Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Security Tool


  • This topic is locked This topic is locked
12 replies to this topic

#1 Archus

Archus

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 24 October 2009 - 05:55 PM

Well I managed to get infected with Security tool, but when window's defender kicked in I manage to rip out most of the bug's main files. Sadly I could not find its .exe stuff. But yet it seems there are still active parts of it on my computer because it has been freaken downloading links to porn sites on my computer and I beleve those sites are the ones that are heavily infected with Trackers and Trojans.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:40 PM, on 10/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\GIMP-2.0\bin\gimp-2.6.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\GreenLife Emerald Viewer\GreenLife.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\script-fu.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [wow64main.exe] C:\WINDOWS\TEMP\wow64main.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [wow64main.exe] C:\WINDOWS\TEMP\wow64main.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8515 bytes

    Advertisements

Register to Remove


#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 25 October 2009 - 12:23 PM

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#3 Archus

Archus

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 30 October 2009 - 06:38 PM

Heres all 3 logs.

DDS

DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 18:31:58.00 on Fri 10/30/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1368 [GMT -4:00]

AV: avast! antivirus 4.8.1356 [VPS 091030-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mWinlogon: Shell=Explorer.exe logon.exe
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web

printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web

printing\hpswp_BHO.dll
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PlayNC Launcher]
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [IDTSysTrayApp] sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader

8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader

8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital

imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital

imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\r4me8qnu.default\
FF - prefs.js: browser.search.defaulturl -

hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: keyword.URL -

hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=
FF - component: c:\documents and settings\owner\application

data\mozilla\firefox\profiles\r4me8qnu.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npkanevapatch.dll
FF - plugin: c:\program files\sparkplay media\sparkplayer (beta)\npSparkPlayerNS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla

firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-18 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-18 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service

[?]

=============== Created Last 30 ================

2009-10-30 03:20:07 0 d-----w- c:\program files\Steam
2009-10-29 17:39:04 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-10-27 05:56:05 215104 ----a-w- c:\windows\system32\PnkBstrB.xtr
2009-10-27 00:37:54 0 d-----w- c:\windows\system32\appmgmt
2009-10-25 00:15:27 0 d-----w- c:\program files\Bethesda Softworks
2009-10-25 00:14:29 0 d-----w- c:\windows\system32\xlive
2009-10-24 06:44:34 170336 ----a-w- c:\windows\hpqins00.dat
2009-10-24 06:41:25 0 d-----w- c:\docume~1\owner\applic~1\HpUpdate
2009-10-24 06:41:23 0 d-----w- c:\windows\Hewlett-Packard
2009-10-22 19:38:27 0 d-----w- c:\program files\a-squared Free
2009-10-22 19:22:05 0 ----a-w- c:\documents and settings\owner\Ÿ;Ÿ;
2009-10-22 01:34:50 0 d-----w- c:\program files\CCleaner
2009-10-21 22:01:07 0 ----a-w- c:\documents and settings\owner\Ÿ=Ÿ=
2009-10-19 19:08:12 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-19 19:06:09 0 d-----w- c:\program files\Corel
2009-10-17 15:34:49 0 d-----w- c:\documents and settings\owner\.gimp-2.6
2009-10-17 15:34:14 0 d-----w- c:\program files\GIMP-2.0
2009-10-13 22:26:33 0 d-----w- c:\program files\Lame for Audacity
2009-10-13 22:07:52 0 d-----w- c:\program files\Total Video Converter
2009-10-13 21:24:23 0 d-----w- c:\program files\Audacity
2009-10-03 13:32:47 0 d-----w- c:\windows\system32\Temp
2009-10-03 13:09:10 0 d-----w- c:\program files\AOA
2009-10-02 20:42:12 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 00:41:31 0 d-sh--w- c:\windows\ftpcache
2009-10-02 00:29:57 22328 ----a-w- c:\docume~1\owner\applic~1\PnkBstrK.sys
2009-10-02 00:29:57 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-02 00:29:41 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-02 00:29:25 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-02 00:29:22 319 ----a-w- c:\windows\game.ini
2009-10-02 00:18:59 0 d-----w- c:\program files\Activision

==================== Find3M ====================

2009-10-30 22:28:38 14240 ----a-w- c:\windows\system32\drivers\sthdae.log
2009-09-30 00:14:32 65536 ----a-w- c:\windows\IFinst27.exe
2009-09-25 22:20:28 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 23:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 01:32:32 157204 ----a-w- c:\windows\hphins26.dat
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-08 16:10:14 216064 ----a-w- c:\windows\PEV.exe
2009-08-07 23:51:54 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 23:51:54 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 18:34:31.80 ===============




Attach


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/26/2009 5:16:09 PM
System Uptime: 10/30/2009 6:28:29 PM (0 hours ago)

Motherboard: Dell Inc. | | 0P611C
Processor: Intel® Core™2 Quad CPU @ 2.66GHz | Microprocessor |

2666/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 376.7 GiB free.
D: is CDROM (UDF)
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: IDT High Definition Audio CODEC
Device ID:

HDAUDIO\FUNC_01&VEN_8384&DEV_7618&SUBSYS_102801E1&REV_1002\4&15AA5632&0&0001
Manufacturer: IDT
Name: IDT High Definition Audio CODEC
PNP Device ID:

HDAUDIO\FUNC_01&VEN_8384&DEV_7618&SUBSYS_102801E1&REV_1002\4&15AA5632&0&0001
Service: STHDA

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Trend Micro Common Firewall Miniport
Device ID: ROOT\TM_CFWMP\0000
Manufacturer: Trend Micro
Name: Broadcom NetXtreme 57xx Gigabit Controller - Trend Micro Common Firewall

Miniport
PNP Device ID: ROOT\TM_CFWMP\0000
Service: tmcfw

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Trend Micro Common Firewall Miniport
Device ID: ROOT\TM_CFWMP\0001
Manufacturer: Trend Micro
Name: WAN Miniport (IP) - Trend Micro Common Firewall Miniport
PNP Device ID: ROOT\TM_CFWMP\0001
Service: tmcfw

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

a-squared Free 4.5
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS4
Adobe Reader 8
AIM 7
AOAInstallprogram
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
avast! Antivirus
Bonjour
Broadcom Gigabit Integrated Controller
BufferChm
Call of Duty® 4 - Modern Warfare™
CCleaner (remove only)
Choice Guard
Counter-Strike: Source
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
D1500
D1500_Help
Dell Resource CD
DeviceDiscovery
DeviceManagementQFolder
DJ_SF_03_D1500_ProductContext
DJ_SF_03_D1500_Software
DJ_SF_03_D1500_Software_Min
Download Updater (AOL LLC)
Dream Of Mirror Online
EA Download Manager
Emerald Viewer 1.23.5.950
ESPNMotion
eSupportQFolder
Eudora
Exteel
Fallout 3
Fallout Mod Manager 0.9.15
FLV Player 2.0 (build 25)
GemMaster Mystic
GIMP 2.6.7
GPBaseService
Half-Life 2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Customer Participation Program 10.0
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPProductAssistant
HPSSupply
iTunes
Java™ 6 Update 16
Java™ 6 Update 5
LAME v3.98.2 for Audacity
LaTale_eu_Test
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.4)
MSVCRT
NCsoft Launcher
NVIDIA Drivers
Otto
PSSWCORE
QuickTime
Ragnarok Online
ScytheRO
SecondLife (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Shin Megami Tensei: Imagine Online
Shop for HP Supplies
SHOUTcast Source DSP 1.9.1 (remove only)
Skype web features
Skype™ 4.1
SmartWebPrintingOC
SolutionCenter
Sonic Encoders
Sparkplayer (Beta)
SPORE™
Spybot - Search & Destroy
Status
Steam
Team Fortress 2
Toolbox
Total Video Converter 3.50
TrayApp
Trend Micro PC-cillin Internet Security 14
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Ventrilo Client
Vertical Life v1.5.5
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package
WebFldrs XP
WebReg
Winamp
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
World of Kaneva v4.0
World of Warcraft
Xfire (remove only)
Yahoo! Messenger
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

10/30/2009 2:29:11 AM, error: WinDefend [1008] - Windows Defender has

encountered an error when taking action on spyware or other potentially unwanted

software. For more information please see the following:

http://go.microsoft.com/fwlink/?linkid=370...!U&thre

atid=143471 Scan ID: {318E4382-95A6-4B7A-A0F6-C9297EA7ACC3} Scan

Type: AntiMalware User: OWNER-1854068F2\Owner Name:

Trojan:Win32/Alureon.gen!U ID: 143471 Severity: Severe Category:

Trojan Path: Action: Remove Error Code: 0x80508022 Error description: To

finish removing spyware and other potentially unwanted software, restart the

computer.
10/27/2009 2:12:35 AM, error: WinDefend [1008] - Windows Defender has

encountered an error when taking action on spyware or other potentially unwanted

software. For more information please see the following:

http://go.microsoft....0....BT

d=141150 Scan ID: {58FCFE8E-9D15-4D56-A5AC-737EC071FA20} Scan

Type: AntiMalware User: OWNER-1854068F2\Owner Name:

Trojan:Win32/Alureon.BT ID: 141150 Severity: Severe Category:

Trojan Path: Action: Remove Error Code: 0x80508022 Error description: To

finish removing spyware and other potentially unwanted software, restart the

computer.
10/23/2009 12:31:53 AM, error: Service Control Manager [7022] - The HP CUE

DeviceDiscovery Service service hung on starting.
10/23/2009 12:30:24 AM, error: Service Control Manager [7000] - The adfs service

failed to start due to the following error: The system cannot find the file

specified.
10/23/2009 12:30:01 AM, error: Dhcp [1002] - The IP address lease 192.168.1.6

for the Network Card with network address 001E4FAF4314 has been denied by the

DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================


Gmer


GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-30 20:33:05
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwwdrpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA415D6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA415D574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA415DA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA415D14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA415D64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA415D08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA415D0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA415D76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA415D72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA415D8AE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\sdra64.exe 97792 bytes executable
File C:\WINDOWS\system32\lowsec 0 bytes
File C:\WINDOWS\system32\lowsec\local.ds 219373 bytes
File C:\WINDOWS\system32\lowsec\user.ds 145984 bytes
File C:\WINDOWS\system32\lowsec\user.ds.lll 164046 bytes

---- EOF - GMER 1.0.15 ----

#4 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 30 October 2009 - 07:26 PM

Hi,

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?


NEXT


Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#5 Archus

Archus

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 30 October 2009 - 11:18 PM

Well it seems my Avast Anti Virus got deleted in the process so that will need to be reinstalled. My steam client has been having issues running some games such as Team Fortress 2 it seems since I was infected. It's been giving a hl2.exe has crashed and asks if you want to send an error report. I have been trying to fix this, I have reinstalled Steam and the games several times. It doesn't seem to be working. But I will know over some little time if my computer performance has changed at all.
Here is the log.


ComboFix 09-10-30.01 - Owner 10/31/2009 0:57.2.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1485 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091030-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\sdra64.exe

----- BITS: Possible infected sites -----

hxxp://download.xbox.com:80
Infected copy of c:\windows\system32\DRIVERS\nvatabus.sys was found and disinfected
Restored copy from - Kitty ate it :P
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))
.

2009-10-31 04:52 . 2008-04-14 04:10 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2009-10-31 04:52 . 2008-04-14 04:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-31 04:40 . 2009-10-31 04:40 -------- d-----w- c:\windows\83F12F73D52E40C093B1463C311C4E17.TMP
2009-10-31 04:23 . 2009-10-31 04:23 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-10-31 04:07 . 2009-10-31 04:07 -------- d-----w- c:\program files\THQ
2009-10-31 04:07 . 2009-10-31 04:07 -------- d-----w- C:\Extras
2009-10-31 04:07 . 2009-10-31 04:07 -------- d-----w- C:\Autorun
2009-10-31 03:58 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-10-31 03:58 . 2009-09-04 21:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-10-31 03:58 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-10-31 03:58 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-10-31 03:58 . 2009-09-04 21:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-10-31 03:58 . 2009-09-04 21:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-10-31 03:58 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-10-29 17:39 . 2009-10-29 17:39 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-10-27 05:21 . 2009-10-27 05:21 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PunkBuster
2009-10-25 00:35 . 2009-10-25 01:55 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Fallout3
2009-10-25 00:15 . 2009-10-25 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2009-10-25 00:15 . 2009-10-25 00:15 -------- d-----w- c:\program files\Bethesda Softworks
2009-10-25 00:14 . 2009-10-25 00:14 -------- d-----w- c:\windows\system32\xlive
2009-10-24 06:44 . 2009-10-24 06:48 170336 ----a-w- c:\windows\hpqins00.dat
2009-10-24 06:41 . 2009-10-24 06:48 -------- d-----w- c:\documents and settings\Owner\Application Data\HpUpdate
2009-10-24 06:41 . 2009-10-24 06:41 -------- d-----w- c:\windows\Hewlett-Packard
2009-10-22 19:38 . 2009-10-31 04:44 -------- d-----w- c:\program files\a-squared Free
2009-10-22 01:34 . 2009-10-22 01:34 -------- d-----w- c:\program files\CCleaner
2009-10-21 18:57 . 2009-10-21 18:57 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-19 19:08 . 2009-10-19 19:14 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-19 19:06 . 2009-10-19 19:13 -------- d-----w- c:\program files\Corel
2009-10-17 15:34 . 2009-10-25 00:34 -------- d-----w- c:\documents and settings\Owner\.gimp-2.6
2009-10-17 15:34 . 2009-10-17 15:34 -------- d-----w- c:\program files\GIMP-2.0
2009-10-16 07:13 . 2009-10-16 07:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-13 22:26 . 2009-10-13 22:42 -------- d-----w- c:\program files\Lame for Audacity
2009-10-13 22:07 . 2009-10-13 22:11 -------- d-----w- c:\program files\Total Video Converter
2009-10-13 21:27 . 2009-10-13 21:27 -------- d-----w- c:\program files\FLV Player
2009-10-13 21:24 . 2009-10-13 21:24 -------- d-----w- c:\program files\Audacity
2009-10-03 13:32 . 2009-10-03 13:32 -------- d-----w- c:\windows\system32\Temp
2009-10-03 13:09 . 2009-10-03 14:48 -------- d-----w- c:\program files\AOA
2009-10-02 20:42 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 00:41 . 2009-10-02 00:41 -------- d-sh--w- c:\windows\ftpcache
2009-10-02 00:29 . 2009-10-29 16:10 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-02 00:29 . 2009-10-29 17:14 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-02 00:29 . 2009-10-27 05:21 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-02 00:18 . 2009-10-02 00:18 -------- d-----w- c:\program files\Activision

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 04:55 . 2009-06-29 13:01 14596 ----a-w- c:\windows\system32\drivers\sthdae.log
2009-10-30 03:18 . 2009-08-21 20:05 -------- d-----w- c:\program files\City of Heroes
2009-10-27 03:08 . 2009-07-31 00:52 -------- d-----w- c:\program files\GreenLife Emerald Viewer
2009-10-25 00:15 . 2009-06-29 13:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-24 23:46 . 2009-06-29 23:29 -------- d-----w- c:\program files\Trend Micro
2009-10-22 19:40 . 2009-06-26 21:53 -------- d-----w- c:\program files\RGB
2009-10-22 01:39 . 2009-06-29 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-22 01:20 . 2009-06-29 13:43 -------- d-----w- c:\program files\Java
2009-10-21 23:40 . 2009-08-19 14:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-21 22:03 . 2009-06-29 23:52 -------- d-----w- c:\documents and settings\Owner\Application Data\SecondLife
2009-10-15 19:01 . 2009-09-04 03:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Xfire
2009-10-15 19:01 . 2009-09-04 03:07 -------- d-----w- c:\program files\Xfire
2009-10-15 18:59 . 2009-06-29 13:43 15640 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-14 22:03 . 2009-09-28 04:33 -------- d-----w- c:\program files\World of Warcraft
2009-10-11 04:39 . 2009-07-10 07:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2009-10-11 04:02 . 2009-07-10 07:55 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2009-10-02 00:29 . 2009-10-02 00:29 22328 ----a-w- c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-09-30 00:15 . 2009-09-30 00:15 -------- d-----w- c:\program files\Gravity
2009-09-30 00:14 . 2009-09-30 00:14 65536 ----a-w- c:\windows\IFinst27.exe
2009-09-28 08:09 . 2009-09-28 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-09-28 06:40 . 2009-09-28 06:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-09-28 04:50 . 2009-09-28 04:50 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-09-27 18:50 . 2009-09-27 18:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-09-27 18:01 . 2009-09-27 18:00 -------- d-----w- c:\program files\iTunes
2009-09-27 18:00 . 2009-09-27 18:00 -------- d-----w- c:\program files\iPod
2009-09-27 18:00 . 2009-09-27 17:57 -------- d-----w- c:\program files\Common Files\Apple
2009-09-27 18:00 . 2009-09-27 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-27 18:00 . 2009-09-27 18:00 -------- d-----w- c:\program files\Bonjour
2009-09-27 18:00 . 2009-06-29 13:44 -------- d-----w- c:\program files\QuickTime
2009-09-27 17:58 . 2009-09-27 17:58 -------- d-----w- c:\program files\Apple Software Update
2009-09-27 17:58 . 2009-09-27 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-25 22:20 . 2009-09-25 22:20 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-09-24 19:06 . 2009-09-24 19:06 -------- d-----w- c:\documents and settings\Owner\Application Data\acccore
2009-09-24 19:06 . 2009-09-24 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2009-09-24 19:06 . 2009-09-24 19:06 -------- d-----w- c:\program files\AIM
2009-09-24 19:06 . 2009-09-24 19:06 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-09-24 19:06 . 2009-09-24 19:06 -------- d-----w- c:\program files\Common Files\AOL
2009-09-20 05:30 . 2009-09-20 05:30 -------- d-----w- c:\program files\Vertical Life v1.5.5
2009-09-15 21:09 . 2009-09-06 23:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Ventrilo
2009-09-15 10:59 . 2009-08-18 22:25 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2009-08-18 22:25 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2009-08-18 22:25 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-08-18 22:25 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-08-18 22:25 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2009-08-18 22:25 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-08-18 22:25 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-08-18 22:25 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2009-08-18 22:25 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-11 14:18 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-06 23:02 . 2009-09-06 23:02 -------- d-----w- c:\program files\Ventrilo
2009-09-06 23:02 . 2009-09-06 23:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-04 21:44 . 2009-08-20 02:04 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 21:03 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 23:42 . 2009-09-27 17:57 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 23:42 . 2009-09-27 17:57 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 01:32 . 2009-08-28 01:16 157204 ----a-w- c:\windows\hphins26.dat
2009-08-26 08:00 . 2004-08-10 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 23:51 . 2009-08-07 23:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 23:51 . 2009-08-07 23:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-06 23:24 . 2009-06-26 21:13 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2009-06-26 21:13 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2009-06-26 21:13 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2008-10-16 18:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2009-06-26 21:13 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-10 11:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2009-06-26 21:13 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2009-06-26 21:13 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-10 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2005-03-30 01:21 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2005-03-30 01:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-08-19_19.38.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-26 00:49 . 2008-03-26 00:49 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80KOR.dll
+ 2008-03-26 00:49 . 2008-03-26 00:49 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80JPN.dll
+ 2008-03-26 00:49 . 2008-03-26 00:49 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ITA.dll
+ 2008-03-26 00:49 . 2008-03-26 00:49 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80FRA.dll
+ 2008-03-26 00:49 . 2008-03-26 00:49 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ESP.dll
+ 2008-03-26 00:49 . 2008-03-26 00:49 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ENU.dll
+ 2008-03-26 00:49 . 2008-03-26 00:49 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80DEU.dll
+ 2008-03-26 00:49 . 2008-03-26 00:49 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80CHT.dll
+ 2008-03-26 00:49 . 2008-03-26 00:49 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80CHS.dll
+ 2007-05-08 18:19 . 2007-05-08 18:19 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80u.dll
+ 2007-05-08 18:19 . 2007-05-08 18:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80.dll
+ 2007-09-12 15:23 . 2007-09-12 15:23 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85597b\ATL80.dll
+ 2009-10-31 04:55 . 2009-10-31 04:55 16384 c:\windows\Temp\Perflib_Perfdata_488.dat
+ 2009-08-20 02:04 . 2005-12-05 22:07 61136 c:\windows\system32\xinput9_1_0.dll
+ 2009-08-20 02:04 . 2007-04-04 22:53 81768 c:\windows\system32\xinput1_3.dll
+ 2009-08-20 02:04 . 2006-07-28 13:30 62744 c:\windows\system32\xinput1_2.dll
+ 2009-08-20 02:04 . 2006-03-31 16:39 62672 c:\windows\system32\xinput1_1.dll
+ 2009-08-20 02:04 . 2008-10-27 14:04 70992 c:\windows\system32\XAPOFX1_2.dll
+ 2009-08-20 02:04 . 2008-07-31 14:41 68616 c:\windows\system32\XAPOFX1_1.dll
+ 2009-08-20 02:04 . 2008-05-30 18:17 65032 c:\windows\system32\XAPOFX1_0.dll
+ 2009-08-20 02:04 . 2009-03-16 18:18 22360 c:\windows\system32\X3DAudio1_6.dll
+ 2009-08-20 02:04 . 2008-10-27 14:04 23376 c:\windows\system32\X3DAudio1_5.dll
+ 2009-08-20 02:04 . 2008-05-30 18:17 25608 c:\windows\system32\X3DAudio1_4.dll
+ 2009-08-20 02:04 . 2008-03-05 20:00 25608 c:\windows\system32\X3DAudio1_3.dll
+ 2009-08-20 02:04 . 2007-10-22 07:37 17928 c:\windows\system32\X3DAudio1_2.dll
+ 2009-08-20 02:04 . 2007-03-05 16:42 15128 c:\windows\system32\x3daudio1_1.dll
+ 2009-08-20 02:04 . 2006-02-03 12:41 14032 c:\windows\system32\x3daudio1_0.dll
+ 2009-06-26 22:53 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2009-08-28 01:16 . 2007-07-31 17:52 57344 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_d1500_seria502\hpuac5mu.dll
+ 2009-08-28 01:16 . 2007-07-31 17:52 57344 c:\windows\system32\spool\drivers\w32x86\3\hpuac5mu.dll
+ 2009-10-29 17:17 . 2009-08-06 23:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-29 17:17 . 2009-08-06 23:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
- 2004-08-10 11:00 . 2009-08-19 17:47 71060 c:\windows\system32\perfc009.dat
+ 2004-08-10 11:00 . 2009-10-31 04:59 71060 c:\windows\system32\perfc009.dat
- 2009-03-08 08:31 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 08:31 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-06-30 01:18 . 2009-08-29 05:32 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2009-06-30 01:18 . 2009-06-30 08:20 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2004-08-10 11:00 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-10 11:00 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll
+ 2009-09-27 17:57 . 2009-08-28 23:42 40448 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaapl.sys
+ 2009-09-27 17:57 . 2009-08-28 23:42 17408 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\netaapl.sys
+ 2009-09-27 18:01 . 2009-05-18 18:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2009-09-27 18:01 . 2009-05-18 18:17 26600 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-12-12 15:11 . 2008-12-12 15:11 61440 c:\windows\system32\dnssd.dll
+ 2008-12-12 15:18 . 2008-12-12 15:18 87336 c:\windows\system32\dns-sd.exe
+ 2009-06-27 17:08 . 2009-08-29 08:08 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-27 17:08 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-26 21:13 . 2009-08-06 23:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-06-26 21:13 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2009-07-29 07:25 . 2009-08-29 08:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-07-29 07:25 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2009-03-08 08:33 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 08:33 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-10 11:00 . 2009-08-06 23:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2009-08-19 19:42 . 2008-10-16 18:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-08-19 19:42 . 2008-04-14 09:42 13824 c:\windows\system32\dllcache\cache\wscntfy.exe
+ 2009-08-19 19:42 . 2008-04-14 09:42 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-08-19 19:42 . 2008-04-14 09:42 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-08-19 19:42 . 2008-04-14 09:42 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-08-19 19:42 . 2008-04-14 09:42 71680 c:\windows\system32\dllcache\cache\ssdpsrv.dll
+ 2009-08-19 19:42 . 2008-04-14 09:42 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-08-19 19:42 . 2008-04-14 09:42 59904 c:\windows\system32\dllcache\cache\regsvc.dll
+ 2009-08-19 19:42 . 2008-04-14 09:42 88576 c:\windows\system32\dllcache\cache\rasauto.dll
+ 2009-08-19 19:42 . 2008-04-14 09:42 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-08-19 19:42 . 2006-10-19 01:47 27136 c:\windows\system32\dllcache\cache\mspmsnsv.dll
+ 2009-08-19 19:42 . 2008-04-14 09:42 33792 c:\windows\system32\dllcache\cache\msgsvc.dll
+ 2009-08-19 19:42 . 2008-04-14 09:42 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-08-19 19:42 . 2008-04-14 09:41 22016 c:\windows\system32\dllcache\cache\lpk.dll
+ 2009-08-19 19:42 . 2008-04-14 04:09 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-08-19 19:42 . 2008-04-14 04:23 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-08-19 19:42 . 2008-04-14 09:41 56320 c:\windows\system32\dllcache\cache\eventlog.dll
+ 2009-08-19 19:42 . 2008-04-14 09:42 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-08-19 19:42 . 2008-04-14 09:41 62464 c:\windows\system32\dllcache\cache\cryptsvc.dll
+ 2009-08-19 19:42 . 2008-04-14 09:41 77824 c:\windows\system32\dllcache\cache\browser.dll
+ 2009-08-19 19:42 . 2008-04-14 04:27 14336 c:\windows\system32\dllcache\cache\asyncmac.sys
+ 2009-08-19 19:42 . 2004-08-10 11:00 11648 c:\windows\system32\dllcache\cache\acpiec.sys
+ 2009-08-19 13:32 . 2009-10-31 01:34 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-21 23:25 . 2009-10-21 23:15 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009102120091022\index.dat
+ 2009-08-19 13:32 . 2009-10-31 01:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-10 08:37 . 2009-08-19 13:30 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-08-10 08:37 . 2009-10-31 01:34 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-08-19 13:32 . 2009-10-31 01:34 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-06-24 23:56 . 2009-06-24 23:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 00:58 . 2007-04-14 00:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 01:30 . 2007-04-14 01:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-12-17 21:30 . 2009-06-24 16:56 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
+ 2007-12-17 21:29 . 2009-06-24 16:56 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
+ 2009-06-26 21:12 . 2009-06-24 02:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2009-06-26 21:12 . 2008-04-14 01:40 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2009-06-26 21:12 . 2008-04-14 01:40 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2009-06-26 21:12 . 2009-06-24 02:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2009-06-26 21:12 . 2009-06-24 02:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2009-06-26 21:12 . 2008-04-14 01:40 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2009-06-26 21:12 . 2008-04-14 01:40 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2009-06-26 21:12 . 2009-06-24 02:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2009-08-28 01:26 . 2009-08-28 01:26 25214 c:\windows\Installer\{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}\NewShortcut2_8CEA85DE955B4BF487F20BAA62821633.exe
+ 2009-08-28 01:26 . 2009-08-28 01:26 25214 c:\windows\Installer\{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}\NewShortcut1_8CEA85DE955B4BF487F20BAA62821633.exe
+ 2009-08-28 01:26 . 2009-08-28 01:26 25214 c:\windows\Installer\{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}\ARPPRODUCTICON.exe
+ 2009-08-28 01:25 . 2009-08-28 01:25 25214 c:\windows\Installer\{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}\NewShortcut11.E6275AC6_5F4F_4F0B_987B_C7E51AB63AA0.exe
+ 2009-08-28 01:25 . 2009-08-28 01:25 25214 c:\windows\Installer\{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}\NewShortcut1.E6275AC6_5F4F_4F0B_987B_C7E51AB63AA0.exe
+ 2009-10-24 06:46 . 2009-10-24 06:46 65536 c:\windows\Installer\{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
+ 2009-09-27 17:58 . 2009-09-27 17:58 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2009-08-28 01:26 . 2009-08-28 01:26 25214 c:\windows\Installer\{34BFB099-07B2-4E95-A673-7362D60866A2}\ARPPRODUCTICON.exe
+ 2009-09-27 18:00 . 2009-09-27 18:00 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2009-10-16 07:03 . 2009-07-03 17:09 12800 c:\windows\ie8updates\KB974455-IE8\xpshims.dll
+ 2009-10-16 07:03 . 2009-07-03 17:09 55296 c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll
+ 2009-10-16 07:03 . 2009-07-03 17:09 25600 c:\windows\ie8updates\KB974455-IE8\jsproxy.dll
+ 2009-10-16 07:01 . 2009-10-16 07:01 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b34a29cf\System.Drawing.Design.dll
+ 2009-10-16 07:01 . 2009-10-16 07:01 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_bbb4423c\CustomMarshalers.dll
+ 2009-10-16 07:00 . 2009-10-16 07:00 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_adcd09fa\System.Drawing.Design.dll
+ 2009-10-16 07:00 . 2009-10-16 07:00 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_e20380c3\CustomMarshalers.dll
+ 2009-10-16 07:05 . 2009-10-16 07:05 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2009-10-16 07:05 . 2009-10-16 07:05 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2009-10-16 07:04 . 2009-10-16 07:04 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2009-10-16 07:07 . 2009-10-16 07:07 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-09-10 07:08 . 2009-09-10 07:08 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
- 2009-06-27 16:55 . 2009-06-27 16:55 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
+ 2009-09-10 07:08 . 2009-09-10 07:08 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
- 2009-06-27 16:55 . 2009-06-27 16:55 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2009-10-31 03:58 . 2009-10-31 03:58 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-06-29 14:54 . 2009-06-29 14:54 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-10-31 03:58 . 2009-10-31 03:58 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-06-29 14:54 . 2009-06-29 14:54 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-09-10 07:08 . 2009-09-10 07:08 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
- 2009-06-27 16:55 . 2009-06-27 16:55 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
+ 2009-09-10 07:08 . 2009-09-10 07:08 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
- 2009-06-27 16:55 . 2009-06-27 16:55 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
- 2009-06-27 16:55 . 2009-06-27 16:55 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
+ 2009-09-10 07:08 . 2009-09-10 07:08 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
+ 2009-10-31 04:40 . 2009-10-31 04:40 49152 c:\windows\83F12F73D52E40C093B1463C311C4E17.TMP\WiseCustomCalla.dll
+ 2009-08-26 19:52 . 2008-10-23 10:06 62976 c:\windows\$NtUninstallKB970653-v3$\tzchange.exe
+ 2009-08-26 19:52 . 2009-07-16 04:14 14336 c:\windows\$NtUninstallKB970653-v3$\spuninst\tzchange.dll
+ 2009-09-10 07:00 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971961-IE8\update\spcustom.dll
+ 2009-09-10 07:00 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971961-IE8\spmsg.dll
+ 2009-09-10 07:00 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB956844\update\spcustom.dll
+ 2009-09-10 07:00 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB956844\spmsg.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-10-21 22:02 . 2009-10-21 23:39 3120 c:\windows\system32\Restore\rstrlog.dat
+ 2009-09-27 17:53 . 2001-08-18 02:36 5632 c:\windows\system32\ptpusb.dll
+ 2009-08-20 08:11 . 2005-01-02 03:43 4682 c:\windows\system32\npptNT2.sys
+ 2009-08-19 19:42 . 2008-04-14 09:42 5120 c:\windows\system32\dllcache\cache\sfc.dll
+ 2009-08-19 19:42 . 2004-08-10 11:00 2944 c:\windows\system32\dllcache\cache\null.sys
+ 2009-08-19 19:42 . 2004-08-10 11:00 4224 c:\windows\system32\dllcache\cache\beep.sys
- 2009-06-26 21:12 . 2007-12-17 21:28 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\ieexec.exe
+ 2009-06-26 21:12 . 2009-06-29 15:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2009-06-27 17:30 . 2009-06-27 17:30 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-06-27 17:30 . 2009-06-27 17:30 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-09-10 07:08 . 2009-09-10 07:08 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
- 2009-06-27 16:55 . 2009-06-27 16:55 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-05-08 18:19 . 2007-05-08 18:19 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcr80.dll
+ 2007-05-08 18:19 . 2007-05-08 18:19 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcp80.dll
+ 2007-05-08 18:19 . 2007-05-08 18:19 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcm80.dll
+ 2009-07-12 05:12 . 2009-07-12 05:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 05:09 . 2009-07-12 05:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 05:08 . 2009-07-12 05:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2007-09-18 19:01 . 2007-09-18 19:01 134144 c:\windows\system32\xlive\sqmapi.dll
+ 2009-08-20 02:04 . 2009-03-16 18:18 517448 c:\windows\system32\XAudio2_4.dll
+ 2009-08-20 02:04 . 2008-10-27 14:04 514384 c:\windows\system32\XAudio2_3.dll
+ 2009-08-20 02:04 . 2008-07-31 14:40 509448 c:\windows\system32\XAudio2_2.dll
+ 2009-08-20 02:04 . 2008-05-30 18:19 507400 c:\windows\system32\XAudio2_1.dll
+ 2009-08-20 02:04 . 2008-03-05 20:03 479752 c:\windows\system32\XAudio2_0.dll
+ 2009-08-20 02:04 . 2009-03-16 18:18 235352 c:\windows\system32\xactengine3_4.dll
+ 2009-08-20 02:04 . 2008-10-27 14:04 235856 c:\windows\system32\xactengine3_3.dll
+ 2009-08-20 02:04 . 2008-07-31 14:41 238088 c:\windows\system32\xactengine3_2.dll
+ 2009-08-20 02:04 . 2008-05-30 18:18 238088 c:\windows\system32\xactengine3_1.dll
+ 2009-08-20 02:04 . 2008-03-05 20:03 238088 c:\windows\system32\xactengine3_0.dll
+ 2009-08-20 02:04 . 2007-07-20 04:57 267112 c:\windows\system32\xactengine2_9.dll
+ 2009-08-20 02:04 . 2007-06-21 00:46 266088 c:\windows\system32\xactengine2_8.dll
+ 2009-08-20 02:04 . 2007-04-04 22:55 261480 c:\windows\system32\xactengine2_7.dll
+ 2009-08-20 02:04 . 2007-01-24 19:27 255848 c:\windows\system32\xactengine2_6.dll
+ 2009-08-20 02:04 . 2006-12-08 16:02 251672 c:\windows\system32\xactengine2_5.dll
+ 2009-08-20 02:04 . 2006-09-28 20:05 237848 c:\windows\system32\xactengine2_4.dll
+ 2009-08-20 02:04 . 2006-07-28 13:30 236824 c:\windows\system32\xactengine2_3.dll
+ 2009-08-20 02:04 . 2006-05-31 11:24 230168 c:\windows\system32\xactengine2_2.dll
+ 2009-08-20 02:04 . 2007-10-22 07:39 267272 c:\windows\system32\xactengine2_10.dll
+ 2009-08-20 02:04 . 2006-03-31 16:39 229584 c:\windows\system32\xactengine2_1.dll
+ 2009-08-20 02:04 . 2006-02-03 12:42 230096 c:\windows\system32\xactengine2_0.dll
+ 2004-08-10 11:00 . 2009-04-02 03:02 604160 c:\windows\system32\wmspdmod.dll
+ 2009-08-28 01:16 . 2007-10-20 22:21 278016 c:\windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
+ 2009-08-28 01:16 . 2007-03-09 14:03 761344 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_d1500_seria502\UNIRES.DLL
+ 2009-08-28 01:16 . 2007-03-09 14:03 740864 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_d1500_seria502\UNIDRVUI.DLL
+ 2009-08-28 01:16 . 2007-03-09 14:03 372736 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_d1500_seria502\UNIDRV.DLL
+ 2009-08-28 01:16 . 2007-10-20 22:19 674816 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_d1500_seria502\hpzss5mu.dll
+ 2009-08-28 01:16 . 2007-10-20 22:22 302592 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_d1500_seria502\hpzpr5mu.dll
+ 2009-08-28 01:16 . 2007-10-20 22:21 783872 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_d1500_seria502\hpzle5mu.dll
+ 2009-08-28 01:16 . 2007-10-20 22:22 790528 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_d1500_seria502\hpzev5mu.dll
+ 2009-08-28 01:16 . 2007-10-20 22:25 235008 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_d1500_seria502\hpzc35mu.dll
+ 2009-08-28 01:16 . 2007-10-20 22:14 977920 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_d1500_seria502\hpz3c5mu.dll
+ 2009-08-28 01:16 . 2007-06-29 15:56 113664 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_d1500_seria502\hpfrs5mu.dll
+ 2009-08-28 01:16 . 2007-08-10 14:06 356352 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_d1500_seria502\hpfig5mu.dll
+ 2009-08-28 01:16 . 2007-06-29 15:55 326144 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_d1500_seria502\hpfie5mu.dll
+ 2009-08-28 01:16 . 2006-11-30 15:14 671816 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_d1500_seria502\hpcdmc32.dll
+ 2009-08-28 01:16 . 2007-10-20 22:19 674816 c:\windows\system32\spool\drivers\w32x86\3\hpzss5mu.dll
+ 2009-08-28 01:16 . 2007-10-20 22:22 302592 c:\windows\system32\spool\drivers\w32x86\3\hpzpr5mu.dll
+ 2009-08-28 01:16 . 2007-10-20 22:21 783872 c:\windows\system32\spool\drivers\w32x86\3\hpzle5mu.dll
+ 2009-08-28 01:16 . 2007-10-20 22:22 790528 c:\windows\system32\spool\drivers\w32x86\3\hpzev5mu.dll
+ 2009-08-28 01:16 . 2007-10-20 22:25 235008 c:\windows\system32\spool\drivers\w32x86\3\hpzc35mu.dll
+ 2009-08-28 01:16 . 2007-10-20 22:14 977920 c:\windows\system32\spool\drivers\w32x86\3\hpz3c5mu.dll
+ 2009-08-28 01:16 . 2007-06-29 15:56 113664 c:\windows\system32\spool\drivers\w32x86\3\hpfrs5mu.dll
+ 2009-08-28 01:16 . 2007-08-10 14:06 356352 c:\windows\system32\spool\drivers\w32x86\3\hpfig5mu.dll
+ 2009-08-28 01:16 . 2007-06-29 15:55 326144 c:\windows\system32\spool\drivers\w32x86\3\hpfie5mu.dll
+ 2009-08-28 01:16 . 2006-11-30 15:14 671816 c:\windows\system32\spool\drivers\w32x86\3\hpcdmc32.dll
+ 2009-09-27 17:53 . 2008-04-14 09:42 159232 c:\windows\system32\ptpusd.dll
+ 2004-08-10 11:00 . 2009-10-31 04:59 441124 c:\windows\system32\perfh009.dat
- 2004-08-10 11:00 . 2009-08-19 17:47 441124 c:\windows\system32\perfh009.dat
- 2004-08-10 11:00 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
+ 2004-08-10 11:00 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll
+ 2009-03-08 08:32 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll
- 2009-03-08 08:32 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-10-20 00:37 . 2007-10-20 00:37 190072 c:\windows\system32\Macromed\Flash\FlashUtil9b.exe
+ 2004-08-10 11:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
- 2004-08-10 11:00 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2009-10-22 01:20 . 2009-07-31 19:23 149280 c:\windows\system32\javaws.exe
- 2009-08-18 21:25 . 2009-07-25 09:23 149280 c:\windows\system32\javaws.exe
- 2009-08-18 21:25 . 2009-07-25 09:23 145184 c:\windows\system32\javaw.exe
+ 2009-10-22 01:20 . 2009-07-31 19:23 145184 c:\windows\system32\javaw.exe
+ 2009-10-22 01:20 . 2009-07-31 19:23 145184 c:\windows\system32\java.exe
- 2009-08-18 21:25 . 2009-07-25 09:23 145184 c:\windows\system32\java.exe
+ 2006-03-04 03:33 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll
- 2006-03-04 03:33 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 11:00 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-10 11:00 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe
- 2004-08-10 11:00 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
+ 2009-08-28 01:16 . 2007-10-20 22:25 117760 c:\windows\system32\hpzll5mu.dll
+ 2009-08-28 01:16 . 2007-11-08 14:59 271704 c:\windows\system32\hpzids01.dll
+ 2009-09-27 18:01 . 2008-04-17 17:12 107368 c:\windows\system32\GEARAspi.dll
+ 2009-08-28 01:23 . 2007-11-08 14:59 271704 c:\windows\system32\DRVSTORE\hpd1500a_02DD6E10833EA64367992C9570AD6B04D82C3CCE\hpzids01.dll
+ 2009-09-27 18:01 . 2008-04-17 17:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2009-06-26 21:13 . 2009-08-06 23:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2009-06-26 21:13 . 2009-08-06 23:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2009-06-26 21:13 . 2009-08-06 23:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2004-08-10 11:00 . 2009-04-02 03:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2009-03-08 08:34 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-09-10 02:19 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll
- 2004-08-10 11:00 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-10 11:00 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
- 2009-03-08 08:34 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 08:34 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-07-29 07:25 . 2009-08-29 08:08 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-07-29 07:25 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2008-05-09 10:53 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
- 2009-06-27 17:08 . 2009-07-03 17:09 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-27 17:08 . 2009-08-29 08:08 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-03-08 08:31 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-03-08 08:31 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 18:09 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 08:32 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 08:32 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-08-19 19:42 . 2008-04-14 09:42 129024 c:\windows\system32\dllcache\cache\xmlprov.dll
+ 2009-08-19 19:42 . 2008-04-14 09:42 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-08-19 19:42 . 2009-07-03 17:09 915456 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-08-19 19:42 . 2008-04-14 09:42 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-08-19 19:42 . 2008-04-14 09:42 185856 c:\windows\system32\dllcache\cache\upnphost.dll
+ 2009-08-19 19:42 . 2008-04-14 09:42 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-08-19 19:42 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-08-19 19:42 . 2008-04-14 09:42 249856 c:\windows\system32\dllcache\cache\tapisrv.dll
+ 2009-08-19 19:42 . 2008-04-14 09:42 171008 c:\windows\system32\dllcache\cache\srsvc.dll
+ 2009-08-19 19:42 . 2008-04-14 09:42 135168 c:\windows\system32\dllcache\cache\shsvcs.dll
+ 2009-08-19 19:42 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-08-19 19:42 . 2008-04-14 09:42 192512 c:\windows\system32\dllcache\cache\schedsvc.dll
+ 2009-08-19 19:42 . 2008-04-14 09:42 181248 c:\windows\system32\dllcache\cache\scecli.dll
+ 2009-08-19 19:42 . 2009-02-09 12:10 401408 c:\windows\system32\dllcache\cache\rpcss.dll
+ 2009-08-19 19:42 . 2008-04-14 09:42 409088 c:\windows\system32\dllcache\cache\qmgr.dll
+ 2009-08-19 19:42 . 2008-04-14 09:42 435200 c:\windows\system32\dllcache\cache\ntmssvc.dll
+ 2009-08-19 19:42 . 2008-04-14 04:45 574976 c:\windows\system32\dllcache\cache\ntfs.sys
+ 2009-08-19 19:42 . 2008-04-14 09:42 198144 c:\windows\system32\dllcache\cache\netman.dll
+ 2009-08-19 19:42 . 2008-04-14 09:42 407040 c:\windows\system32\dllcache\cache\netlogon.dll
+ 2009-08-19 19:42 . 2008-04-14 04:50 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-08-19 19:42 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\cache\mswsock.dll
+ 2009-08-19 19:42 . 2008-04-14 09:41 927504 c:\windows\system32\dllcache\cache\mfc40u.dll
+ 2009-08-19 19:42 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-08-19 19:42 . 2008-04-14 09:41 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-08-19 19:42 . 2008-07-07 20:26 253952 c:\windows\system32\dllcache\cache\es.dll
+ 2009-08-19 19:42 . 2008-04-14 09:41 792064 c:\windows\system32\dllcache\cache\comres.dll
+ 2009-08-19 19:42 . 2008-04-14 09:41 617472 c:\windows\system32\dllcache\cache\comctl32.dll
+ 2009-08-19 19:42 . 2008-04-14 02:09 142592 c:\windows\system32\dllcache\cache\aec.sys
- 2009-06-29 14:05 . 2009-07-25 09:23 411368 c:\windows\system32\deploytk.dll
+ 2009-06-29 14:05 . 2009-07-31 19:23 411368 c:\windows\system32\deploytk.dll
+ 2009-08-20 02:04 . 2009-03-09 19:27 453456 c:\windows\system32\d3dx10_41.dll
+ 2009-08-20 02:04 . 2008-10-15 10:22 452440 c:\windows\system32\d3dx10_40.dll
+ 2009-08-20 02:04 . 2008-07-12 12:18 467984 c:\windows\system32\d3dx10_39.dll
+ 2009-08-20 02:04 . 2008-05-30 18:11 467984 c:\windows\system32\d3dx10_38.dll
+ 2009-08-20 02:04 . 2008-02-06 03:07 462864 c:\windows\system32\d3dx10_37.dll
+ 2009-08-20 02:04 . 2007-10-02 13:56 444776 c:\windows\system32\d3dx10_36.dll
+ 2009-08-20 02:04 . 2007-07-19 22:14 444776 c:\windows\system32\d3dx10_35.dll
+ 2009-08-20 02:04 . 2007-05-16 20:45 443752 c:\windows\system32\d3dx10_34.dll
+ 2009-08-20 02:04 . 2007-03-15 20:57 443752 c:\windows\system32\d3dx10_33.dll
+ 2007-08-22 20:34 . 2007-08-22 20:34 287256 c:\windows\system32\AbaleZip.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2007-04-14 00:58 . 2007-04-14 00:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 00:56 . 2007-04-14 00:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2007-04-14 01:30 . 2007-04-14 01:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2009-06-26 21:12 . 2004-07-19 22:54 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2009-06-26 21:12 . 2009-06-24 01:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2009-06-26 21:12 . 2009-06-24 02:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
- 2009-06-26 21:12 . 2008-04-14 01:40 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2009-08-20 02:04 . 2006-03-31 15:27 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-20 02:04 . 2006-02-03 11:40 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-20 02:04 . 2005-12-05 21:20 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-20 02:04 . 2005-09-28 18:11 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-20 02:04 . 2005-05-26 19:15 576000 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-20 02:04 . 2005-03-18 21:23 567296 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-20 02:04 . 2005-02-05 23:32 563712 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-24 19:06 . 2009-09-24 19:06 122880 c:\windows\Installer\f21f184.msi
+ 2009-10-31 04:20 . 2009-10-31 04:20 782336 c:\windows\Installer\8b89ef.msi
+ 2009-09-01 01:15 . 2009-09-01 01:15 114176 c:\windows\Installer\7dca002.msi
+ 2009-10-24 06:48 . 2009-10-24 06:48 444416 c:\windows\Installer\59ef572.msi
+ 2009-10-24 06:47 . 2009-10-24 06:47 613376 c:\windows\Installer\59ef56a.msi
+ 2009-10-24 06:46 . 2009-10-24 06:46 550912 c:\windows\Installer\59ef538.msi
+ 2009-10-24 06:41 . 2009-10-24 06:41 816640 c:\windows\Installer\59ef520.msi
+ 2009-10-29 18:11 . 2009-10-29 18:11 847360 c:\windows\Installer\4510603.msi
+ 2009-10-29 17:39 . 2009-10-29 17:39 827904 c:\windows\Installer\431fb6f.msi
+ 2009-08-28 01:32 . 2009-08-28 01:32 324608 c:\windows\Installer\217a4.msi
+ 2009-08-28 01:32 . 2009-08-28 01:32 301568 c:\windows\Installer\2179e.msi
+ 2009-08-28 01:31 . 2009-08-28 01:31 635392 c:\windows\Installer\21799.msi
+ 2009-08-28 01:26 . 2009-08-28 01:26 312320 c:\windows\Installer\200fb63a.msi
+ 2009-08-28 01:26 . 2009-08-28 01:26 510976 c:\windows\Installer\200fb635.msi
+ 2009-08-28 01:26 . 2009-08-28 01:26 988160 c:\windows\Installer\200fb630.msi
+ 2009-08-28 01:25 . 2009-08-28 01:25 375808 c:\windows\Installer\200fb623.msi
+ 2009-08-28 01:25 . 2009-08-28 01:25 691712 c:\windows\Installer\200fb61d.msi
+ 2009-08-28 01:25 . 2009-08-28 01:25 596480 c:\windows\Installer\200fb618.msi
+ 2009-08-28 01:25 . 2009-08-28 01:25 121344 c:\windows\Installer\200fb610.msi
+ 2009-08-28 01:24 . 2009-08-28 01:24 121344 c:\windows\Installer\200fb5f6.msi
+ 2009-08-28 01:24 . 2009-08-28 01:24 367616 c:\windows\Installer\200fb5f1.msi
+ 2009-08-28 01:24 . 2009-08-28 01:24 748544 c:\windows\Installer\200fb5ec.msi
+ 2009-08-28 01:24 . 2009-08-28 01:24 634880 c:\windows\Installer\200fb5df.msi
+ 2009-08-28 01:24 . 2009-08-28 01:24 121344 c:\windows\Installer\200fb5da.msi
+ 2009-08-28 01:24 . 2009-08-28 01:24 305152 c:\windows\Installer\200fb5d5.msi
+ 2009-08-28 01:24 . 2009-08-28 01:24 591360 c:\windows\Installer\200fb5d0.msi
+ 2009-08-28 01:24 . 2009-08-28 01:24 519680 c:\windows\Installer\200fb5cb.msi
+ 2009-08-28 01:23 . 2009-08-28 01:23 432640 c:\windows\Installer\200fb5c6.msi
+ 2009-08-28 01:23 . 2009-08-28 01:23 326144 c:\windows\Installer\200fb5bd.msi
+ 2009-08-28 01:23 . 2009-08-28 01:23 501248 c:\windows\Installer\200fb5b8.msi
+ 2009-09-27 17:58 . 2009-09-27 17:58 694272 c:\windows\Installer\1e55a667.msi
+ 2009-09-06 23:02 . 2009-09-06 23:02 683520 c:\windows\Installer\10565f83.msi
+ 2009-10-02 00:29 . 2009-10-02 00:29 216358 c:\windows\Installer\{E48469CC-635E-4FD5-A122-1497C286D217}\ARPPRODUCTICON.exe
+ 2009-09-27 18:01 . 2009-09-27 18:01 102400 c:\windows\Installer\{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}\iTunesIco.exe
+ 2009-10-24 06:41 . 2009-10-24 06:41 102400 c:\windows\Installer\{818ABC3C-635C-4651-8183-D0E9640B7DD1}\NewShortcut1_47F36D92E58E456DB73C3382737E4C42.exe
+ 2009-10-16 07:03 . 2009-07-03 17:09 915456 c:\windows\ie8updates\KB974455-IE8\wininet.dll
+ 2009-10-16 07:03 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll
+ 2009-10-16 07:03 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe
+ 2009-10-16 07:03 . 2009-07-03 17:09 206848 c:\windows\ie8updates\KB974455-IE8\occache.dll
+ 2009-10-16 07:03 . 2009-07-03 17:09 594432 c:\windows\ie8updates\KB974455-IE8\msfeeds.dll
+ 2009-10-16 07:03 . 2009-07-03 17:09 246272 c:\windows\ie8updates\KB974455-IE8\ieproxy.dll
+ 2009-10-16 07:03 . 2009-07-03 17:09 184320 c:\windows\ie8updates\KB974455-IE8\iepeers.dll
+ 2009-10-16 07:03 . 2009-07-03 17:09 386048 c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll
+ 2009-10-16 07:03 . 2009-07-03 11:01 173056 c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe
+ 2009-09-10 07:00 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-09-10 07:00 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-09-10 07:00 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2009-06-26 21:11 . 2009-08-18 14:55 179712 c:\windows\ehome\ehkeyctl.dll
+ 2009-10-16 07:01 . 2009-10-16 07:01 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f03079c6\System.Drawing.dll
+ 2009-10-16 07:01 . 2009-10-16 07:01 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_fb5de9d2\System.Drawing.Design.dll
+ 2009-10-16 07:01 . 2009-10-16 07:01 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_ae37828a\CustomMarshalers.dll
+ 2009-10-16 07:00 . 2009-10-16 07:00 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_60ede542\System.Drawing.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2009-10-16 07:05 . 2009-10-16 07:05 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2009-10-16 07:05 . 2009-10-16 07:05 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2009-10-16 07:05 . 2009-10-16 07:05 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2009-10-16 07:05 . 2009-10-16 07:05 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2009-10-16 07:07 . 2009-10-16 07:07 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2009-10-16 07:05 . 2009-10-16 07:05 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2009-10-16 07:05 . 2009-10-16 07:05 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2009-10-16 07:05 . 2009-10-16 07:05 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2009-10-16 07:05 . 2009-10-16 07:05 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2009-10-16 07:07 . 2009-10-16 07:07 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2009-10-16 07:07 . 2009-10-16 07:07 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-06-27 17:29 . 2009-06-27 17:29 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-31 03:58 . 2009-10-31 03:58 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-06-29 14:54 . 2009-06-29 14:54 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-10-31 03:58 . 2009-10-31 03:58 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-06-29 14:54 . 2009-06-29 14:54 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-10-31 03:58 . 2009-10-31 03:58 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-06-29 14:54 . 2009-06-29 14:54 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-10-31 03:58 . 2009-10-31 03:58 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-06-29 14:54 . 2009-06-29 14:54 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-06-29 14:54 . 2009-06-29 14:54 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-10-31 03:58 . 2009-10-31 03:58 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-10-31 03:58 . 2009-10-31 03:58 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-31 03:58 . 2009-10-31 03:58 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-31 03:58 . 2009-10-31 03:58 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-31 03:58 . 2009-10-31 03:58 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-29 14:54 . 2009-06-29 14:54 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-31 03:58 . 2009-10-31 03:58 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-31 03:58 . 2009-10-31 03:58 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-31 03:58 . 2009-10-31 03:58 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-31 03:58 . 2009-10-31 03:58 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-31 03:58 . 2009-10-31 03:58 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-06-29 14:54 . 2009-06-29 14:54 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-09-10 07:08 . 2009-09-10 07:08 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
- 2009-06-27 16:55 . 2009-06-27 16:55 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
+ 2009-09-10 07:08 . 2009-09-10 07:08 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
- 2009-06-27 16:55 . 2009-06-27 16:55 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
- 2009-06-27 16:55 . 2009-06-27 16:55 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
+ 2009-09-10 07:08 . 2009-09-10 07:08 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
+ 2009-09-10 07:08 . 2009-09-10 07:08 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
- 2009-06-27 16:55 . 2009-06-27 16:55 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
- 2009-06-27 17:52 . 2009-06-27 17:52 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiplay.dll
+ 2009-09-10 07:08 . 2009-09-10 07:08 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
+ 2009-09-10 07:08 . 2009-09-10 07:08 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
- 2009-06-27 16:55 . 2009-06-27 16:55 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
- 2009-06-27 16:55 . 2009-06-27 16:55 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
+ 2009-09-10 07:08 . 2009-09-10 07:08 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
- 2009-06-27 16:55 . 2009-06-27 16:55 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
+ 2009-09-10 07:08 . 2009-09-10 07:08 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
- 2009-06-27 17:52 . 2009-06-27 17:52 868352 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2009-09-10 07:08 . 2009-09-10 07:08 868352 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
- 2009-06-27 16:55 . 2009-06-27 16:55 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
+ 2009-09-10 07:08 . 2009-09-10 07:08 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
- 2009-06-27 16:55 . 2009-06-27 16:55 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
+ 2009-09-10 07:08 . 2009-09-10 07:08 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
+ 2009-09-10 07:08 . 2009-09-10 07:08 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
- 2009-06-27 16:55 . 2009-06-27 16:55 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
+ 2009-10-31 04:40 . 2009-10-31 04:40 121416 c:\windows\83F12F73D52E40C093B1463C311C4E17.TMP\WiseCustomCalla3.dll
+ 2009-09-10 07:00 . 2008-05-06 20:16 382840 c:\windows\$NtUninstallKB973768$\spuninst\updspapi.dll
+ 2009-09-10 07:00 . 2008-05-06 20:16 231288 c:\windows\$NtUninstallKB973768$\spuninst\spuninst.exe
+ 2009-09-10 07:00 . 2006-10-09 20:18 178176 c:\windows\$NtUninstallKB973768$\ehkeyctl.dll
+ 2009-08-26 19:52 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB970653-v3$\spuninst\updspapi.dll
+ 2009-08-26 19:52 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB970653-v3$\spuninst\spuninst.exe
+ 2009-09-10 07:00 . 2007-07-27 14:41 382840 c:\windows\$NtUninstallKB968816_WM9$\spuninst\updspapi.dll
+ 2009-09-10 07:00 . 2007-07-27 14:41 231288 c:\windows\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe
+ 2009-09-10 07:00 . 2008-04-14 09:42 153088 c:\windows\$NtUninstallKB956844$\triedit.dll
+ 2009-09-10 07:00 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB956844$\spuninst\updspapi.dll
+ 2009-09-10 07:00 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB956844$\spuninst\spuninst.exe
+ 2009-09-10 07:00 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB971961-IE8\update\updspapi.dll
+ 2009-09-10 07:00 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB971961-IE8\update\update.exe
+ 2009-09-10 07:00 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971961-IE8\spuninst.exe
+ 2009-09-10 02:19 . 2009-06-22 06:47 726528 c:\windows\$hf_mig$\KB971961-IE8\SP3QFE\jscript.dll
+ 2009-09-10 07:00 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB956844\update\updspapi.dll
+ 2009-09-10 07:00 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB956844\update\update.exe
+ 2009-09-10 07:00 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB956844\spuninst.exe
+ 2009-09-10 02:19 . 2009-06-21 21:49 153088 c:\windows\$hf_mig$\KB956844\SP3QFE\triedit.dll
+ 2009-10-16 05:55 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2007-05-08 18:19 . 2007-05-08 18:19 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80u.dll
+ 2007-05-08 18:19 . 2007-05-08 18:19 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80.dll
+ 2004-08-10 11:00 . 2009-05-20 08:56 2458112 c:\windows\system32\WMVCore.dll
- 2004-08-10 11:00 . 2008-06-18 09:03 2458112 c:\windows\system32\WMVCore.dll
- 2006-03-18 11:09 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2006-03-18 11:09 . 2009-08-29 08:08 1208832 c:\windows\system32\urlmon.dll
+ 2009-08-28 01:16 . 2007-10-20 22:13 1176576 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_d1500_seria502\hpzur5mu.dll
+ 2009-08-28 01:16 . 2007-10-20 22:22 3354112 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_d1500_seria502\hpzui5mu.dll
+ 2009-08-28 01:16 . 2007-10-20 22:33 6312448 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_d1500_seria502\hpzst5mu.dll
+ 2009-08-28 01:16 . 2007-10-20 22:24 5193728 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_d1500_seria502\hpzla5mu.dll
+ 2009-08-28 01:16 . 2007-10-20 22:25 1789440 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_d1500_seria502\hpz3r5mu.dll
+ 2009-08-28 01:16 . 2007-09-14 17:52 3019264 c:\windows\system32\spool\drivers\w32x86\hpdeskjet_d1500_seria502\hpbcfgre.dll
+ 2009-08-28 01:16 . 2007-10-20 22:13 1176576 c:\windows\system32\spool\drivers\w32x86\3\hpzur5mu.dll
+ 2009-08-28 01:16 . 2007-10-20 22:22 3354112 c:\windows\system32\spool\drivers\w32x86\3\hpzui5mu.dll
+ 2009-08-28 01:16 . 2007-10-20 22:33 6312448 c:\windows\system32\spool\drivers\w32x86\3\hpzst5mu.dll
+ 2009-08-28 01:16 . 2007-10-20 22:24 5193728 c:\windows\system32\spool\drivers\w32x86\3\hpzla5mu.dll
+ 2009-08-28 01:16 . 2007-10-20 22:25 1789440 c:\windows\system32\spool\drivers\w32x86\3\hpz3r5mu.dll
+ 2009-08-28 01:16 . 2007-09-14 17:52 3019264 c:\windows\system32\spool\drivers\w32x86\3\hpbcfgre.dll
+ 2004-08-10 11:00 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
- 2004-08-10 11:00 . 2008-04-14 09:42 1435648 c:\windows\system32\query.dll
+ 2007-08-27 19:41 . 2007-08-27 19:41 1089440 c:\windows\system32\msidcrl40.dll
+ 2006-03-23 17:32 . 2009-08-29 08:08 5940224 c:\windows\system32\mshtml.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2009-03-08 08:32 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
+ 2009-03-08 08:32 . 2009-08-29 08:08 1985536 c:\windows\system32\iertutil.dll
+ 2009-06-26 16:23 . 2009-10-15 18:59 1987768 c:\windows\system32\FNTCACHE.DAT
+ 2009-09-27 17:57 . 2009-08-28 23:42 2065696 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaaplrc.dll
+ 2009-09-27 17:57 . 2009-08-28 23:42 1417504 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dll
+ 2009-06-26 21:13 . 2009-08-06 23:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
- 2004-08-10 11:00 . 2008-06-18 09:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-10 11:00 . 2009-05-20 08:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-03-08 08:34 . 2009-08-29 08:08 1208832 c:\windows\system32\dllcache\urlmon.dll
- 2009-03-08 08:34 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
+ 2009-06-26 22:16 . 2009-08-05 00:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-06-26 22:16 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-06-26 22:16 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-02-07 23:02 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-02-07 23:02 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-06-26 22:16 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-06-26 22:16 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-03-08 08:41 . 2009-08-29 08:08 5940224 c:\windows\system32\dllcache\mshtml.dll
+ 2009-06-27 17:08 . 2009-08-29 08:08 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2009-06-27 17:08 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-08-19 19:42 . 2008-04-14 09:42 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-08-19 19:42 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-08-19 19:42 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-08-19 19:42 . 2009-07-19 13:18 5937152 c:\windows\system32\dllcache\cache\mshtml.dll
+ 2009-08-19 19:42 . 2008-04-14 09:42 1033728 c:\windows\system32\dllcache\cache\explorer.exe
+ 2009-08-20 02:04 . 2009-03-09 19:27 4178264 c:\windows\system32\D3DX9_41.dll
+ 2009-08-20 02:04 . 2008-10-15 10:22 4379984 c:\windows\system32\D3DX9_40.dll
+ 2009-08-20 02:04 . 2008-07-12 12:18 3851784 c:\windows\system32\D3DX9_39.dll
+ 2009-08-20 02:04 . 2008-05-30 18:11 3850760 c:\windows\system32\D3DX9_38.dll
+ 2009-08-20 02:04 . 2008-03-05 19:56 3786760 c:\windows\system32\D3DX9_37.dll
+ 2009-08-20 02:04 . 2007-10-12 19:14 3734536 c:\windows\system32\d3dx9_36.dll
+ 2009-08-20 02:04 . 2007-07-19 22:14 3727720 c:\windows\system32\d3dx9_35.dll
+ 2009-08-20 02:04 . 2007-05-16 20:45 3497832 c:\windows\system32\d3dx9_34.dll
+ 2009-08-20 02:04 . 2007-03-12 20:42 3495784 c:\windows\system32\d3dx9_33.dll
+ 2009-08-20 02:04 . 2006-11-29 17:06 3426072 c:\windows\system32\d3dx9_32.dll
+ 2009-08-20 02:04 . 2006-09-28 20:05 2414360 c:\windows\system32\d3dx9_31.dll
+ 2009-08-20 02:04 . 2006-03-31 16:40 2388176 c:\windows\system32\d3dx9_30.dll
+ 2009-08-20 02:04 . 2006-02-03 12:43 2332368 c:\windows\system32\d3dx9_29.dll
+ 2009-08-20 02:04 . 2005-12-05 22:09 2323664 c:\windows\system32\d3dx9_28.dll
+ 2009-08-20 02:04 . 2005-05-26 19:34 2297552 c:\windows\system32\d3dx9_26.dll
+ 2009-08-20 02:04 . 2005-03-18 21:19 2337488 c:\windows\system32\d3dx9_25.dll
+ 2009-08-20 02:04 . 2005-02-05 23:45 2222800 c:\windows\system32\d3dx9_24.dll
+ 2009-08-20 02:04 . 2009-03-09 19:27 1846632 c:\windows\system32\D3DCompiler_41.dll
+ 2009-08-20 02:04 . 2008-10-15 10:22 2036576 c:\windows\system32\D3DCompiler_40.dll
+ 2009-08-20 02:04 . 2008-07-12 12:18 1493528 c:\windows\system32\D3DCompiler_39.dll
+ 2009-08-20 02:04 . 2008-05-30 18:11 1491992 c:\windows\system32\D3DCompiler_38.dll
+ 2009-08-20 02:04 . 2008-03-05 19:56 1420824 c:\windows\system32\D3DCompiler_37.dll
+ 2009-08-20 02:04 . 2007-10-12 19:14 1374232 c:\windows\system32\D3DCompiler_36.dll
+ 2009-08-20 02:04 . 2007-07-19 22:14 1358192 c:\windows\system32\D3DCompiler_35.dll
+ 2009-08-20 02:04 . 2007-05-16 20:45 1124720 c:\windows\system32\D3DCompiler_34.dll
+ 2009-08-20 02:04 . 2007-03-12 20:42 1123696 c:\windows\system32\D3DCompiler_33.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2008-11-25 08:59 . 2008-11-25 08:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 00:50 . 2007-04-14 00:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-06-26 21:12 . 2009-06-29 15:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2009-06-26 21:12 . 2007-12-17 21:30 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\system.web.dll
+ 2009-06-26 21:12 . 2009-06-24 02:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2009-06-26 21:12 . 2007-12-17 21:29 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2009-06-26 21:12 . 2009-06-24 02:00 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2009-06-26 21:12 . 2007-12-17 21:28 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2009-06-26 21:12 . 2009-06-29 15:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
- 2009-06-26 21:12 . 2007-12-17 21:28 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2009-08-20 02:04 . 2004-12-01 19:53 2846720 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-20 02:04 . 2004-09-29 16:38 2676224 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-27 18:01 . 2009-09-27 18:01 4405248 c:\windows\Installer\1e55a8f9.msi
+ 2009-09-27 18:00 . 2009-09-27 18:00 1659392 c:\windows\Installer\1e55a8f5.msi
+ 2009-09-27 18:00 . 2009-09-27 18:00 9013760 c:\windows\Installer\1e55a8f0.msi
+ 2009-09-27 17:58 . 2009-09-27 17:58 1549312 c:\windows\Installer\1e55a662.msi
+ 2009-09-27 17:58 . 2009-09-27 17:58 3310592 c:\windows\Installer\1e55a65d.msi
+ 2009-10-02 00:29 . 2009-10-02 00:29 8742400 c:\windows\Installer\14c1f9d1.msi
+ 2009-10-16 07:03 . 2009-07-03 17:09 1208832 c:\windows\ie8updates\KB974455-IE8\urlmon.dll
+ 2009-10-16 07:03 . 2009-07-19 13:18 5937152 c:\windows\ie8updates\KB974455-IE8\mshtml.dll
+ 2009-10-16 07:03 . 2009-07-03 17:09 1985536 c:\windows\ie8updates\KB974455-IE8\iertutil.dll
+ 2009-10-24 06:41 . 2009-10-24 06:41 1728512 c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{EC391058-A292-41C5-92C7-95C5A09793B8}\HP Update.msi
+ 2009-06-26 22:16 . 2009-08-05 00:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-06-26 22:16 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-06-26 22:16 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-07 23:02 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-07 23:02 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-06-26 22:16 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-06-26 22:16 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-10-16 07:01 . 2009-10-16 07:01 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_3848a604\System.dll
+ 2009-10-16 07:01 . 2009-10-16 07:01 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_3794e62d\System.dll
+ 2009-10-16 07:01 . 2009-10-16 07:01 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_c2eca1a4\System.Xml.dll
+ 2009-10-16 07:01 . 2009-10-16 07:01 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_74dd18fe\System.Xml.dll
+ 2009-10-16 07:01 . 2009-10-16 07:01 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_c2472e63\System.Windows.Forms.dll
+ 2009-10-16 07:01 . 2009-10-16 07:01 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6eda9d0f\System.Windows.Forms.dll
+ 2009-10-16 07:01 . 2009-10-16 07:01 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_7f6f7b3e\System.Drawing.dll
+ 2009-10-16 07:01 . 2009-10-16 07:01 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_92c9ba3a\System.Design.dll
+ 2009-10-16 07:01 . 2009-10-16 07:01 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_4b14c49c\System.Design.dll
+ 2009-10-16 07:01 . 2009-10-16 07:01 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4dd13fa9\mscorlib.dll
+ 2009-10-16 07:01 . 2009-10-16 07:01 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_254fd97a\mscorlib.dll
+ 2009-10-16 07:00 . 2009-10-16 07:00 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_f0ba0162\System.dll
+ 2009-10-16 07:00 . 2009-10-16 07:00 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_210e2f97\System.Xml.dll
+ 2009-10-16 07:00 . 2009-10-16 07:00 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_e2669f13\System.Windows.Forms.dll
+ 2009-10-16 07:00 . 2009-10-16 07:00 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_2b0eedbb\System.Design.dll
+ 2009-10-16 07:00 . 2009-10-16 07:00 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_8ee955b5\mscorlib.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2009-10-16 07:05 . 2009-10-16 07:05 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2009-10-16 07:05 . 2009-10-16 07:05 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2009-10-16 07:05 . 2009-10-16 07:05 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2009-10-16 07:05 . 2009-10-16 07:05 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2009-10-16 07:05 . 2009-10-16 07:05 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2009-10-16 07:05 . 2009-10-16 07:05 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2009-10-16 07:05 . 2009-10-16 07:05 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2009-10-16 07:05 . 2009-10-16 07:05 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2009-10-16 07:05 . 2009-10-16 07:05 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2009-10-16 07:05 . 2009-10-16 07:05 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-06-27 17:29 . 2009-06-27 17:29 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-06-27 17:30 . 2009-06-27 17:30 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-06-27 17:04 . 2009-06-27 17:04 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-10-16 07:01 . 2009-10-16 07:01 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-10-16 07:01 . 2009-10-16 07:01 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-06-27 17:04 . 2009-06-27 17:04 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-16 07:00 . 2009-10-16 07:00 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-06-26 21:12 . 2009-06-26 21:12 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-31 03:58 . 2009-10-31 03:58 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-31 03:58 . 2009-10-31 03:58 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-10 07:08 . 2009-09-10 07:08 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
- 2009-06-27 17:52 . 2009-06-27 17:52 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\ehcm.dll
+ 2009-09-10 07:00 . 2008-06-18 09:03 2458112 c:\windows\$NtUninstallKB968816_WM9$\wmvcore.dll
+ 2009-06-27 17:08 . 2009-10-02 18:01 25198016 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2009-08-29 08:08 11069440 c:\windows\system32\ieframe.dll
+ 2009-06-27 17:08 . 2009-08-29 08:08 11069440 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-11 01:08 . 2009-08-11 01:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-08-15 00:32 . 2009-08-15 00:32 11110912 c:\windows\Installer\294ff91.msp
+ 2009-08-10 18:09 . 2009-08-10 18:09 17254912 c:\windows\Installer\294ff89.msp
+ 2009-10-16 07:03 . 2009-07-19 22:48 11067392 c:\windows\ie8updates\KB974455-IE8\ieframe.dll
+ 2009-10-16 07:05 . 2009-10-16 07:05 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2009-10-16 07:08 . 2009-10-16 07:08 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2009-10-16 07:07 . 2009-10-16 07:07 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2009-10-16 07:05 . 2009-10-16 07:05 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2009-10-16 07:05 . 2009-10-16 07:05 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2009-10-16 07:04 . 2009-10-16 07:04 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 86016]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2006-12-12 20480]
"IDTSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-09-06 405504]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-28 1657376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Kaneva\\Star\\3296\\KepClient.exe"=
"c:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SecondLife\\SecondLife.exe"=
"c:\\Program Files\\GreenLife Emerald Viewer\\SLVoice.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Vertical Life v1.5.5\\SLVoice.exe"=
"c:\\Program Files\\GreenLife Emerald Viewer\\GreenLife.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/18/2009 6:25 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/18/2009 6:25 PM 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-10-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]

2009-10-30 c:\windows\Tasks\User_Feed_Synchronization-{0FB1FC8F-D2FD-48E0-9AC1-A4D103B37994}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\r4me8qnu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\r4me8qnu.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkanevapatch.dll
FF - plugin: c:\program files\Sparkplay Media\Sparkplayer (Beta)\npSparkPlayerNS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PlayNC Launcher - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 01:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...


c:\windows\TEMP\TMP000000818283DDCFC6BCD607 524288 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-861567501-651377827-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:3b,da,e1,10,88,21,6c,e9,d3,4f,17,7b,d8,bb,90,f9,11,54,e8,ee,56,
67,7e,54,73,a1,a6,7e,e5,63,05,e2,fe,f5,b5,7b,e5,45,a7,1c,17,45,2e,c7,0f,1e,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
Completion time: 2009-10-31 1:04
ComboFix-quarantined-files.txt 2009-10-31 05:04
ComboFix2.txt 2009-08-19 19:42

Pre-Run: 415,271,092,224 bytes free
Post-Run: 415,165,308,928 bytes free

- - End Of File - - A4054BA3F8370C6CA97E5918CDC27212

#6 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 31 October 2009 - 03:56 AM

Hi,

Please do the following:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


In your next reply please include
  • MBAM Log
  • Kaspersky report

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#7 Archus

Archus

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 31 October 2009 - 01:10 PM

When I reinstalled Avast Anti virus before doing these scans, it asked to run a scan which it did after rebooting and it found 3 infections which I deleted. So I don't know if that helped fix anything too. Malwarebytes' Anti-Malware 1.41 Database version: 3070 Windows 5.1.2600 Service Pack 3 10/31/2009 12:44:44 PM mbam-log-2009-10-31 (12-44-44).txt Scan type: Quick Scan Objects scanned: 99416 Time elapsed: 4 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Saturday, October 31, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Saturday, October 31, 2009 16:12:31 Records in database: 3109010 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ Scan statistics: Objects scanned: 111107 Threats found: 1 Infected objects found: 1 Suspicious objects found: 0 Scan duration: 01:48:20 File name / Threat / Threats count C:\Qoobox\Quarantine\C\WINDOWS\system32\_sdra64_.exe.zip Infected: Trojan-Spy.Win32.Zbot.gen 1 Selected area has been scanned.

#8 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 31 October 2009 - 01:30 PM

Hi, it probably found files in quarantine, which are fine, they can't hurt the computer. Please post a fresh DDS and attach.txt and advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#9 Archus

Archus

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 31 October 2009 - 02:43 PM

Well it seems I got the Steam games to work now that I reinstalled them again after doing some of these steps. Computer seems to be looking good so far.



DDS

DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 16:40:26.50 on Sat 10/31/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1212 [GMT -4:00]

AV: avast! antivirus 4.8.1356 [VPS 091023-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [IDTSysTrayApp] sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\r4me8qnu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\r4me8qnu.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npkanevapatch.dll
FF - plugin: c:\program files\sparkplay media\sparkplayer (beta)\npSparkPlayerNS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-31 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-31 20560]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2009-10-31 16:39:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-31 16:39:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-31 16:39:13 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 05:10:37 0 d-----w- c:\program files\Defraggler
2009-10-31 05:10:19 0 d-----w- c:\program files\Steam
2009-10-31 04:52:21 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2009-10-31 04:52:21 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-31 04:49:38 77312 ----a-w- c:\windows\MBR.exe
2009-10-31 04:49:16 0 d-----w- C:\ComboFix
2009-10-31 04:40:43 0 d-----w- c:\windows\83F12F73D52E40C093B1463C311C4E17.TMP
2009-10-31 04:23:54 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-10-31 04:07:02 0 d-----w- c:\program files\THQ
2009-10-31 04:07:02 0 d-----w- C:\Extras
2009-10-31 04:07:02 0 d-----w- C:\Autorun
2009-10-31 03:58:29 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-10-31 03:58:29 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-10-31 03:58:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-10-31 03:58:28 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-10-31 03:58:28 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-10-31 03:58:28 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-10-31 03:58:28 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-10-29 17:39:04 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-10-27 05:56:05 215104 ----a-w- c:\windows\system32\PnkBstrB.xtr
2009-10-27 00:37:54 0 d-----w- c:\windows\system32\appmgmt
2009-10-25 00:15:27 0 d-----w- c:\program files\Bethesda Softworks
2009-10-25 00:14:29 0 d-----w- c:\windows\system32\xlive
2009-10-24 06:44:34 170336 ----a-w- c:\windows\hpqins00.dat
2009-10-24 06:41:25 0 d-----w- c:\docume~1\owner\applic~1\HpUpdate
2009-10-24 06:41:23 0 d-----w- c:\windows\Hewlett-Packard
2009-10-22 19:38:27 0 d-----w- c:\program files\a-squared Free
2009-10-22 19:22:05 0 ----a-w- c:\documents and settings\owner\Ÿ;Ÿ;
2009-10-22 01:34:50 0 d-----w- c:\program files\CCleaner
2009-10-21 22:01:07 0 ----a-w- c:\documents and settings\owner\Ÿ=Ÿ=
2009-10-19 19:08:12 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-19 19:06:09 0 d-----w- c:\program files\Corel
2009-10-17 15:34:49 0 d-----w- c:\documents and settings\owner\.gimp-2.6
2009-10-17 15:34:14 0 d-----w- c:\program files\GIMP-2.0
2009-10-13 22:26:33 0 d-----w- c:\program files\Lame for Audacity
2009-10-13 22:07:52 0 d-----w- c:\program files\Total Video Converter
2009-10-13 21:24:23 0 d-----w- c:\program files\Audacity
2009-10-03 13:32:47 0 d-----w- c:\windows\system32\Temp
2009-10-03 13:09:10 0 d-----w- c:\program files\AOA
2009-10-02 20:42:12 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 00:41:31 0 d-sh--w- c:\windows\ftpcache
2009-10-02 00:29:57 22328 ----a-w- c:\docume~1\owner\applic~1\PnkBstrK.sys
2009-10-02 00:29:57 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-02 00:29:41 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-02 00:29:25 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-02 00:29:22 319 ----a-w- c:\windows\game.ini
2009-10-02 00:18:59 0 d-----w- c:\program files\Activision

==================== Find3M ====================

2009-10-31 16:33:52 15308 ----a-w- c:\windows\system32\drivers\sthdae.log
2009-10-11 12:10:09 236544 ----a-w- c:\windows\PEV.exe
2009-09-30 00:14:32 65536 ----a-w- c:\windows\IFinst27.exe
2009-09-25 22:20:28 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll
2009-08-28 23:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 01:32:32 157204 ----a-w- c:\windows\hphins26.dat
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 23:51:54 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 23:51:54 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 16:40:46.12 ===============


Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/26/2009 5:16:09 PM
System Uptime: 10/31/2009 12:33:43 PM (4 hours ago)

Motherboard: Dell Inc. | | 0P611C
Processor: Intel® Core™2 Quad CPU @ 2.66GHz | Microprocessor | 2666/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 375.256 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: IDT High Definition Audio CODEC
Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7618&SUBSYS_102801E1&REV_1002\4&15AA5632&0&0001
Manufacturer: IDT
Name: IDT High Definition Audio CODEC
PNP Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7618&SUBSYS_102801E1&REV_1002\4&15AA5632&0&0001
Service: STHDA

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Trend Micro Common Firewall Miniport
Device ID: ROOT\TM_CFWMP\0000
Manufacturer: Trend Micro
Name: Broadcom NetXtreme 57xx Gigabit Controller - Trend Micro Common Firewall Miniport
PNP Device ID: ROOT\TM_CFWMP\0000
Service: tmcfw

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Trend Micro Common Firewall Miniport
Device ID: ROOT\TM_CFWMP\0001
Manufacturer: Trend Micro
Name: WAN Miniport (IP) - Trend Micro Common Firewall Miniport
PNP Device ID: ROOT\TM_CFWMP\0001
Service: tmcfw

==== System Restore Points ===================

RP76: 10/21/2009 9:43:08 PM - System Checkpoint
RP77: 10/22/2009 3:21:44 PM - Windows Defender Checkpoint
RP78: 10/22/2009 3:29:53 PM - Software Distribution Service 3.0
RP79: 10/22/2009 3:33:54 PM - Windows Defender Checkpoint
RP80: 10/23/2009 4:19:41 PM - System Checkpoint
RP81: 10/24/2009 4:33:52 PM - System Checkpoint
RP82: 10/24/2009 7:37:59 PM - Windows Defender Checkpoint
RP83: 10/24/2009 8:14:35 PM - Installed DirectX
RP84: 10/24/2009 8:15:08 PM - Installed DirectX
RP85: 10/24/2009 8:15:34 PM - Installed Fallout 3
RP86: 10/26/2009 3:53:44 AM - System Checkpoint
RP87: 10/26/2009 8:33:55 PM - Software Distribution Service 3.0
RP88: 10/26/2009 8:36:43 PM - Removed Steam
RP89: 10/26/2009 8:41:12 PM - Installed Steam
RP90: 10/27/2009 2:12:31 AM - Windows Defender Checkpoint
RP91: 10/28/2009 7:00:27 PM - System Checkpoint
RP92: 10/29/2009 1:18:50 PM - Software Distribution Service 3.0
RP93: 10/29/2009 1:36:46 PM - Installed DirectX
RP94: 10/29/2009 1:39:09 PM - Installed DirectX
RP95: 10/29/2009 2:11:32 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP96: 10/29/2009 2:11:41 PM - Removed Microsoft Games for Windows - LIVE Redistributable
RP97: 10/29/2009 11:17:18 PM - Removed Steam
RP98: 10/29/2009 11:20:07 PM - Installed Steam
RP99: 10/30/2009 2:29:11 AM - Windows Defender Checkpoint
RP100: 10/30/2009 7:19:33 PM - Installed DirectX
RP101: 10/30/2009 10:18:59 PM - Removed Steam
RP102: 10/30/2009 10:20:36 PM - Installed Steam
RP103: 10/30/2009 11:57:46 PM - Installed DirectX
RP104: 10/31/2009 12:07:01 AM - Installed Dawn Of War
RP105: 10/31/2009 12:42:08 AM - Removed Steam
RP106: 10/31/2009 12:49:51 AM - ComboFix created restore point
RP107: 10/31/2009 1:10:19 AM - Installed Steam

==== Installed Programs ======================

Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS4
Adobe Reader 8
AIM 7
AOAInstallprogram
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
avast! Antivirus
Bonjour
Broadcom Gigabit Integrated Controller
BufferChm
Call of Duty® 4 - Modern Warfare™
CCleaner (remove only)
Choice Guard
Counter-Strike: Source
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
D1500
D1500_Help
Dawn Of War
Defraggler
Dell Resource CD
DeviceDiscovery
DeviceManagementQFolder
DJ_SF_03_D1500_ProductContext
DJ_SF_03_D1500_Software
DJ_SF_03_D1500_Software_Min
Download Updater (AOL LLC)
Dream Of Mirror Online
EA Download Manager
Emerald Viewer 1.23.5.950
ESPNMotion
eSupportQFolder
Eudora
Exteel
Fallout 3
Fallout Mod Manager 0.9.15
FLV Player 2.0 (build 25)
GemMaster Mystic
GIMP 2.6.7
GPBaseService
Half-Life 2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Customer Participation Program 10.0
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPProductAssistant
HPSSupply
iTunes
Java™ 6 Update 16
Java™ 6 Update 5
LAME v3.98.2 for Audacity
LaTale_eu_Test
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.4)
MSVCRT
NCsoft Launcher
NVIDIA Drivers
Otto
PSSWCORE
QuickTime
Ragnarok Online
ScytheRO
SecondLife (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Shin Megami Tensei: Imagine Online
Shop for HP Supplies
SHOUTcast Source DSP 1.9.1 (remove only)
Skype web features
Skype™ 4.1
SmartWebPrintingOC
SolutionCenter
Sonic Encoders
Sparkplayer (Beta)
SPORE™
Spybot - Search & Destroy
Status
Steam
Team Fortress 2
Toolbox
Total Video Converter 3.50
TrayApp
Trend Micro PC-cillin Internet Security 14
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Ventrilo Client
Vertical Life v1.5.5
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package
WebFldrs XP
WebReg
Winamp
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
World of Kaneva v4.0
World of Warcraft
Xfire (remove only)
Yahoo! Messenger
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

10/31/2009 12:51:56 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/31/2009 12:51:20 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/30/2009 9:36:34 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WebClient service to connect.
10/30/2009 9:36:34 PM, error: Service Control Manager [7000] - The WebClient service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/30/2009 2:29:11 AM, error: WinDefend [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft....threatid=143471 Scan ID: {318E4382-95A6-4B7A-A0F6-C9297EA7ACC3} Scan Type: AntiMalware User: OWNER-1854068F2\Owner Name: Trojan:Win32/Alureon.gen!U ID: 143471 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
10/27/2009 5:44:30 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
10/27/2009 5:44:19 PM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
10/27/2009 2:12:35 AM, error: WinDefend [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft....threatid=141150 Scan ID: {58FCFE8E-9D15-4D56-A5AC-737EC071FA20} Scan Type: AntiMalware User: OWNER-1854068F2\Owner Name: Trojan:Win32/Alureon.BT ID: 141150 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.

==== End Of File ===========================

#10 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 31 October 2009 - 02:50 PM

Hi,

Your logs are clean.

Just some housekeeping to do now. Please do the following:

Visit ADOBEand download the latest version of Acrobat Reader (version 9.2)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT

Go to Start > Control Panel > Add/Remove programs
A list of installed programs will populate
Locate the below noted program and select REMOVE

Java™ 6 Update 5


Make sure to leave Java™ 6 Update 16 in place as that is the current version.


NEXT

Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image




NEXT

Now to remove the rest of the tools that we have used in fixing your machine:
  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Note: If any tools / logs remain after using this tool > right click and delete them.


NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.


  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them

    Then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • For Firefox, I highly recommend this add-on to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#11 Archus

Archus

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 31 October 2009 - 04:13 PM

Okay thanks for the help

#12 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 31 October 2009 - 05:45 PM

You are more than welcome stay safe :wavey: ~CB

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 31 October 2009 - 05:45 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users