View Full Version : Viscious malware won't allow spybot or any other anti maleware to run.
Title explains the problem:
Malware won't allow spybot or any other anti maleware to run.
Basically as soon as I attempt to run spybot's 'check for problems' function, it immediately shuts down and won't bring the window back up. I can see a cmd prompt window flicker for a split second, but then nothing happens.
I wanna mercilessly destroy the malware causing this.
On a side note:
I believe the malware to be one of those 'false anti spyware protection' programs. A giant red circle with a white X in the center appears, and when clicking on it a fake program pops up offering to fix the problem after i register. I've heard of the scam before, and just want it gone.
Its not my comp, but McAfee is installed. But when attempting a scan with that I get the following error:
Scanning has encountered a problem from which it cannot recover..
Here are the problem details
- Error starting the On Demand scanner
When finished, you will return to the home window.
[ OK ]
Have a feeling the malware is blocking all attempts to cure it.
Renaming the spybot.exe executable isn't fooling it either.
=====================
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Hello DJToast
Welcome to Safer Networking.
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
You said its not your computer, the owner should be the one posting ??
Please download RootRepeal one of these locations and save it to your desktop
Here (http://ad13.geekstogo.com/RootRepeal.exe)
Here (http://download.bleepingcomputer.com/rootrepeal/RootRepeal.exe)
Here (http://rootrepeal.psikotick.com/RootRepeal.exe)
Open http://billy-oneal.com/forums/rootRepeal/rootRepealDesktopIcon.png on your desktop.
Click the http://billy-oneal.com/forums/rootRepeal/reportTab.png tab.
Click the http://billy-oneal.com/forums/rootRepeal/btnScan.png button.
Check just these boxes:
http://forums.whatthetech.com/uploads/monthly_08_2009/post-75503-1250480183.gif
Push Ok
Check the box for your main system drive (Usually C:, and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the http://billy-oneal.com/forums/rootRepeal/saveReport.png button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.
As in most cases, it isn't my computer. Its my mothers. It is basically used by everyone in the family accept me. But every time something is wrong with it, its my job to fix it. Removing malware is highly above my mom's comprehension.
Here's the rootrepeal log.
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/01 00:56
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF35C8000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B3A000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB5521000 Size: 49152 File Visible: No Signed: -
Status: -
Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF7968000 Size: 20480 File Visible: No Signed: -
Status: -
Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xF3768000 Size: 61440 File Visible: No Signed: -
Status: -
==EOF====EOF==
Hi,
Your computer is infected with a Rootkit, we are going to remove it a bit at a time as to not overwhelm you .
Your going to download this program to your desktop, after you run it leave it there because we will need it again.
Download and run Win32kDiag:
Download Win32kDiag from any of the following locations and save it to your Desktop.
Download Win32kDiag (Win32kDiag.exe) - #1 (http://ad13.geekstogo.com/Win32kDiag.exe)
Download Win32kDiag (Win32kDiag.exe) - #2 (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe)
Download Win32kDiag (Win32kDiag.exe) - #3 (http://rootrepeal.psikotick.com/Win32kDiag.exe)
Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
What exactly is a rootkit?
Running from: C:\Documents and Settings\HP_Administrator\Desktop\Win32kDiag.exe
Log file at : C:\Documents and Settings\HP_Administrator\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\aolshare\aolshare
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP685.tmp\ZAP685.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7E9.tmp\ZAP7E9.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8C6.tmp\ZAP8C6.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Minidump\Minidump
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\security\logs\logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\setup.pss\setupupd\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\policy\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\root\root
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e71bf1e24fe2c6e94f08da7e8353e0de\e71bf1e24fe2c6e94f08da7e8353e0de
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\eventlog.dll
[1] 2008-04-13 17:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll (Microsoft Corporation)
[1] 2004-08-09 21:00:00 55808 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation)
[1] 2004-08-09 21:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()
[2] 2004-08-09 21:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)
Cannot access: C:\WINDOWS\system32\wbem\wmiprvse.exe
[1] 2008-04-13 17:12:40 218112 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wmiprvse.exe (Microsoft Corporation)
[1] 2004-08-09 21:00:00 218112 C:\WINDOWS\system32\dllcache\wmiprvse.exe (Microsoft Corporation)
[1] 2004-08-09 21:00:00 218112 C:\WINDOWS\system32\wbem\wmiprvse.exe ()
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Finished!
Hello,
A Rootkit is a nasty infection that sometimes is responsible for installing other junk, it hides from most scans and goes undetected so it has been a bit of a problem finding and removing it. RootRepeal is a new program and has been designed to find garbage like this. Your infected with max ++
Win32kdiag should still be on your desktop, so do this next.
Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.
"%userprofile%\desktop\win32kdiag.exe" -f -r
Make sure you get all of it, the " at the beginning and the r at the end
When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
Heres the new log after inputting the start run cmd.
--------------------------------------------------------------------
Running from: C:\Documents and Settings\HP_Administrator\desktop\win32kdiag.exe
Log file at : C:\Documents and Settings\HP_Administrator\Desktop\Win32kDiag.txt
Removing all found mount points.
Attempting to reset file permissions.
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706
Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812
Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945
Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213
Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760
Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454
Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090
Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768
Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566
Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143
Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653
Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568
Found mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615
Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Found mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533
Found mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864
Found mount point : C:\WINDOWS\aolshare\aolshare
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\aolshare\aolshare
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP685.tmp\ZAP685.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP685.tmp\ZAP685.tmp
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7E9.tmp\ZAP7E9.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7E9.tmp\ZAP7E9.tmp
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8C6.tmp\ZAP8C6.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8C6.tmp\ZAP8C6.tmp
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\temp\temp
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Config\Config
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\chsime\applets\applets
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imejp\applets\applets
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imejp98\imejp98
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\shared\res\res
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\java\classes\classes
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\java\trustlib\trustlib
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Found mount point : C:\WINDOWS\Minidump\Minidump
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Minidump\Minidump
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\batch\batch
Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\PIF\PIF
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Found mount point : C:\WINDOWS\security\logs\logs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\security\logs\logs
Found mount point : C:\WINDOWS\setup.pss\setupupd\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\setup.pss\setupupd\temp\temp
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\policy\msft\msft
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\policy\msft\msft
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\root\root
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\root\root
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e71bf1e24fe2c6e94f08da7e8353e0de\e71bf1e24fe2c6e94f08da7e8353e0de
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e71bf1e24fe2c6e94f08da7e8353e0de\e71bf1e24fe2c6e94f08da7e8353e0de
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Cannot access: C:\WINDOWS\system32\eventlog.dll
Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll
[1] 2008-04-13 17:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll (Microsoft Corporation)
[1] 2004-08-09 21:00:00 55808 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation)
[1] 2004-08-09 21:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()
[2] 2004-08-09 21:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)
Cannot access: C:\WINDOWS\system32\wbem\wmiprvse.exe
Attempting to restore permissions of : C:\WINDOWS\system32\wbem\wmiprvse.exe
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Finished!
Good Morning,
This rootkit is responsible for you not being able to run any security scans and what we are doing is chipping away at it so we can run a tool to remove it
Please download exeHelper (http://www.raktor.net/exeHelper/exeHelper.com) to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
exeHelper by Raktor - 09
Build 20090925
Run at 01:46:28 on 10/03/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
There we have it :]
Good Morning,
Great so far. We are going to run Combofix, it may not run unless you rename it.
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif
http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
I ran combofix, after it restarted the pc it was generating a log and a 60 second countdown began forcing windows to shutdown.
Upon restarting I get this message.
RUNDLL
Error loading C:\WINDOWS\aquwaruyumogavim.dll
The specified module could not be found.
Also, When attempting to load Mcafee to disable it, i get a 60 second countdown for windows to shut down.
Here is the log that was generated:
ComboFix 09-10-01.05 - HP_Administrator 10/03/2009 12:41:31.1.2 - NTFSx86
Running from: C:\Documents and Settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\cuysn.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\zofity._sy
C:\Documents and Settings\HP_Administrator\Application Data\alot
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_0\Button_0.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_0\Button_0.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_1\Button_1.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_1\Button_1.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_10\Button_10.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_10\Button_10.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_11\Button_11.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_11\Button_11.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_2\Button_2.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_2\Button_2.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_3\Button_3.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_3\Button_3.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_4\Button_4.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_4\Button_4.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_5\Button_5.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_5\Button_5.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_6\Button_6.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_6\Button_6.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_7\Button_7.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_7\Button_7.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_8\Button_8.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_8\Button_8.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_9\Button_9.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_9\Button_9.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\configurator\configurator.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\configurator\configurator.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\postInstallLayout\postInstallLayout.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\products\products.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\products\products.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_2\images\default_267_alot_ref_refsearch.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_3\images\default_268_alot_ref_research.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\alert-icon.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\alert.png
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\clear.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\cloudy.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\default_281_alot_weather_widget.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\foggy.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\mcloud.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\nclear.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\ncloudy.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\nmcloud.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\pcloud.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\rain.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\shower.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\snow.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\tstorm.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\active_default_346_alot_ref_word.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\alert-icon.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\alert.png
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\clear.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\cloudy.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\default_281_alot_weather_widget.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\default_346_alot_ref_word.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\foggy.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\mcloud.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\nclear.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\nmcloud.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\pcloud.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\rain.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\shower.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\snow.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_6\images\default_319_alot_ref_calculator.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_7\images\default_270_alot_mrkt_travel_guides.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_7\images\default_270_alot_ref_mrkt_book.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_7\images\default_270_default_243_alot_news_mrkt_nyt.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_8\images\default_446_alot_mrkt_180.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_8\images\default_446_alot_mrkt_gamevance.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_8\images\default_446_alot_ref_mrkt_book.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\domains.dat
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\alot_brand.png
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\spinner.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_btnmin0.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_btnmin1.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_caption.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\TimerManager\TimerManager.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\TimerManager\TimerManager.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\toolbar.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Updater\Updater.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Updater\Updater.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\lizkavd.exe
C:\Documents and Settings\HP_Administrator\Application Data\seres.exe
C:\Documents and Settings\HP_Administrator\Application Data\svcst.exe
C:\Documents and Settings\HP_Administrator\Application Data\wiaserva.log
C:\Documents and Settings\HP_Administrator\Application Data\ytat.dll
C:\Documents and Settings\HP_Administrator\Application Data\ytomi.pif
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\cisusuc._sy
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ilyxuqo.scr
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\sibut._dl
C:\Documents and Settings\LocalService\Application Data\alot
C:\Documents and Settings\LocalService\Application Data\alot\Button_0\Button_0.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_0\Button_0.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_1\Button_1.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_1\Button_1.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_10\Button_10.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_10\Button_10.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_11\Button_11.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_11\Button_11.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_2\Button_2.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_2\Button_2.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_3\Button_3.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_3\Button_3.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_4\Button_4.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_4\Button_4.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_5\Button_5.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_5\Button_5.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_6\Button_6.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_6\Button_6.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_7\Button_7.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_7\Button_7.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_8\Button_8.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_8\Button_8.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_9\Button_9.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_9\Button_9.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\configurator\configurator.xml
C:\Documents and Settings\LocalService\Application Data\alot\configurator\configurator.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\TimerManager\TimerManager.xml
C:\Documents and Settings\LocalService\Application Data\alot\TimerManager\TimerManager.xml.backup
C:\nksrq.exe
C:\pphqrer.exe
C:\Program Files\alot
C:\Program Files\alot\alotUninst.exe
C:\Program Files\Common Files\yjasyliha.exe
C:\tlcefbe.exe
C:\WINDOWS\9129837.exe
C:\WINDOWS\aconeloq.exe
C:\WINDOWS\aquwaruyumogavim.dll
C:\WINDOWS\Installer\54f091fc.msi
C:\WINDOWS\kb913800.exe
C:\WINDOWS\mqcd.dbt
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_scui.cpl
C:\WINDOWS\system32\ashl.nq
C:\WINDOWS\system32\gogowito.dll
C:\WINDOWS\system32\lowsec
C:\WINDOWS\system32\lowsec\local.ds
C:\WINDOWS\system32\lowsec\user.ds
C:\WINDOWS\system32\lowsec\user.ds.lll
C:\WINDOWS\system32\wbem\proquota.exe
C:\WINDOWS\system32\yidomabi.dll
C:\WINDOWS\ugilivi.sys
C:\WINDOWS\umuj.bin
C:\WINDOWS\upytyha.exe
C:\WINDOWS\uvir.ban
D:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://srv-ws-01.discoverconsole.com
hxxp://82.98.235.205
Infected copy of C:\WINDOWS\system32\eventlog.dll was found and disinfected
Restored copy from - C:\WINDOWS\system32\dllcache\eventlog.dll
C:\WINDOWS\system32\proquota.exe . . . is missing!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
((((((((((((((((((((((((( Files Created from 2009-09-03 to 2009-10-03 )))))))))))))))))))))))))))))))
.
2009-09-27 10:25:49 . 2009-09-27 10:25:49 0 d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\{5D6BD32C-E7F1-4910-94A0-444E5E7E818F}
2009-09-27 10:19:44 . 2009-09-27 10:19:44 0 d--h--w- C:\WINDOWS\system32\GroupPolicy
2009-09-27 09:59:09 . 2009-09-27 10:27:06 0 d-----w- C:\Program Files\PALADIN
2009-09-27 09:40:44 . 2009-09-27 10:24:33 0 d-----w- C:\Program Files\Search & Destroy
2009-09-27 09:03:29 . 2009-09-27 09:03:29 0 d-----w- C:\Documents and Settings\HP_Administrator\Application Data\McAfee
2009-09-25 04:38:30 . 2009-07-08 20:44:20 79816 ----a-w- C:\WINDOWS\system32\drivers\mfeavfk.sys
2009-09-25 04:38:30 . 2009-07-08 20:44:20 40552 ----a-w- C:\WINDOWS\system32\drivers\mfesmfk.sys
2009-09-25 04:38:30 . 2009-07-08 20:44:20 35272 ----a-w- C:\WINDOWS\system32\drivers\mfebopk.sys
2009-09-25 04:38:23 . 2009-07-16 19:32:26 120136 ----a-w- C:\WINDOWS\system32\drivers\Mpfp.sys
2009-09-25 04:37:42 . 2009-09-25 04:38:26 0 d-----w- C:\Program Files\Common Files\McAfee
2009-09-25 04:37:39 . 2009-09-25 04:37:54 0 d-----w- C:\Program Files\McAfee.com
2009-09-25 04:35:12 . 2009-07-08 20:43:46 34248 ----a-w- C:\WINDOWS\system32\drivers\mferkdk.sys
2009-09-25 04:05:59 . 2009-10-03 09:32:06 0 d-----w- C:\Program Files\McAfee
2009-09-25 03:01:47 . 2009-09-25 03:01:47 16524 ----a-w- C:\WINDOWS\ucejeliv.dat
2009-09-25 03:01:42 . 2009-09-25 03:01:42 18660 ----a-w- C:\WINDOWS\mosaxatod.dat
2009-09-25 03:01:39 . 2009-09-25 03:01:39 10487 ----a-w- C:\WINDOWS\system32\tomobico.dat
2009-09-24 22:04:07 . 2009-10-02 04:36:50 120 ----a-w- C:\WINDOWS\Dxilanerulato.dat
2009-09-24 22:04:07 . 2009-10-02 04:36:50 0 ----a-w- C:\WINDOWS\Kqoyedesuvaruku.bin
2009-09-24 22:04:05 . 2009-09-24 22:04:05 0 d-----w- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{B8542336-4284-4675-9352-84D2DE8DE27F}
2009-09-24 21:58:58 . 2009-05-14 01:47:25 61224 ----a-w- C:\Documents and Settings\HelpAssistant\GoToAssistDownloadHelper.exe
2009-09-24 21:53:26 . 2009-09-24 21:53:26 4707 ----a-w- C:\WINDOWS\system32\z98a.bin
2009-09-23 01:04:08 . 2009-09-24 15:08:13 0 d-----w- C:\Program Files\AOL 9.1c
2009-09-20 01:30:55 . 2009-10-03 19:41:13 0 ----a-w- C:\WINDOWS\win32k.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 19:50:38 . 2009-10-03 19:51:42 56832 ----a-w- C:\WINDOWS\9129837.exe
2009-09-30 21:45:18 . 2006-10-19 01:21:50 18668 ----a-w- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2009-09-27 10:26:59 . 2009-04-01 22:06:37 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-27 09:38:26 . 2009-04-01 22:06:37 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-09-27 09:05:15 . 2008-01-03 20:45:10 0 d-----w- C:\Program Files\Security Task Manager
2009-09-25 07:38:53 . 2009-05-13 18:11:54 0 d-----w- C:\Documents and Settings\All Users\Application Data\McAfee
2009-09-25 03:35:52 . 2006-08-01 02:25:01 0 d-----w- C:\Program Files\DISC
2009-09-24 15:18:21 . 2006-08-01 02:49:22 0 d-----w- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-09-24 15:07:30 . 2006-10-03 22:13:22 0 d-----w- C:\Documents and Settings\HP_Administrator\Application Data\AOL
2009-09-24 09:59:02 . 2009-05-14 05:15:51 0 d-----w- C:\Program Files\AOL Toolbar
2009-09-23 01:05:41 . 2006-10-03 22:05:14 0 d-----w- C:\Program Files\Common Files\AOL
2009-09-23 01:04:13 . 2006-10-03 22:07:20 0 d-----w- C:\Program Files\Common Files\aolshare
2009-09-23 01:04:08 . 2006-10-03 22:05:14 0 d-----w- C:\Documents and Settings\All Users\Application Data\AOL
2009-09-01 00:58:58 . 2009-08-14 09:08:04 0 d-----w- C:\Program Files\NCH Swift Sound
2009-09-01 00:58:55 . 2009-08-14 09:08:04 0 d-----w- C:\Documents and Settings\HP_Administrator\Application Data\NCH Swift Sound
2009-08-17 07:57:31 . 2007-11-19 19:51:22 0 d-----w- C:\Program Files\Common Files\Adobe
2009-08-17 07:49:56 . 2006-08-01 01:49:54 0 d-----w- C:\Program Files\GemMaster
2009-08-17 07:37:51 . 2009-08-14 09:08:37 0 d-----w- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2009-08-17 06:22:02 . 2009-08-13 21:21:53 0 d-----w- C:\Program Files\THQ
2009-08-17 06:22:00 . 2006-08-01 02:27:15 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-08-14 09:11:13 . 2009-08-14 09:11:13 0 d-----w- C:\Program Files\NCH Software
2009-08-14 02:10:17 . 2009-08-14 02:08:27 0 d-----w- C:\Documents and Settings\HP_Administrator\Application Data\Winamp
2009-08-14 02:09:05 . 2009-08-14 02:08:27 0 d-----w- C:\Program Files\Winamp
2009-07-08 20:44:20 . 2009-07-08 20:44:20 214024 ----a-w- C:\WINDOWS\system32\drivers\mfehidk.sys
2009-04-13 07:04:52 . 2009-04-13 07:04:52 2098 --sh--w- C:\WINDOWS\system32\liyujupe.dll
2009-04-13 07:04:52 . 2009-04-13 07:04:52 2098 --sh--w- C:\WINDOWS\system32\pokefige.dll
2009-01-28 21:53:10 . 2009-01-28 21:53:10 12288 --sha-w- C:\WINDOWS\system32\wetelumo.dll
.
Hi, that error will go away in a bit, its one of the rootkit files that where deleted but it still wants to load.
I need to see the entire Combofix log, you only posted half of it.
C:\Qoobox < You can find it here
Open notepad and copy/paste the text in the quote box below into it:
PEV -l "%systemdrive%\proquota.exe" >log.txt
start notepad log.txt
Save this as look.bat Choose to "Save type as - All Files"
Save it to your desktop
Double click on look.bat & allow it to run. Then post the log which it produces
I was only able to post half of it. Computer shut down before combofix could run its course.
Heres a complete one:
ComboFix 09-10-01.05 - HP_Administrator 10/03/2009 13:19.2.2 - NTFSx86
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HP_Administrator\Application Data\wiaserva.log
c:\windows\9129837.exe
c:\windows\system32\wbem\proquota.exe
.
---- Previous Run -------
.
C:\cuysn.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\zofity._sy
c:\documents and settings\HP_Administrator\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_10\Button_10.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_10\Button_10.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_11\Button_11.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_11\Button_11.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\configurator\configurator.xml
c:\documents and settings\HP_Administrator\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\HP_Administrator\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\products\products.xml
c:\documents and settings\HP_Administrator\Application Data\alot\products\products.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_2\images\default_267_alot_ref_refsearch.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_3\images\default_268_alot_ref_research.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\alert-icon.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\alert.png
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\clear.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\cloudy.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\default_281_alot_weather_widget.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\foggy.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\mcloud.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\nclear.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\ncloudy.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\nmcloud.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\pcloud.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\rain.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\shower.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\snow.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\tstorm.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\active_default_346_alot_ref_word.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\alert-icon.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\alert.png
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\clear.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\cloudy.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\default_281_alot_weather_widget.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\default_346_alot_ref_word.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\foggy.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\mcloud.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\nclear.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\nmcloud.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\pcloud.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\rain.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\shower.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\snow.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_6\images\default_319_alot_ref_calculator.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_7\images\default_270_alot_mrkt_travel_guides.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_7\images\default_270_alot_ref_mrkt_book.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_7\images\default_270_default_243_alot_news_mrkt_nyt.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_8\images\default_446_alot_mrkt_180.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_8\images\default_446_alot_mrkt_gamevance.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_8\images\default_446_alot_ref_mrkt_book.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_btnmin0.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_btnmin1.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\HP_Administrator\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\toolbar.xml
c:\documents and settings\HP_Administrator\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\HP_Administrator\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Updater\Updater.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\HP_Administrator\Application Data\lizkavd.exe
c:\documents and settings\HP_Administrator\Application Data\seres.exe
c:\documents and settings\HP_Administrator\Application Data\svcst.exe
c:\documents and settings\HP_Administrator\Application Data\wiaserva.log
c:\documents and settings\HP_Administrator\Application Data\ytat.dll
c:\documents and settings\HP_Administrator\Application Data\ytomi.pif
c:\documents and settings\HP_Administrator\Local Settings\Application Data\cisusuc._sy
c:\documents and settings\HP_Administrator\Local Settings\Application Data\ilyxuqo.scr
c:\documents and settings\HP_Administrator\Local Settings\Application Data\sibut._dl
c:\documents and settings\LocalService\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\LocalService\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\LocalService\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_10\Button_10.xml
c:\documents and settings\LocalService\Application Data\alot\Button_10\Button_10.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_11\Button_11.xml
c:\documents and settings\LocalService\Application Data\alot\Button_11\Button_11.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\LocalService\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\LocalService\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\LocalService\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\LocalService\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\LocalService\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\LocalService\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\LocalService\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\LocalService\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\LocalService\Application Data\alot\configurator\configurator.xml
c:\documents and settings\LocalService\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\LocalService\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\LocalService\Application Data\alot\TimerManager\TimerManager.xml.backup
C:\nksrq.exe
C:\pphqrer.exe
c:\program files\alot\alotUninst.exe
c:\program files\Common Files\yjasyliha.exe
C:\tlcefbe.exe
c:\windows\9129837.exe
c:\windows\aconeloq.exe
c:\windows\aquwaruyumogavim.dll
c:\windows\Installer\54f091fc.msi
c:\windows\kb913800.exe
c:\windows\mqcd.dbt
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_scui.cpl
c:\windows\system32\ashl.nq
c:\windows\system32\gogowito.dll
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\yidomabi.dll
c:\windows\ugilivi.sys
c:\windows\umuj.bin
c:\windows\upytyha.exe
c:\windows\uvir.ban
D:\Autorun.inf
-- Previous Run --
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\eventlog.dll
c:\windows\system32\proquota.exe . . . is missing!!
--------
c:\windows\system32\proquota.exe . . . is missing!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
((((((((((((((((((((((((( Files Created from 2009-09-03 to 2009-10-03 )))))))))))))))))))))))))))))))
.
2009-10-03 20:05 . 2009-10-03 20:05 -------- d-----w- c:\windows\LastGood
2009-09-27 10:25 . 2009-09-27 10:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{5D6BD32C-E7F1-4910-94A0-444E5E7E818F}
2009-09-27 10:19 . 2009-09-27 10:19 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-09-27 09:59 . 2009-09-27 10:27 -------- d-----w- c:\program files\PALADIN
2009-09-27 09:40 . 2009-09-27 10:24 -------- d-----w- c:\program files\Search & Destroy
2009-09-27 09:03 . 2009-09-27 09:03 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\McAfee
2009-09-25 04:38 . 2009-07-08 20:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-25 04:38 . 2009-07-08 20:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-25 04:38 . 2009-07-08 20:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-25 04:38 . 2009-07-16 19:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-09-25 04:37 . 2009-09-25 04:38 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-25 04:37 . 2009-09-25 04:37 -------- d-----w- c:\program files\McAfee.com
2009-09-25 04:35 . 2009-07-08 20:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-25 04:05 . 2009-10-03 09:32 -------- d-----w- c:\program files\McAfee
2009-09-25 03:01 . 2009-09-25 03:01 16524 ----a-w- c:\windows\ucejeliv.dat
2009-09-25 03:01 . 2009-09-25 03:01 18660 ----a-w- c:\windows\mosaxatod.dat
2009-09-25 03:01 . 2009-09-25 03:01 10487 ----a-w- c:\windows\system32\tomobico.dat
2009-09-24 22:04 . 2009-10-02 04:36 120 ----a-w- c:\windows\Dxilanerulato.dat
2009-09-24 22:04 . 2009-10-02 04:36 0 ----a-w- c:\windows\Kqoyedesuvaruku.bin
2009-09-24 22:04 . 2009-09-24 22:04 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\{B8542336-4284-4675-9352-84D2DE8DE27F}
2009-09-24 21:58 . 2009-05-14 01:47 61224 ----a-w- c:\documents and settings\HelpAssistant\GoToAssistDownloadHelper.exe
2009-09-24 21:53 . 2009-09-24 21:53 4707 ----a-w- c:\windows\system32\z98a.bin
2009-09-23 01:04 . 2009-09-24 15:08 -------- d-----w- c:\program files\AOL 9.1c
2009-09-20 01:30 . 2009-10-03 19:41 0 ----a-w- c:\windows\win32k.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 21:45 . 2006-10-19 01:21 18668 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-09-27 10:26 . 2009-04-01 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-27 09:38 . 2009-04-01 22:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-27 09:05 . 2008-01-03 20:45 -------- d-----w- c:\program files\Security Task Manager
2009-09-25 07:38 . 2009-05-13 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-25 03:35 . 2006-08-01 02:25 -------- d-----w- c:\program files\DISC
2009-09-24 15:18 . 2006-08-01 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-24 15:07 . 2006-10-03 22:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AOL
2009-09-24 09:59 . 2009-05-14 05:15 -------- d-----w- c:\program files\AOL Toolbar
2009-09-23 01:05 . 2006-10-03 22:05 -------- d-----w- c:\program files\Common Files\AOL
2009-09-23 01:04 . 2006-10-03 22:07 -------- d-----w- c:\program files\Common Files\aolshare
2009-09-23 01:04 . 2006-10-03 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-09-01 00:58 . 2009-08-14 09:08 -------- d-----w- c:\program files\NCH Swift Sound
2009-09-01 00:58 . 2009-08-14 09:08 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\NCH Swift Sound
2009-08-17 07:57 . 2007-11-19 19:51 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-17 07:49 . 2006-08-01 01:49 -------- d-----w- c:\program files\GemMaster
2009-08-17 07:37 . 2009-08-14 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-08-17 06:22 . 2009-08-13 21:21 -------- d-----w- c:\program files\THQ
2009-08-17 06:22 . 2006-08-01 02:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-14 09:11 . 2009-08-14 09:11 -------- d-----w- c:\program files\NCH Software
2009-08-14 02:10 . 2009-08-14 02:08 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Winamp
2009-08-14 02:09 . 2009-08-14 02:08 -------- d-----w- c:\program files\Winamp
2009-07-08 20:44 . 2009-07-08 20:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-04-13 07:04 . 2009-04-13 07:04 2098 --sh--w- c:\windows\system32\liyujupe.dll
2009-04-13 07:04 . 2009-04-13 07:04 2098 --sh--w- c:\windows\system32\pokefige.dll
2009-01-28 21:53 . 2009-01-28 21:53 12288 --sha-w- c:\windows\system32\wetelumo.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-01 180269]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2005-09-27 169984]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-14 16239616]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
mhbupd32.exe [2004-8-9 29184]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ Shtret.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD@ccess.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD@ccess.lnk
backup=c:\windows\pss\DVD@ccess.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^mhbupd32.exe]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\mhbupd32.exe
backup=c:\windows\pss\mhbupd32.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ISPwdSvc"=3 (0x3)
"GameConsoleService"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"sprtsvc_ddoctorv2"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1159913245\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\1159913245\\EE\\aolsoftware.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\AOL 9.1a\\waol.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\AOL 9.1b\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AOL 9.1c\\waol.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
R2 0229931254061299mcinstcleanup;McAfee Application Installer Cleanup (0229931254061299);c:\windows\TEMP\022993~1.EXE [x]
R3 {0D1C65DF-BFC7-4DB1-8A96CF4309C0C846};{0D1C65DF-BFC7-4DB1-8A96CF4309C0C846};c:\windows\System32\svchost.exe [2004-08-10 14336]
S2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [2003-11-22 29156]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
{0D1C65DF-BFC7-4DB1-8A96CF4309C0C846}
.
Contents of the 'Scheduled Tasks' folder
2009-09-25 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-25 04:26]
2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-25 04:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mhcc.edu
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\yafy98wb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query=
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: XULRunner: {B8542336-4284-4675-9352-84D2DE8DE27F} - c:\documents and settings\HP_Administrator\Local Settings\Application Data\{B8542336-4284-4675-9352-84D2DE8DE27F}
FF - HiddenExtension: XULRunner: {5D6BD32C-E7F1-4910-94A0-444E5E7E818F} - c:\documents and settings\Administrator\Local Settings\Application Data\{5D6BD32C-E7F1-4910-94A0-444E5E7E818F}\
---- FIREFOX POLICIES ----
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
BHO-{85cb03a9-763f-4358-8343-662441ea4870} - (no file)
HKCU-Run-SpybotSD TeaTimer - c:\program files\PALADIN\TeaTimer.exe
Notify-dbbin - dbbin.dll
AddRemove-alotToolbar - c:\program files\alot\alotUninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-03 13:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{0D1C65DF-BFC7-4DB1-8A96CF4309C0C846}]
"ServiceDll"="c:\docume~1\HP_ADM~1\LOCALS~1\Temp\11.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(824)
c:\windows\Shtret.dll
.
Completion time: 2009-10-03 13:25
ComboFix-quarantined-files.txt 2009-10-03 20:25
Pre-Run: 203,930,058,752 bytes free
Post-Run: 203,935,186,944 bytes free
434 --- E O F --- 2009-10-03 19:57
This is the result of the string:
PEV -l "%systemdrive%\proquota.exe" >log.txt
start notepad log.txt
------------------------------------------------------------------
----a-w- 50,176 2008-04-14 00:12:32 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe
Entries: 1 (1)
Directories: 0 Files: 1
Bytes: 50,176 Blocks: 98
------------------------------------------------------------------
The above is all that was opened in a log.
Hi,
There are some entries on your Combofix log that I need to look over, in the meantime do this please.
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::
File::
C:\WINDOWS\win32k.sys
c:\windows\ucejeliv.dat
c:\windows\mosaxatod.dat
c:\windows\system32\tomobico.dat
c:\windows\Dxilanerulato.dat
c:\windows\Kqoyedesuvaruku.bin
c:\windows\system32\liyujupe.dll
c:\windows\system32\pokefige.dll
c:\windows\system32\wetelumo.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\11.tmp
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
Fcopy::
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe | C:\WINDOWS\system32\proquota.exe
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean
Please download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://forums.whatthetech.com/post_a4255_MBAM.PNG
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report and also a new HJT log please
Download Trendmicros Hijackthis (http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe) to your desktop.
Double click it to install
Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe
Open HJT Scan and Save a Log File, it will open in Notepad
Go to Format and make sure Wordwrap is Unchecked
Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Submit Reply and not start a New Thread.
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
Post the following please
1. New Combofix log
2. Malwarebytes Log
3. Hijackthis log
I have to post the Combofix log as multiple parts, as it has too many characters for the forum.
Heres part 1:
ComboFix 09-10-01.05 - HP_Administrator 10/04/2009 11:41.3.2 - NTFSx86
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
FILE ::
"c:\docume~1\HP_ADM~1\LOCALS~1\Temp\11.tmp"
"c:\windows\Dxilanerulato.dat"
"c:\windows\Kqoyedesuvaruku.bin"
"c:\windows\mosaxatod.dat"
"c:\windows\system32\liyujupe.dll"
"c:\windows\system32\pokefige.dll"
"c:\windows\system32\tomobico.dat"
"c:\windows\system32\wetelumo.dll"
"c:\windows\ucejeliv.dat"
"c:\windows\win32k.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\cyhahevega.ban
c:\documents and settings\All Users\Application Data\jamu.scr
c:\documents and settings\All Users\Application Data\pedegico.sys
c:\documents and settings\All Users\Application Data\tacisike.inf
c:\documents and settings\All Users\Application Data\yrebyleq.dl
c:\documents and settings\HP_Administrator\Application Data\afofybeg.dll
c:\documents and settings\HP_Administrator\Application Data\lizkavd.exe
c:\documents and settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\HP_Administrator\Application Data\oxoxutuxod.dll
c:\documents and settings\HP_Administrator\Application Data\seres.exe
c:\documents and settings\HP_Administrator\Application Data\svcst.exe
c:\documents and settings\HP_Administrator\Application Data\usigugowex.scr
c:\documents and settings\HP_Administrator\Application Data\wiaserva.log
c:\documents and settings\HP_Administrator\Application Data\ydumigymif._dl
c:\documents and settings\HP_Administrator\Desktop\AntivirusPro_2010.lnk
c:\documents and settings\HP_Administrator\Local Settings\Application Data\bihuhiqep.com
c:\documents and settings\HP_Administrator\Local Settings\Application Data\icebarofe._dl
c:\documents and settings\HP_Administrator\Local Settings\Application Data\utynu.inf
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\ifysepu._dl
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\zuhyjexu.db
c:\documents and settings\HP_Administrator\Start Menu\Programs\AntivirusPro_2010
c:\documents and settings\HP_Administrator\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\HP_Administrator\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg
c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
c:\program files\Common Files\derynipib.reg
c:\program files\Common Files\mifip.bat
c:\program files\Common Files\mopofi.bat
c:\program files\Common Files\ufiliwo.sys
c:\windows\Dxilanerulato.dat
c:\windows\Kqoyedesuvaruku.bin
c:\windows\mosaxatod.dat
c:\windows\system32\_scui.cpl
c:\windows\system32\jurujunip.dl
c:\windows\system32\liyujupe.dll
c:\windows\system32\pokefige.dll
c:\windows\system32\qinotokyzu.reg
c:\windows\system32\tomobico.dat
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\wetelumo.dll
c:\windows\ucejeliv.dat
c:\windows\win32k.sys
c:\windows\yqinexab.reg
.
--------------- FCopy ---------------
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe --> c:\windows\system32\proquota.exe
.
((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 )))))))))))))))))))))))))))))))
.
2009-10-04 18:41 . 2009-10-04 18:41 -------- d-----w- c:\windows\LastGood
2009-10-04 18:41 . 2004-08-09 21:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-04 18:41 . 2004-08-09 21:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-04 15:53 . 2009-10-04 15:53 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-04 15:53 . 2009-10-04 15:53 -------- d-----w- c:\program files\MSBuild
2009-10-04 15:53 . 2009-10-04 15:53 -------- d-----w- c:\program files\Reference Assemblies
2009-10-04 15:52 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-04 15:52 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-04 15:52 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-04 15:52 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-04 15:52 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-04 15:52 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-04 15:52 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-04 15:52 . 2009-10-04 15:53 -------- d-----w- C:\5fb73fb5a2ff3b786c24050f2cbed684
2009-10-04 15:50 . 2009-10-04 15:50 -------- d-----w- c:\program files\MSXML 6.0
2009-10-04 15:44 . 2009-10-04 15:44 -------- d-----w- c:\windows\ServicePackFiles
2009-10-03 20:18 . 2009-10-03 20:25 -------- d-----w- C:\Combo-Fix
2009-09-27 10:25 . 2009-09-27 10:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{5D6BD32C-E7F1-4910-94A0-444E5E7E818F}
2009-09-27 10:19 . 2009-09-27 10:19 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-09-27 09:59 . 2009-09-27 10:27 -------- d-----w- c:\program files\PALADIN
2009-09-27 09:40 . 2009-09-27 10:24 -------- d-----w- c:\program files\Search & Destroy
2009-09-27 09:03 . 2009-09-27 09:03 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\McAfee
2009-09-25 04:38 . 2009-07-08 20:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-25 04:38 . 2009-07-08 20:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-25 04:38 . 2009-07-08 20:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-25 04:38 . 2009-07-16 19:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-09-25 04:37 . 2009-09-25 04:38 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-25 04:37 . 2009-09-25 04:37 -------- d-----w- c:\program files\McAfee.com
2009-09-25 04:35 . 2009-07-08 20:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-25 04:05 . 2009-10-03 09:32 -------- d-----w- c:\program files\McAfee
2009-09-24 22:04 . 2009-09-24 22:04 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\{B8542336-4284-4675-9352-84D2DE8DE27F}
2009-09-24 21:58 . 2009-05-14 01:47 61224 ----a-w- c:\documents and settings\HelpAssistant\GoToAssistDownloadHelper.exe
2009-09-24 21:53 . 2009-09-24 21:53 4707 ----a-w- c:\windows\system32\z98a.bin
2009-09-23 01:04 . 2009-09-24 15:08 -------- d-----w- c:\program files\AOL 9.1c
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 15:59 . 2007-11-15 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-30 21:45 . 2006-10-19 01:21 18668 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-09-27 10:26 . 2009-04-01 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-27 09:38 . 2009-04-01 22:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-27 09:05 . 2008-01-03 20:45 -------- d-----w- c:\program files\Security Task Manager
2009-09-25 07:38 . 2009-05-13 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-25 03:35 . 2006-08-01 02:25 -------- d-----w- c:\program files\DISC
2009-09-24 15:18 . 2006-08-01 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-24 15:07 . 2006-10-03 22:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AOL
2009-09-24 09:59 . 2009-05-14 05:15 -------- d-----w- c:\program files\AOL Toolbar
2009-09-23 01:05 . 2006-10-03 22:05 -------- d-----w- c:\program files\Common Files\AOL
2009-09-23 01:04 . 2006-10-03 22:07 -------- d-----w- c:\program files\Common Files\aolshare
2009-09-23 01:04 . 2006-10-03 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-09-01 00:58 . 2009-08-14 09:08 -------- d-----w- c:\program files\NCH Swift Sound
2009-09-01 00:58 . 2009-08-14 09:08 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\NCH Swift Sound
2009-08-17 07:57 . 2007-11-19 19:51 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-17 07:49 . 2006-08-01 01:49 -------- d-----w- c:\program files\GemMaster
2009-08-17 07:37 . 2009-08-14 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-08-17 06:22 . 2009-08-13 21:21 -------- d-----w- c:\program files\THQ
2009-08-17 06:22 . 2006-08-01 02:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-14 09:11 . 2009-08-14 09:11 -------- d-----w- c:\program files\NCH Software
2009-08-14 02:10 . 2009-08-14 02:08 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Winamp
2009-08-14 02:09 . 2009-08-14 02:08 -------- d-----w- c:\program files\Winamp
2009-08-05 09:11 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2004-08-10 04:00 82432 ------w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-10 04:00 119808 ------w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-10 04:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 20:44 . 2009-07-08 20:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
.
part 2
((((((((((((((((((((((((((((( SnapShot@2009-10-03_20.24.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-02-18 03:00 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2008-07-30 04:10 . 2008-07-30 04:10 26112 c:\windows\system32\TsWpfWrp.exe
+ 2004-08-10 04:00 . 2009-06-12 11:50 80896 c:\windows\system32\tlntsess.exe
+ 2004-08-10 11:00 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe
+ 2006-08-01 01:50 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
+ 2009-10-04 15:53 . 2008-07-06 12:06 89088 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2009-05-01 19:02 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 55808 c:\windows\system32\secur32.dll
+ 2004-08-10 04:00 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
+ 2004-08-10 04:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
+ 2008-07-30 02:59 . 2008-07-30 02:59 43544 c:\windows\system32\PresentationHostProxy.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 39424 c:\windows\system32\pngfilt.dll
+ 2005-08-31 04:07 . 2009-10-04 16:40 71936 c:\windows\system32\perfc009.dat
+ 2008-07-25 18:17 . 2008-07-25 18:17 15360 c:\windows\system32\mui\0409\mscorees.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 15360 c:\windows\system32\mui\0409\mscorees.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2004-08-10 04:00 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
+ 2007-05-09 00:08 . 2007-05-09 00:08 86728 c:\windows\system32\msxml6r.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 83968 c:\windows\system32\mscories.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 48640 c:\windows\system32\mqupgrd.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 48640 c:\windows\system32\mqupgrd.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 95744 c:\windows\system32\mqsec.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 95744 c:\windows\system32\mqsec.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 16896 c:\windows\system32\mqise.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 16896 c:\windows\system32\mqise.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 47104 c:\windows\system32\mqdscli.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 47104 c:\windows\system32\mqdscli.dll
+ 2004-08-10 04:00 . 2009-06-22 11:49 19968 c:\windows\system32\mqbkup.exe
- 2004-08-10 04:00 . 2004-08-10 04:00 19968 c:\windows\system32\mqbkup.exe
+ 2004-08-10 04:00 . 2009-06-26 15:59 16384 c:\windows\system32\jsproxy.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 16384 c:\windows\system32\jsproxy.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 96256 c:\windows\system32\inseng.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 96256 c:\windows\system32\inseng.dll
+ 2008-07-30 02:24 . 2008-07-30 02:24 97800 c:\windows\system32\infocardapi.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 81920 c:\windows\system32\ieencode.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 81920 c:\windows\system32\ieencode.dll
+ 2008-07-30 02:24 . 2008-07-30 02:24 11264 c:\windows\system32\icardres.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 55808 c:\windows\system32\extmgr.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 55808 c:\windows\system32\extmgr.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 73720 c:\windows\system32\dxva2.dll
+ 2004-08-10 04:00 . 2009-06-22 11:48 91776 c:\windows\system32\drivers\mqac.sys
+ 2004-08-10 04:00 . 2009-06-12 11:50 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2004-08-10 11:00 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
+ 2004-08-10 04:00 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 55808 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-10 04:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2004-08-10 04:00 . 2009-06-26 15:59 39424 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2004-08-10 04:00 . 2006-03-01 19:42 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 48640 c:\windows\system32\dllcache\mqupgrd.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 48640 c:\windows\system32\dllcache\mqupgrd.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 16896 c:\windows\system32\dllcache\mqise.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 16896 c:\windows\system32\dllcache\mqise.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 47104 c:\windows\system32\dllcache\mqdscli.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 47104 c:\windows\system32\dllcache\mqdscli.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2004-08-10 04:00 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2004-08-10 04:00 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys
- 2004-08-10 04:00 . 2008-10-16 10:20 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 96256 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 96256 c:\windows\system32\dllcache\inseng.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 81920 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-10 04:00 . 2008-10-15 14:18 18432 c:\windows\system32\dllcache\iedw.exe
+ 2004-08-10 04:00 . 2009-06-22 11:40 18432 c:\windows\system32\dllcache\iedw.exe
+ 2004-08-10 04:00 . 2009-07-29 04:53 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 55808 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 55808 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2004-08-10 04:00 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 58880 c:\windows\system32\dllcache\atl.dll
+ 2004-08-10 04:00 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 96760 c:\windows\system32\dfshim.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 96760 c:\windows\system32\dfshim.dll
+ 2005-08-30 20:51 . 2009-10-03 20:25 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-30 20:51 . 2009-10-03 19:56 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-03 20:25 . 2009-10-03 20:25 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-10 04:00 . 2009-06-10 14:21 84992 c:\windows\system32\avifil32.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 84992 c:\windows\system32\avifil32.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-30 04:10 . 2008-07-30 04:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-30 02:59 . 2008-07-30 02:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-30 02:32 . 2008-07-30 02:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
- 2007-10-24 08:47 . 2007-10-24 08:47 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 18:17 . 2008-07-25 18:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2009-10-04 18:41 . 2008-04-14 00:12 50176 c:\windows\LastGood\system32\proquota.exe
+ 2008-07-30 04:07 . 2008-07-30 04:07 23040 c:\windows\Installer\441613a.msp
+ 2009-10-04 15:51 . 2009-10-04 15:51 88576 c:\windows\Installer\43e7837.msi
+ 2007-11-15 22:47 . 2009-10-04 15:59 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-11-15 22:47 . 2008-12-11 11:03 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-11-15 22:47 . 2008-12-11 11:03 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-11-15 22:47 . 2009-10-04 15:59 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-11-15 22:47 . 2009-10-04 15:59 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-11-15 22:47 . 2008-12-11 11:03 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-10-27 05:13 . 2006-10-27 05:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2009-10-04 15:52 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
+ 2009-10-04 15:57 . 2009-10-04 15:57 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe
+ 2009-10-04 15:57 . 2009-10-04 15:57 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d37e1ad1b4cb432c36e3f0b60fc121fb\Microsoft.SqlServer.CustomControls.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
+ 2009-10-04 16:29 . 2009-10-04 16:29 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2009-10-04 15:55 . 2009-10-04 15:55 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2009-10-04 15:55 . 2009-10-04 15:55 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2009-10-04 15:53 . 2009-10-04 15:53 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 4608 c:\windows\system32\mqsvc.exe
+ 2004-08-10 04:00 . 2009-06-22 11:49 4608 c:\windows\system32\mqsvc.exe
- 2004-08-10 04:00 . 2004-08-10 04:00 4608 c:\windows\system32\dllcache\mqsvc.exe
+ 2004-08-10 04:00 . 2009-06-22 11:49 4608 c:\windows\system32\dllcache\mqsvc.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2007-10-24 08:47 . 2007-10-24 08:47 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2009-10-04 15:54 . 2009-10-04 15:54 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-04-12 10:09 . 2008-04-12 10:09 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 04:23 . 2007-11-07 04:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2008-07-30 04:26 . 2008-07-30 04:26 301568 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2006-08-01 01:51 . 2009-06-22 11:26 352768 c:\windows\system32\xpsp3res.dll
+ 2006-10-24 19:30 . 2006-10-24 19:30 276992 c:\windows\system32\WMPhoto.dll
- 2006-10-19 04:47 . 2006-10-19 04:47 295936 c:\windows\system32\wmpeffects.dll
+ 2006-10-19 04:47 . 2008-06-25 01:12 295936 c:\windows\system32\wmpeffects.dll
+ 2004-08-10 04:00 . 2008-06-18 12:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2004-08-10 04:00 . 2007-10-28 00:40 222720 c:\windows\system32\wmasf.dll
+ 2004-08-10 04:00 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll
- 2004-08-10 04:00 . 2006-08-17 12:28 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 668160 c:\windows\system32\wininet.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 351232 c:\windows\system32\winhttp.dll
+ 2004-08-10 04:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
+ 2006-10-24 19:29 . 2006-10-24 19:29 352256 c:\windows\system32\WindowsCodecsExt.dll
+ 2006-10-24 19:30 . 2006-10-24 19:30 716288 c:\windows\system32\WindowsCodecs.dll
+ 2004-08-10 04:00 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-10 04:00 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-10 04:00 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 620032 c:\windows\system32\urlmon.dll
+ 2008-07-30 02:59 . 2008-07-30 02:59 161296 c:\windows\system32\UIAutomationCore.dll
+ 2009-10-04 15:53 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2009-10-04 15:53 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2009-10-04 15:53 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2009-10-04 15:53 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2009-10-04 15:53 . 2008-07-06 12:06 147456 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2009-10-04 15:52 . 2008-07-06 10:50 597504 c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
+ 2009-10-04 15:52 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2009-10-04 15:52 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2009-10-04 15:52 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2009-10-04 15:52 . 2008-07-06 12:06 198656 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2009-10-04 15:52 . 2008-07-06 12:06 765440 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 169472 c:\windows\system32\Setup\msmqocm.dll
+ 2004-08-10 04:00 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe
+ 2004-08-10 04:00 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
- 2004-08-10 04:00 . 2007-07-09 13:09 584192 c:\windows\system32\rpcrt4.dll
+ 2004-08-10 04:00 . 2009-04-15 15:11 584192 c:\windows\system32\rpcrt4.dll
+ 2006-08-24 23:15 . 2006-08-24 23:15 150808 c:\windows\system32\rgb9rast_2.dll
+ 2008-07-30 02:59 . 2008-07-30 02:59 781344 c:\windows\system32\PresentationNative_v0300.dll
+ 2008-07-30 03:35 . 2008-07-30 03:35 326160 c:\windows\system32\PresentationHost.exe
+ 2008-07-30 02:59 . 2008-07-30 02:59 105016 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2006-10-24 19:30 . 2006-10-24 19:30 412160 c:\windows\system32\photometadatahandler.dll
+ 2005-08-31 04:07 . 2009-10-04 16:40 442796 c:\windows\system32\perfh009.dat
+ 2004-08-10 04:00 . 2009-03-06 14:44 283648 c:\windows\system32\pdh.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 283648 c:\windows\system32\pdh.dll
+ 2004-08-10 11:00 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll
+ 2004-08-10 04:00 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 532480 c:\windows\system32\mstime.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 532480 c:\windows\system32\mstime.dll
+ 2004-08-10 04:00 . 2006-12-04 23:21 414720 c:\windows\system32\msscp.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 146432 c:\windows\system32\msrating.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 146432 c:\windows\system32\msrating.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 449024 c:\windows\system32\mshtmled.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 449024 c:\windows\system32\mshtmled.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 158720 c:\windows\system32\mscorier.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 158720 c:\windows\system32\mscorier.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 282112 c:\windows\system32\mscoree.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 282112 c:\windows\system32\mscoree.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 471552 c:\windows\system32\mqutil.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 471552 c:\windows\system32\mqutil.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 186880 c:\windows\system32\mqtrig.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 186880 c:\windows\system32\mqtrig.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 117248 c:\windows\system32\mqtgsvc.exe
+ 2004-08-10 04:00 . 2009-06-22 11:49 117248 c:\windows\system32\mqtgsvc.exe
+ 2004-08-10 04:00 . 2009-06-25 18:36 517120 c:\windows\system32\mqsnap.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 123392 c:\windows\system32\mqrtdep.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 123392 c:\windows\system32\mqrtdep.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 177152 c:\windows\system32\mqrt.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 177152 c:\windows\system32\mqrt.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 661504 c:\windows\system32\mqqm.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 225280 c:\windows\system32\mqoa.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 225280 c:\windows\system32\mqoa.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 138240 c:\windows\system32\mqad.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 138240 c:\windows\system32\mqad.dll
+ 2004-08-10 04:00 . 2009-02-09 10:20 723456 c:\windows\system32\lsasrv.dll
+ 2004-08-10 04:00 . 2008-06-18 08:09 100864 c:\windows\system32\logagent.exe
- 2004-08-10 04:00 . 2006-10-19 03:03 100864 c:\windows\system32\logagent.exe
+ 2004-08-10 04:00 . 2009-05-07 15:44 344064 c:\windows\system32\localspl.dll
+ 2004-08-10 04:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2004-08-10 04:00 . 2009-08-21 09:46 450560 c:\windows\system32\jscript.dll
- 2004-08-10 04:00 . 2007-12-18 14:40 450560 c:\windows\system32\jscript.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 251904 c:\windows\system32\iepeers.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 251904 c:\windows\system32\iepeers.dll
+ 2008-07-30 02:24 . 2008-07-30 02:24 622080 c:\windows\system32\icardagt.exe
+ 2005-08-31 04:05 . 2009-10-04 16:36 224816 c:\windows\system32\FNTCACHE.DAT
+ 2008-07-30 04:10 . 2008-07-30 04:10 493048 c:\windows\system32\evr.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 205312 c:\windows\system32\dxtrans.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 205312 c:\windows\system32\dxtrans.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 357888 c:\windows\system32\dxtmsft.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-10 04:00 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-10 04:00 . 2009-07-14 06:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-10 04:00 . 2008-06-18 12:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2004-08-10 04:00 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2004-08-10 04:00 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2004-08-10 04:00 . 2007-10-28 00:40 222720 c:\windows\system32\dllcache\wmasf.dll
+ 2004-08-10 04:00 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2004-08-10 04:00 . 2006-08-17 12:28 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 668160 c:\windows\system32\dllcache\wininet.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-10 04:00 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 620032 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-10 04:00 . 2007-06-27 05:10 317440 c:\windows\system32\dllcache\unregmp2.exe
+ 2004-08-10 04:00 . 2009-06-21 22:04 153088 c:\windows\system32\dllcache\triedit.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 153088 c:\windows\system32\dllcache\triedit.dll
+ 2004-08-10 04:00 . 2009-07-29 04:53 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-10 04:00 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe
+ 2004-08-10 04:00 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
- 2004-08-10 04:00 . 2007-07-09 13:09 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-10 04:00 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-10 04:00 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-10 11:00 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-10 04:00 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2004-08-10 04:00 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 532480 c:\windows\system32\dllcache\mstime.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 532480 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-10 04:00 . 2006-12-04 23:21 414720 c:\windows\system32\dllcache\msscp.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 146432 c:\windows\system32\dllcache\msrating.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 146432 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 169472 c:\windows\system32\dllcache\msmqocm.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 449024 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 471552 c:\windows\system32\dllcache\mqutil.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 471552 c:\windows\system32\dllcache\mqutil.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 186880 c:\windows\system32\dllcache\mqtrig.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 186880 c:\windows\system32\dllcache\mqtrig.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 117248 c:\windows\system32\dllcache\mqtgsvc.exe
+ 2004-08-10 04:00 . 2009-06-22 11:49 117248 c:\windows\system32\dllcache\mqtgsvc.exe
+ 2004-08-10 04:00 . 2009-06-25 18:36 517120 c:\windows\system32\dllcache\mqsnap.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 123392 c:\windows\system32\dllcache\mqrtdep.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 123392 c:\windows\system32\dllcache\mqrtdep.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 661504 c:\windows\system32\dllcache\mqqm.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 225280 c:\windows\system32\dllcache\mqoa.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 225280 c:\windows\system32\dllcache\mqoa.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 138240 c:\windows\system32\dllcache\mqad.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 138240 c:\windows\system32\dllcache\mqad.dll
+ 2004-08-10 04:00 . 2009-02-09 10:20 723456 c:\windows\system32\dllcache\lsasrv.dll
- 2004-08-10 04:00 . 2006-10-19 03:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-10 04:00 . 2008-06-18 08:09 100864 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-10 04:00 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2004-08-10 04:00 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
- 2004-08-10 04:00 . 2007-12-18 14:40 450560 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-10 04:00 . 2009-08-21 09:46 450560 c:\windows\system32\dllcache\jscript.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-10 04:00 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 151040 c:\windows\system32\dllcache\cdfview.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 151040 c:\windows\system32\dllcache\cdfview.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-10 04:00 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 151040 c:\windows\system32\cdfview.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 151040 c:\windows\system32\cdfview.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 616960 c:\windows\system32\advapi32.dll
+ 2004-08-10 04:00 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll
part 3
+ 2008-07-30 06:40 . 2008-07-30 06:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-30 01:47 . 2008-07-30 01:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-30 01:47 . 2008-07-30 01:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-30 06:15 . 2008-07-30 06:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-30 06:40 . 2008-07-30 06:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-30 03:35 . 2008-07-30 03:35 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-30 02:59 . 2008-07-30 02:59 132120 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 806928 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 966656 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-30 02:24 . 2008-07-30 02:24 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-11-25 11:59 . 2008-11-25 11:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 392184 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 990032 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2008-12-13 16:58 . 2008-12-13 16:58 754688 c:\windows\Installer\4423d4d.msp
+ 2009-10-04 15:54 . 2009-10-04 15:54 648192 c:\windows\Installer\4423d27.msi
+ 2008-07-30 04:23 . 2008-07-30 04:23 250880 c:\windows\Installer\4416143.msp
+ 2008-07-30 04:28 . 2008-07-30 04:28 278016 c:\windows\Installer\4416141.msp
+ 2008-07-30 02:40 . 2008-07-30 02:40 291840 c:\windows\Installer\441613f.msp
+ 2009-10-04 15:53 . 2009-10-04 15:53 137728 c:\windows\Installer\4416139.msi
+ 2008-07-30 00:35 . 2008-07-30 00:35 553472 c:\windows\Installer\43e783c.msp
+ 2008-07-30 00:33 . 2008-07-30 00:33 506368 c:\windows\Installer\43e783a.msp
+ 2008-07-30 00:37 . 2008-07-30 00:37 911360 c:\windows\Installer\43e7839.msp
+ 2009-10-04 15:50 . 2009-10-04 15:50 871424 c:\windows\Installer\43e7789.msi
+ 2009-05-27 01:53 . 2009-05-27 01:53 579072 c:\windows\Installer\438c534.msp
+ 2007-11-15 22:47 . 2009-10-04 15:59 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-11-15 22:47 . 2008-12-11 11:03 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-11-15 22:47 . 2008-12-11 11:03 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-11-15 22:47 . 2009-10-04 15:59 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2007-11-15 22:47 . 2008-12-11 11:03 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2007-11-15 22:47 . 2009-10-04 15:59 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2007-11-15 22:47 . 2008-12-11 11:03 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-11-15 22:47 . 2009-10-04 15:59 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2004-08-10 04:00 . 2007-06-27 05:10 317440 c:\windows\inf\unregmp2.exe
+ 2004-08-10 10:11 . 2009-08-18 17:55 179712 c:\windows\ehome\ehkeyctl.dll
+ 2009-10-04 15:52 . 2008-03-13 04:52 761344 c:\windows\Driver Cache\i386\unires.dll
+ 2009-10-04 15:52 . 2008-07-06 12:06 744960 c:\windows\Driver Cache\i386\unidrvui.dll
+ 2009-10-04 15:52 . 2008-07-06 12:06 373248 c:\windows\Driver Cache\i386\unidrv.dll
+ 2009-10-04 15:52 . 2008-07-06 12:06 198656 c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2009-10-04 15:52 . 2008-07-06 12:06 765440 c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
+ 2009-10-04 15:59 . 2009-10-04 15:59 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2009-10-04 16:29 . 2009-10-04 16:29 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2009-10-04 15:58 . 2009-10-04 15:58 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll
+ 2009-10-04 15:58 . 2009-10-04 15:58 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
+ 2009-10-04 15:58 . 2009-10-04 15:58 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
+ 2009-10-04 15:58 . 2009-10-04 15:58 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
+ 2009-10-04 16:29 . 2009-10-04 16:29 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\da1fb799e2b232fb6787fc036cc5154d\Microsoft.SqlServer.Setup.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 989184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b4966c8609e8ccac78d186076dd04c55\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 530432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\36c6b5589c08cda7d8a063d6d6566c07\Microsoft.SqlServer.GridControl.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 231936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\70b1784f238cd25f66d8c0f53626f7b3\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
+ 2009-10-04 16:29 . 2009-10-04 16:29 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-04 15:55 . 2009-10-04 15:55 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-04 15:55 . 2009-10-04 15:55 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-10-04 15:57 . 2009-10-04 15:57 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2009-10-04 15:57 . 2009-10-04 15:57 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 966656 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-10-04 15:57 . 2009-10-04 15:57 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2009-10-04 15:57 . 2009-10-04 15:57 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-10-04 15:55 . 2009-10-04 15:55 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-10-04 15:47 . 2009-10-04 15:47 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
- 2009-05-01 19:08 . 2009-05-01 19:08 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiplay.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
- 2009-05-01 19:08 . 2009-05-01 19:08 868352 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 868352 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
+ 2004-08-10 04:00 . 2009-05-20 11:56 2458112 c:\windows\system32\WMVCore.dll
+ 2004-08-10 04:00 . 2009-04-17 09:58 1846656 c:\windows\system32\win32k.sys
+ 2009-10-04 15:53 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2009-10-04 15:53 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2009-10-04 15:53 . 2008-07-07 00:36 2936832 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2009-10-04 15:53 . 2008-07-07 00:36 2936832 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2009-10-04 15:52 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2004-08-10 04:00 . 2009-07-18 16:00 1509888 c:\windows\system32\shdocvw.dll
+ 2004-08-10 04:00 . 2009-06-03 19:24 1291264 c:\windows\system32\quartz.dll
+ 2004-08-10 11:00 . 2009-02-06 17:22 2136064 c:\windows\system32\ntoskrnl.exe
- 2004-08-10 11:00 . 2008-08-14 09:58 2136064 c:\windows\system32\ntoskrnl.exe
- 2004-08-10 11:00 . 2008-08-14 09:22 2015744 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-10 11:00 . 2009-02-06 16:49 2015744 c:\windows\system32\ntkrnlpa.exe
+ 2007-05-15 22:43 . 2007-05-15 22:43 1320800 c:\windows\system32\msxml6.dll
+ 2004-08-10 04:00 . 2009-07-18 16:00 3069440 c:\windows\system32\mshtml.dll
+ 2004-08-10 04:00 . 2009-05-20 11:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-10 04:00 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-10 04:00 . 2009-07-18 16:00 1509888 c:\windows\system32\dllcache\shdocvw.dll
+ 2004-08-10 04:00 . 2009-06-03 19:24 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2007-03-13 18:20 . 2009-02-06 17:24 2180480 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2007-03-13 18:20 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-03-13 18:20 . 2008-08-14 09:22 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
- 2006-12-19 11:55 . 2008-08-14 09:22 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2006-12-19 11:55 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-03-13 18:20 . 2008-08-14 09:58 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2007-03-13 18:20 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-10 04:00 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2004-08-10 04:00 . 2009-07-18 16:00 3069440 c:\windows\system32\dllcache\mshtml.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 1054208 c:\windows\system32\dllcache\danim.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 1054208 c:\windows\system32\dllcache\danim.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 1024000 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 1024000 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 1054208 c:\windows\system32\danim.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 1054208 c:\windows\system32\danim.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 1024000 c:\windows\system32\browseui.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 1024000 c:\windows\system32\browseui.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-30 01:47 . 2008-07-30 01:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-12-06 02:35 . 2008-12-06 02:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 2637840 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 4883464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-12-06 03:12 . 2008-12-06 03:12 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-11-25 11:59 . 2008-11-25 11:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 3149824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 5813576 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 1163768 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2009-05-04 14:46 . 2009-05-04 14:46 8299008 c:\windows\Installer\4423d73.msp
+ 2009-05-04 14:47 . 2009-05-04 14:47 9124864 c:\windows\Installer\4423d60.msp
+ 2008-12-13 16:57 . 2008-12-13 16:57 8397824 c:\windows\Installer\4423d36.msp
+ 2008-07-30 02:26 . 2008-07-30 02:26 1043456 c:\windows\Installer\4416142.msp
+ 2008-07-30 03:37 . 2008-07-30 03:37 2679808 c:\windows\Installer\4416140.msp
+ 2008-07-30 04:15 . 2008-07-30 04:15 3697664 c:\windows\Installer\441613e.msp
+ 2008-07-30 02:34 . 2008-07-30 02:34 1448448 c:\windows\Installer\441613d.msp
+ 2008-07-30 03:22 . 2008-07-30 03:22 4137984 c:\windows\Installer\441613c.msp
+ 2008-07-30 02:18 . 2008-07-30 02:18 3376640 c:\windows\Installer\441613b.msp
+ 2008-07-30 00:45 . 2008-07-30 00:45 2543616 c:\windows\Installer\43e7840.msp
+ 2008-07-30 00:29 . 2008-07-30 00:29 2926080 c:\windows\Installer\43e783f.msp
+ 2008-07-30 00:41 . 2008-07-30 00:41 6487040 c:\windows\Installer\43e783e.msp
+ 2008-07-30 00:39 . 2008-07-30 00:39 3403264 c:\windows\Installer\43e783d.msp
+ 2008-07-30 00:43 . 2008-07-30 00:43 1013248 c:\windows\Installer\43e783b.msp
+ 2008-07-30 00:31 . 2008-07-30 00:31 6083072 c:\windows\Installer\43e7838.msp
+ 2009-04-24 19:30 . 2009-04-24 19:30 2583552 c:\windows\Installer\438c56d.msp
+ 2009-02-26 02:08 . 2009-02-26 02:08 8311808 c:\windows\Installer\438c559.msp
+ 2009-04-24 19:28 . 2009-04-24 19:28 4450816 c:\windows\Installer\438c548.msp
+ 2009-04-24 19:29 . 2009-04-24 19:29 9013760 c:\windows\Installer\438c522.msp
- 2007-11-15 22:47 . 2008-12-11 11:03 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-11-15 22:47 . 2009-10-04 15:59 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-03-13 18:20 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2007-03-13 18:20 . 2008-08-14 09:22 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2007-03-13 18:20 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2006-12-19 11:55 . 2008-08-14 09:22 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2006-12-19 11:55 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2007-03-13 18:20 . 2008-08-14 09:58 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2007-03-13 18:20 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
part 4
+ 2009-10-04 15:57 . 2009-10-04 15:57 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll
+ 2009-10-04 15:57 . 2009-10-04 15:57 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4FF.tmp\System.dll
+ 2009-10-04 15:57 . 2009-10-04 15:57 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll
+ 2009-10-04 15:58 . 2009-10-04 15:58 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
+ 2009-10-04 15:58 . 2009-10-04 15:58 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\0bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll
+ 2009-10-04 15:58 . 2009-10-04 15:58 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
+ 2009-10-04 15:58 . 2009-10-04 15:58 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll
+ 2009-10-04 15:58 . 2009-10-04 15:58 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll
+ 2009-10-04 15:57 . 2009-10-04 15:57 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 1245184 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2009-10-04 15:55 . 2009-10-04 15:55 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-10-04 15:57 . 2009-10-04 15:57 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2009-10-04 15:55 . 2009-10-04 15:55 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2009-10-04 15:55 . 2009-10-04 15:55 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
- 2009-05-01 19:08 . 2009-05-01 19:08 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\ehcm.dll
+ 2004-08-10 04:00 . 2009-07-14 06:43 10841088 c:\windows\system32\wmp.dll
+ 2004-08-10 04:00 . 2009-07-14 06:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2008-12-13 17:21 . 2008-12-13 17:21 10473472 c:\windows\Installer\4423d41.msp
+ 2009-10-04 15:55 . 2009-10-04 15:55 12213248 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3FC.tmp\PresentationCore.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\85a68b5908535729e0458a1a58001df3\System.ServiceModel.ni.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8ee220bc3cce4f7bbd7818946519ed7f\System.Design.ni.dll
+ 2009-10-04 15:58 . 2009-10-04 15:58 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll
+ 2009-10-04 15:57 . 2009-10-04 15:57 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL 9.1c\AOL.EXE" [2008-11-06 50472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-01 180269]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2005-09-27 169984]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-14 16239616]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
mhbupd32.exe [2004-8-9 29184]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli Shtret.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD@ccess.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD@ccess.lnk
backup=c:\windows\pss\DVD@ccess.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^mhbupd32.exe]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\mhbupd32.exe
backup=c:\windows\pss\mhbupd32.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ISPwdSvc"=3 (0x3)
"GameConsoleService"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"sprtsvc_ddoctorv2"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1159913245\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\1159913245\\EE\\aolsoftware.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\AOL 9.1a\\waol.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\AOL 9.1b\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AOL 9.1c\\waol.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
R2 0229931254061299mcinstcleanup;McAfee Application Installer Cleanup (0229931254061299);c:\windows\TEMP\022993~1.EXE [x]
R3 {0D1C65DF-BFC7-4DB1-8A96CF4309C0C846};{0D1C65DF-BFC7-4DB1-8A96CF4309C0C846};c:\windows\System32\svchost.exe [2004-08-10 14336]
S2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [2003-11-22 29156]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ATWPKT2
*Deregistered* - ATWPKT2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
{0D1C65DF-BFC7-4DB1-8A96CF4309C0C846}
.
Contents of the 'Scheduled Tasks' folder
2009-09-25 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-25 04:26]
2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-25 04:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mhcc.edu
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\yafy98wb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query=
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: XULRunner: {B8542336-4284-4675-9352-84D2DE8DE27F} - c:\documents and settings\HP_Administrator\Local Settings\Application Data\{B8542336-4284-4675-9352-84D2DE8DE27F}
FF - HiddenExtension: XULRunner: {5D6BD32C-E7F1-4910-94A0-444E5E7E818F} - c:\documents and settings\Administrator\Local Settings\Application Data\{5D6BD32C-E7F1-4910-94A0-444E5E7E818F}\
---- FIREFOX POLICIES ----
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-mserv - c:\documents and settings\HP_Administrator\Application Data\svcst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 11:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{0D1C65DF-BFC7-4DB1-8A96CF4309C0C846}]
"ServiceDll"="c:\docume~1\HP_ADM~1\LOCALS~1\Temp\11.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(824)
c:\windows\Shtret.dll
.
Completion time: 2009-10-04 11:48
ComboFix-quarantined-files.txt 2009-10-04 18:48
ComboFix2.txt 2009-10-03 20:25
Pre-Run: 202,688,040,960 bytes free
Post-Run: 202,709,901,312 bytes free
1324 --- E O F --- 2009-10-04 15:59
The Malware Bytes Log:
Malwarebytes' Anti-Malware 1.41
Database version: 2905
Windows 5.1.2600 Service Pack 2
10/4/2009 12:05:55 PM
mbam-log-2009-10-04 (12-05-55).txt
Scan type: Quick Scan
Objects scanned: 113803
Time elapsed: 4 minute(s), 57 second(s)
Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 7
Registry Data Items Infected: 5
Folders Infected: 2
Files Infected: 26
Memory Processes Infected:
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (Rogue.AntiVirusPro2010) -> Unloaded process successfully.
C:\Documents and Settings\HP_Administrator\Application Data\seres.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\HP_Administrator\Application Data\svcst.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\fias4051 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus pro 2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: shtret.dll -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\Shtret.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\HelpAssistant\Application Data\seres.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Application Data\lizkavd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Application Data\svcst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\mhbupd32.exe (Trojan.Bredolab) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wpv761253200429.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZM16H6T6\(SC)[1].(N) (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.cfg (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\seres.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\lizkavd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\svcst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\z98a.bin (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wpv031254600698.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wpv081251834303.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\igidony.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Desktop\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
The HiJackThis Log File:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:52 PM, on 10/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\AOL 9.1c\waol.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AOL 9.1c\shellmon.exe
C:\Program Files\Common Files\AOL\1159913245\EE\aolsoftware.exe
c:\program files\common files\aol\1159913245\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1159913245\EE\aolsoftware.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1c\AOL.EXE" -b
O4 - HKUS\S-1-5-21-3280914454-3957047030-2358322178-1007\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1c\AOL.EXE" -b (User '?')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: *.mhcc.edu
O15 - Trusted Zone: http://*.mhcc.edu
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O23 - Service: McAfee Application Installer Cleanup (0229931254061299) (0229931254061299mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\022993~1.EXE (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) - http://www.theoutlookonline.com/news_graphics/115816374922824500.jpg
--
End of file - 9336 bytes
Hello,
Boy, you had a ton of malware, viruses and a rootkit, whatever your doing on the internet you need to change what you have been doing or your going to keep getting infected over and over again, and let me tell ya, there are threats going around now that leave no option but to format and reinstall windows.
Download: DelDomains (http://mvps.org/winhelp2002/DelDomains.inf) and save it to the desktop.
Close all open windows and your browser
Right Click DelDomains.inf and select > Install
Reboot your computer
Internet Explorer is needed to run this program properly.
What I would like you to do is to reboot your system and then run this scanner and post the log please.
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
I'll inform the owner of this computer to change their browsing habits. As I stated earlier, this isn't my PC. Its the 'family' pc... therefore there's a mathbook of variables I don't want to begin comprehending...
I installed the DelDomains.inf and restarted, but the RSIT.exe isn't functioning.
It will open and begin to try "Writing Header Information" but then an "Autolt Error" occurs with the following issue:
Line -1:
Error: Variable used without being declared.
How should I go about this?
OK, lets run this one
Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.com (http://www.techsupportforum.com/sectools/sUBs/dds)
DDS.scr (http://download.bleepingcomputer.com/sUBs/dds.scr)
DDS.pif (http://www.forospyware.com/sUBs/dds)
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results, click no to the Optional_Scan
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control Here (http://www.bleepingcomputer.com/forums/topic114351.html)
DDS (Ver_09-09-29.01) - NTFSx86
Run by HP_Administrator at 23:57:22.60 on Mon 10/05/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.5.0_12
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.aol.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
uRun: [AOL Fast Start] "c:\program files\aol 9.1c\AOL.EXE" -b
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Lexmark X74-X75] "c:\program files\lexmark x74-x75\lxbbbmgr.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\yafy98wb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query=
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XULRunner: {B8542336-4284-4675-9352-84D2DE8DE27F} - c:\documents and settings\hp_administrator\local settings\application data\{B8542336-4284-4675-9352-84D2DE8DE27F}
FF - HiddenExtension: XULRunner: {5D6BD32C-E7F1-4910-94A0-444E5E7E818F} - c:\documents and settings\administrator\local settings\application data\{5d6bd32c-e7f1-4910-94a0-444e5e7e818f}\
---- FIREFOX POLICIES ----
FF - user.js: browser.sessionstore.resume_from_crash - false
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2009-10-05 09:49 54,156 a---h--- c:\windows\QTFont.qfn
2009-10-04 12:21 <DIR> --d----- c:\program files\Trend Micro
2009-10-04 12:00 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2009-10-04 12:00 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-04 12:00 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-04 12:00 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-04 12:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-04 11:59 19,992 a------- c:\windows\system32\qetygyfin.vbs
2009-10-04 11:59 16,773 a------- c:\windows\ekopunolo.reg
2009-10-04 11:59 16,577 a------- c:\docume~1\alluse~1\applic~1\wumilece.sys
2009-10-04 11:59 15,692 a------- c:\docume~1\hp_adm~1\applic~1\ifokojabe.scr
2009-10-04 11:59 15,264 a------- c:\windows\gycyfeda.exe
2009-10-04 11:59 14,148 a------- c:\docume~1\alluse~1\applic~1\ewawehepu.bin
2009-10-04 11:59 14,096 a------- c:\docume~1\hp_adm~1\applic~1\irimavese.reg
2009-10-04 11:59 12,048 a------- c:\program files\common files\oqacicok.com
2009-10-04 11:59 11,053 a------- c:\windows\gavuboz._sy
2009-10-04 11:59 10,940 a------- c:\program files\common files\kumahig.bin
2009-10-04 11:59 10,549 a------- c:\program files\common files\biwu.scr
2009-10-04 11:59 10,358 a------- c:\docume~1\hp_adm~1\applic~1\qapysoc.sys
2009-10-04 11:00 14,683 a------- c:\windows\system32\vaqavisahi.db
2009-10-04 08:53 <DIR> --d----- c:\windows\system32\XPSViewer
2009-10-04 08:52 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-10-04 08:52 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-04 08:52 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-04 08:52 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-10-04 08:52 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-04 08:52 117,760 -------- c:\windows\system32\prntvpt.dll
2009-10-04 08:52 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-04 08:52 <DIR> --d----- C:\5fb73fb5a2ff3b786c24050f2cbed684
2009-10-04 08:50 <DIR> --d----- c:\program files\MSXML 6.0
2009-10-04 08:44 <DIR> --d----- c:\windows\ServicePackFiles
2009-10-03 12:39 229,888 a------- c:\windows\PEV.exe
2009-10-03 12:39 161,792 a------- c:\windows\SWREG.exe
2009-10-03 12:39 98,816 a------- c:\windows\sed.exe
2009-09-27 03:19 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-09-27 02:59 <DIR> --d----- c:\program files\PALADIN
2009-09-27 02:40 <DIR> --d----- c:\program files\Search & Destroy
2009-09-27 02:03 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\McAfee
2009-09-24 21:41 9,409 a------- c:\windows\system32\Config.MPF
2009-09-24 21:38 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-09-24 21:38 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-09-24 21:38 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-09-24 21:38 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-09-24 21:37 <DIR> --d----- c:\program files\common files\McAfee
2009-09-24 21:37 <DIR> --d----- c:\program files\McAfee.com
2009-09-24 21:35 34,248 a------- c:\windows\system32\drivers\mferkdk.sys
2009-09-24 21:05 <DIR> --d----- c:\program files\McAfee
2009-09-24 20:01 16,099 a------- c:\windows\ferital.db
2009-09-22 18:04 <DIR> --d----- c:\program files\AOL 9.1c
==================== Find3M ====================
2009-10-05 22:28 18,668 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2009-10-04 11:59 10,935 a------- c:\program files\common files\niseloj.dl
2009-08-21 02:46 450,560 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-05 02:11 204,800 -------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-28 21:53 119,808 -------- c:\windows\system32\t2embed.dll
2009-07-28 21:53 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-07-28 21:53 82,432 -------- c:\windows\system32\fontsub.dll
2009-07-28 21:53 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-07-18 09:00 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-07-18 09:00 3,069,440 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 11:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 06:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-05-13 18:47 61,224 a------- c:\documents and settings\hp_administrator\GoToAssistDownloadHelper.exe
============= FINISH: 23:57:55.75 ===============
Hi,
You need to enable windows to Show all Files and Folders
Instructions for your Operating System HERE (http://www.bleepingcomputer.com/tutorials/tutorial62.html)
Delete all these files and leave them in the Recycle Bin for a few days.
c:\docume~1\alluse~1\applic~1\wumilece.sys
c:\program files\common files\oqacicok.com
c:\program files\common files\kumahig.bin
c:\program files\common files\biwu.scr
c:\windows\gycyfeda.exe
c:\windows\gavuboz._sy
c:\windows\ekopunolo.reg
c:\windows\system32\vaqavisahi.db
c:\windows\system32\qetygyfin.vbs
c:\Documents and settings\hp_adm~1
Please run this free online virus scanner from ESET (http://www.eset.eu/online-scanner)
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=18baaec4d98d9442964c5470a95f2bc0
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-08 02:41:50
# local_time=2009-10-07 07:41:50 (-0800, Pacific Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5121 21 100 85 31504883593750
# scanned=130622
# found=32
# cleaned=32
# scan_time=4787
C:\Documents and Settings\HP_Administrator\Local Settings\temp\C.tmp a variant of Win32/Mebroot.CK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HP_Administrator\Local Settings\temp\~TMB.tmp Win32/TrojanDownloader.Bredolab.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\hp\bin\wbug\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Administrator\Application Data\lizkavd.exe.vir a variant of Win32/Kryptik.ASB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Administrator\Application Data\seres.exe.vir a variant of Win32/Kryptik.ASB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Administrator\Application Data\svcst.exe.vir a variant of Win32/Kryptik.ASB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe.vir a variant of Win32/Kryptik.ASB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\9129837.exe.vir a variant of Win32/Kryptik.ARF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir a variant of Win32/Kryptik.YQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\_scui.cpl.vir a variant of Win32/Kryptik.ASB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir Win32/TrojanDownloader.Bredolab.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP14\A0004245.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0002738.exe a variant of Win32/Kryptik.ARF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0002739.exe Win32/TrojanDownloader.Bredolab.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0003617.exe a variant of Win32/Kryptik.ASB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0003667.exe a variant of Win32/Kryptik.ASB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0003670.exe Win32/TrojanDownloader.Bredolab.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP9\A0003809.exe a variant of Win32/Kryptik.ASB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\pss\mhbupd32.exeStartup Win32/TrojanDownloader.Bredolab.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\byezihq Win32/Pinit virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\luftxwe Win32/Pinit virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\nujekn Win32/Pinit virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\rudvp Win32/Pinit virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\vfmt Win32/Pinit virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\zxpzgfim Win32/Pinit virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dllcache\user32.dll Win32/Pinit virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\dllcache\zser32.tmp Win32/Pinit virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\wbem\proquota.exe Win32/TrojanDownloader.Bredolab.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\I386\APPS\APP02906\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
D:\I386\APPS\APP02906\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP14\A0004248.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP14\A0004249.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
Hello,
Where you able to delete the files I posted ? ESET found some more junk, some of it being backups of what the other scans removed.
Lets take a final check and also let me know how things are running now?
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
DJToast as it has been four days or more since your last post, and the helper assisting you posted a response to which you did not reply, this topic has been archived and will not be re-opened. If you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread.
Please do not add any logs that might have been requested previously, you would be starting fresh.
Applies only to the original poster, anyone else with similar problems please start your own topic.
Thank you Ken.