 12:07 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77d0e93f024055d04c07cc2700b4c590\System.DirectoryServices.ni.dll
+ 2012-02-15 12:07 . 2012-02-15 12:07 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\707a05a7d5a8d99dd56d1d50311a60d2\System.Deployment.ni.dll
+ 2012-02-15 12:07 . 2012-02-15 12:07 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
+ 2012-02-15 12:06 . 2012-02-15 12:06 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\857300fa64d09c69125451fd8894f3da\System.Data.SqlXml.ni.dll
+ 2012-02-15 12:11 . 2012-02-15 12:11 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e9d4a1fb13572c769ddd9b86e55baab4\System.Data.Services.ni.dll
+ 2012-02-15 12:08 . 2012-02-15 12:08 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\3f2e74586111fb32d5edc059f709fa94\System.Data.OracleClient.ni.dll
+ 2012-02-15 12:08 . 2012-02-15 12:08 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3d9c33f71d15a3e2e240092a244eba3\System.Data.Linq.ni.dll
+ 2012-02-15 12:11 . 2012-02-15 12:11 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\424160369b301ccd1b6fd86265611955\System.Data.Entity.ni.dll
+ 2012-02-15 12:08 . 2012-02-15 12:08 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
+ 2012-02-15 12:07 . 2012-02-15 12:07 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\33cdfb4c322a528260016ac759230501\ReachFramework.ni.dll
+ 2012-02-15 12:07 . 2012-02-15 12:07 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a6def83aee1aaf3336675ce58ac09013\PresentationUI.ni.dll
+ 2012-02-15 12:07 . 2012-02-15 12:07 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\59cd6ce5a254006179eee92952cd2272\PresentationBuildTasks.ni.dll
+ 2012-02-15 12:10 . 2012-02-15 12:10 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
+ 2012-02-15 12:10 . 2012-02-15 12:10 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f7071f9a1c0523540f6aa7f11c302fb6\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-15 12:11 . 2012-02-15 12:11 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\806b1d127ed3e906db972751e87585c4\Microsoft.JScript.ni.dll
+ 2012-02-15 12:10 . 2012-02-15 12:10 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\912789fd859e0887e10a935cade08e72\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-15 12:10 . 2012-02-15 12:10 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6c1d3eec78906cc2a2ecffb013114c50\Microsoft.Build.Tasks.ni.dll
+ 2012-02-15 12:10 . 2012-02-15 12:10 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d6edd4b4619a9052d3dfe50c3067d5e0\Microsoft.Build.Engine.ni.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-12 12:03 . 2012-01-12 12:03 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-15 12:05 . 2012-02-15 12:05 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-02-21 07:53 . 2012-02-15 12:01 52550552 c:\windows\system32\MRT.exe
+ 2007-08-14 01:54 . 2011-12-18 21:46 11082240 c:\windows\system32\ieframe.dll
+ 2009-02-21 07:57 . 2011-12-18 21:46 11082240 c:\windows\system32\dllcache\ieframe.dll
+ 2011-09-16 01:37 . 2011-09-16 01:37 38176256 c:\windows\Installer\1af62.msp
+ 2011-09-16 01:37 . 2011-09-16 01:37 37148160 c:\windows\Installer\1af44.msp
+ 2011-08-04 02:53 . 2011-08-04 02:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\MSO.DLL
+ 2012-02-15 12:01 . 2011-11-04 19:20 11081728 c:\windows\ie8updates\KB2647516-IE8\ieframe.dll
+ 2012-02-15 12:07 . 2012-02-15 12:07 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
+ 2012-02-15 12:08 . 2012-02-15 12:08 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
+ 2012-02-15 12:10 . 2012-02-15 12:10 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll
+ 2012-02-15 12:08 . 2012-02-15 12:08 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c8f8fb506c32500acc1b6190d054f26\System.Design.ni.dll
+ 2012-02-15 12:07 . 2012-02-15 12:07 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll
+ 2012-02-15 12:07 . 2012-02-15 12:07 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2010-10-19 12:53 585136 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]
.
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-09-20 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-11 1242448]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-02 39408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-20 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-16 178712]
"Logitech G930"="c:\program files\Logitech\G930\G930.exe" [2011-03-23 1516888]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-03-17 157552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-16 150040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-17 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"D-Link Wireless G WUA-1340"="c:\program files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2005-12-15 2715648]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\papa 2\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2009-2-16 256000]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.3.5.12340-x86-Win-enUS-BKGND-downloader.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"59158:TCP"= 59158:TCP:Pando Media Booster
"59158:UDP"= 59158:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/4/2010 5:31 PM 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/1/2011 5:35 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/6/2009 5:54 AM 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/6/2009 5:54 AM 19544]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\documents and settings\papa 2\My Documents\HWiNFO32.sys [1/14/2009 9:14 PM 16872]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [12/2/2010 12:45 PM 218432]
R3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\drivers\ladfBakerCi386.sys [12/6/2011 1:56 PM 378568]
R3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\drivers\ladfBakerRi386.sys [12/6/2011 1:56 PM 312136]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [6/11/2009 3:57 PM 30560]
S2 gupdate1c9fb5099ee08c0;Google Update Service (gupdate1c9fb5099ee08c0);c:\program files\Google\Update\GoogleUpdate.exe [7/2/2009 1:06 PM 133104]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/2/2009 1:06 PM 133104]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-02-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-02 08:55]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-02 20:06]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-02 20:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14196
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;192.168.*.*;*.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\papa 2\Application Data\Mozilla\Firefox\Profiles\x8lho26m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-24 18:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\4&696f438&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c03d\6&1b3cc567&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(1544)
c:\windows\system32\WININET.dll
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\windows\system32\ieframe.dll
c:\progra~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
c:\windows\system32\d3dx9_32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-24 18:52:14
ComboFix-quarantined-files.txt 2012-02-25 01:52
ComboFix2.txt 2012-02-13 01:49
.
Pre-Run: 504,933,601,280 bytes free
Post-Run: 505,216,356,352 bytes free
.
- - End Of File - - 2D5C0C77D9AE08D0C7EDD5DEB55596C2

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:25 AM

Posted 25 February 2012 - 09:35 AM

Open notepad and copy/paste the text in the quote box below into it:


Folder::
C:\PROGRA~1\BEARSH~1\

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"=-
[-HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555

Firefox::
FF - ProfilePath - c:\documents and settings\papa 2\Application Data\Mozilla\Firefox\Profiles\x8lho26m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Please include the log from the Security Check I requested in my previous post.

Let me know what problem persists.

#8 BMTex

BMTex
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 25 February 2012 - 10:47 AM

Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 15
Java version out of date!
Adobe Flash Player 10.3.183.5 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (3.6.27) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````

#9 BMTex

BMTex
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 25 February 2012 - 10:49 AM

It has been telling me for months now that flash was out of date. Ive updated it several times, but I guess not.

#10 BMTex

BMTex
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 25 February 2012 - 11:27 AM

ComboFix 12-02-24.02 - papa 2 02/25/2012 8:54.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3583.2721 [GMT -7:00]
Running from: c:\documents and settings\papa 2\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\papa 2\Desktop\CFscript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\BEARSH~1
c:\progra~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll
c:\progra~1\BEARSH~1\MediaBar\Datamngr\datamngrUI.exe
c:\progra~1\BEARSH~1\MediaBar\Datamngr\FirefoxExtension\chrome.manifest
c:\progra~1\BEARSH~1\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
c:\progra~1\BEARSH~1\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\progra~1\BEARSH~1\MediaBar\Datamngr\FirefoxExtension\content\overlay.js
c:\progra~1\BEARSH~1\MediaBar\Datamngr\FirefoxExtension\content\overlay.xul
c:\progra~1\BEARSH~1\MediaBar\Datamngr\FirefoxExtension\install.rdf
c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarTb.dll
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\bearshare.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\data\search\engines.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\data\search\search.xsl
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\about.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\dtxwin.xul
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\external.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\neterror.xhtml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\wmpstreamer.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\modules\datastore.jsm
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\preferences.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\toolbar.htm
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\toolbar.xul
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\bearshare.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\bluelite.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\bluesky.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\btn-search-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\btn-search.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\btn-settings-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\btn-settings.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\btn-widgets-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\btn-widgets.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\btn_settings.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-down-back-ff.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-down-back.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-down-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-down-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-down-splitter.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-drop-back.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-drop-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-drop-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-drop-splitter.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-hover-back-ff.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-hover-back.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-hover-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-hover-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\button-hover-splitter.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\ca.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\dictionary.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\divider.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\downloadcom.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\dtxlogo.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\email.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\email_on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\games.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\graphred0.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\graphred0_5.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\grey.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\headsup.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\ico-shield.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\images.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\add.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\aol.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\arrow-right.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\arrow-up.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\blank.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\btnback-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\btnright-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\checkmark.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\chevron.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\collapse.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\comcast.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\dtx.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\edit-back.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\expand.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\found.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\gmail.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\highlight.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\highlight_blue.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\highlight_lime.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\hotmail.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\imap.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\loadingMid.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\lock.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\mailcom.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\modify.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\move.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\movetarget.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\footer.htm
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\pop.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\track.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\reload.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\remove.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\rename.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\resize-box.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\rss.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\rsschannelback.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\RSSLogo.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\scroll-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\scroll-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\search-go.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\search.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\template.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\template.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\yahoo.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lichen.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\logo-about.jpg
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\logo-about.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\logo-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\logo.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\logo_old.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\maps.bmp
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\menuseparatorback.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\modify-save.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\modify.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\modifyhot.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\music.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\news.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\options\options-main.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\options\options-search.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\options\options-weather.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\options\options-widgets.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\orange.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\pixsy.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\relatedlinks.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-collapse.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-delete.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-expand.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-feed.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-folder-remove.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-folder-rename.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-folder.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-found.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-reload.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-subscribe.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rssback.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rsstopback.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\search-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\search.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\settings.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\shopping.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\siteinfo.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\skin-bluelite.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\skin-bluesky.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\skin-grey.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\skin-lichen.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\skin-orange.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\skin-yellow.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\technorati.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\throbber.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\toolbarsplitter.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\video.bmp
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\weather.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\web.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widget_allocine.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widget_bliptv.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widget_calcal.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widget_calculator.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widget_gservices.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widget_sudoku.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widget_todo.jpg
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widget_todo.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widget_trio.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widget_uconverter.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widgets-square-16px.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widgets.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\wikipedia.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\yahoosearch.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\yellow.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\youtube.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\zoom.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\components\windowmediator.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\manifest.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\uninstall.exe
c:\progra~1\BEARSH~1\MediaBar\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-25 to 2012-02-25 )))))))))))))))))))))))))))))))
.
.
2012-02-23 20:58 . 2012-02-23 20:58 -------- d-----w- c:\documents and settings\papa 2\Application Data\Template
2012-02-09 18:10 . 2012-02-11 12:01 -------- d-----w- c:\program files\Microsoft Works
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2006-02-28 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-09-20 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-11 1242448]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-02 39408]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-20 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-16 178712]
"Logitech G930"="c:\program files\Logitech\G930\G930.exe" [2011-03-23 1516888]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-03-17 157552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-16 150040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-17 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"D-Link Wireless G WUA-1340"="c:\program files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2005-12-15 2715648]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\papa 2\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2009-2-16 256000]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.3.5.12340-x86-Win-enUS-BKGND-downloader.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"59158:TCP"= 59158:TCP:Pando Media Booster
"59158:UDP"= 59158:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/4/2010 5:31 PM 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/1/2011 5:35 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/6/2009 5:54 AM 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/6/2009 5:54 AM 19544]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\documents and settings\papa 2\My Documents\HWiNFO32.sys [1/14/2009 9:14 PM 16872]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [12/2/2010 12:45 PM 218432]
R3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\drivers\ladfBakerCi386.sys [12/6/2011 1:56 PM 378568]
R3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\drivers\ladfBakerRi386.sys [12/6/2011 1:56 PM 312136]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [6/11/2009 3:57 PM 30560]
S2 gupdate1c9fb5099ee08c0;Google Update Service (gupdate1c9fb5099ee08c0);c:\program files\Google\Update\GoogleUpdate.exe [7/2/2009 1:06 PM 133104]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/2/2009 1:06 PM 133104]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-02-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-02 08:55]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-02 20:06]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-02 20:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14196
uInternet Settings,ProxyOverride = <local>;192.168.*.*;*.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\papa 2\Application Data\Mozilla\Firefox\Profiles\x8lho26m.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DATAMNGR - c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
AddRemove-BearShare MediaBar - c:\program files\BearShare Applications\MediaBar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-25 09:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\4&696f438&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c03d\6&1b3cc567&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\igfxdev.dll
.
Completion time: 2012-02-25 09:21:32
ComboFix-quarantined-files.txt 2012-02-25 16:21
ComboFix2.txt 2012-02-25 01:52
ComboFix3.txt 2012-02-13 01:49
.
Pre-Run: 505,295,212,544 bytes free
Post-Run: 505,270,022,144 bytes free
.
- - End Of File - - 50991262A356DE85D3C09C921AB1A5BF

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:25 AM

Posted 25 February 2012 - 11:47 AM

Looking good.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 15


===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.


Any remaining issues?

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:25 AM

Posted 02 March 2012 - 09:16 AM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:25 AM

Posted 08 March 2012 - 11:12 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users