Understood- Luckily this laptop was being used mainly for internet and email access.
ComboFix 12-01-23.02 - adnott 01/27/2012 23:39:04.2.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.984 [GMT -5:00]
Running from: c:\documents and settings\adnott\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\adnott\Application Data\dplaysvr.exe
c:\documents and settings\adnott\Application Data\dplayx.dll
c:\documents and settings\All Users\Application Data\iSecurity.exe
c:\windows\$NtUninstallKB4573$\3788501010\@
c:\windows\$NtUninstallKB4573$\3788501010\bckfg.tmp
c:\windows\$NtUninstallKB4573$\3788501010\cfg.ini
c:\windows\$NtUninstallKB4573$\3788501010\Desktop.ini
c:\windows\$NtUninstallKB4573$\3788501010\keywords
c:\windows\$NtUninstallKB4573$\3788501010\kwrd.dll
c:\windows\$NtUninstallKB4573$\3788501010\L\iahonoel
c:\windows\$NtUninstallKB4573$\3788501010\lsflt7.ver
c:\windows\$NtUninstallKB4573$\3788501010\U\00000001.@
c:\windows\$NtUninstallKB4573$\3788501010\U\00000002.@
c:\windows\$NtUninstallKB4573$\3788501010\U\00000004.@
c:\windows\$NtUninstallKB4573$\3788501010\U\80000000.@
c:\windows\$NtUninstallKB4573$\3788501010\U\80000004.@
c:\windows\$NtUninstallKB4573$\3788501010\U\80000032.@
c:\windows\$NtUninstallKB4573$\4237292630 . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-28 )))))))))))))))))))))))))))))))
.
.
2012-01-28 03:02 . 2012-01-28 03:02 -------- d-----w- C:\812b3a270406fef196d1
2012-01-26 06:22 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-01-26 06:22 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-01-26 05:26 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-01-26 00:28 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AACE2563-7A60-42A2-BF97-6178083B7498}\mpengine.dll
2012-01-23 20:21 . 2012-01-23 20:21 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-01-23 20:21 . 2012-01-23 20:21 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-01-23 20:21 . 2012-01-23 20:21 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-23 20:21 . 2012-01-23 20:21 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-23 20:21 . 2012-01-23 20:21 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-23 20:21 . 2012-01-23 20:21 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-22 16:20 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-15 16:52 . 2012-01-17 03:07 -------- d-----w- c:\program files\trend micro
2012-01-15 16:52 . 2012-01-15 16:52 -------- d-----w- C:\rsit
2012-01-11 01:45 . 2012-01-11 01:45 -------- d-----w- c:\program files\ERUNT
2012-01-10 03:52 . 2012-01-10 10:46 14664 ----a-w- c:\windows\stinger.sys
2012-01-08 23:28 . 2012-01-09 13:56 -------- d-----w- c:\windows\Microsoft Antimalware
2012-01-08 23:28 . 2012-01-08 23:28 -------- d-----w- c:\windows\Windows Defender Offline
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-04 09:26 . 2011-05-21 14:13 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-21 10:47 . 2011-06-30 11:06 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-18 12:35 . 2004-08-04 11:00 60416 ----a-w- c:\windows\system32\packager.exe
2000-06-05 21:47 . 2000-06-05 21:47 32768 ----a-w- c:\program files\mozilla firefox\plugins\AppSub32.dll
2012-01-23 20:21 . 2011-05-20 22:44 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-26_01.42.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-14 01:17 . 2011-05-14 01:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 06:06 . 2011-05-14 06:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 06:23 . 2011-05-14 06:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 23:37 . 2011-05-13 23:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2012-01-28 05:18 . 2012-01-28 05:18 16384 c:\windows\temp\Perflib_Perfdata_600.dat
+ 2012-01-28 05:18 . 2012-01-28 05:18 16384 c:\windows\temp\Perflib_Perfdata_35c.dat
+ 2007-01-29 08:58 . 2011-11-08 13:46 46080 c:\windows\SYSTEM32\tzchange.exe
- 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\SYSTEM32\tzchange.exe
+ 2004-08-04 11:00 . 2011-07-08 14:02 10496 c:\windows\SYSTEM32\DRIVERS\ndistapi.sys
+ 2004-08-04 11:00 . 2009-04-20 17:17 45568 c:\windows\SYSTEM32\dnsrslvr.dll
- 2004-08-04 11:00 . 2008-04-14 00:11 45568 c:\windows\SYSTEM32\dnsrslvr.dll
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\SYSTEM32\DLLCACHE\packager.exe
+ 2009-04-20 17:17 . 2009-04-20 17:17 45568 c:\windows\SYSTEM32\DLLCACHE\dnsrslvr.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\SYSTEM32\DLLCACHE\csrsrv.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\SYSTEM32\DLLCACHE\csrsrv.dll
+ 2004-08-04 11:00 . 2011-10-28 05:31 33280 c:\windows\SYSTEM32\csrsrv.dll
- 2004-08-04 11:00 . 2010-12-09 14:30 33280 c:\windows\SYSTEM32\csrsrv.dll
+ 2012-01-27 03:39 . 2012-01-27 03:39 19968 c:\windows\Installer\5c090.msi
- 2005-01-10 15:11 . 2011-03-11 12:47 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-01-10 15:11 . 2011-03-11 12:47 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-01-10 15:11 . 2011-03-11 12:47 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-01-10 15:11 . 2011-03-11 12:47 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2012-01-28 01:24 . 2012-01-28 01:24 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-12-28 15:16 . 2010-12-28 15:16 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-12-28 14:58 . 2010-12-28 14:58 77824 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 77824 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-12-28 14:57 . 2010-12-28 14:57 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 32768 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 32768 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 12800 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 12800 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 28672 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 28672 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 77824 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 77824 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 36864 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 36864 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 77824 c:\windows\ASSEMBLY\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 77824 c:\windows\ASSEMBLY\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 13312 c:\windows\ASSEMBLY\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 13312 c:\windows\ASSEMBLY\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 10752 c:\windows\ASSEMBLY\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 10752 c:\windows\ASSEMBLY\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 72192 c:\windows\ASSEMBLY\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 72192 c:\windows\ASSEMBLY\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 69120 c:\windows\ASSEMBLY\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 69120 c:\windows\ASSEMBLY\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-04-16 01:56 . 2010-08-26 12:52 5120 c:\windows\SYSTEM32\xpsp4res.dll
+ 2009-04-16 01:56 . 2011-02-17 12:32 5120 c:\windows\SYSTEM32\xpsp4res.dll
- 2005-01-10 15:11 . 2011-03-11 12:47 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2010-12-28 14:58 . 2010-12-28 14:58 7168 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 7168 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 5632 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-12-28 14:59 . 2010-12-28 14:59 5632 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-12-28 14:58 . 2010-12-28 14:58 6656 c:\windows\ASSEMBLY\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 6656 c:\windows\ASSEMBLY\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 8192 c:\windows\ASSEMBLY\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 8192 c:\windows\ASSEMBLY\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-05-14 06:17 . 2011-05-14 06:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 06:12 . 2011-05-14 06:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 06:11 . 2011-05-14 06:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
+ 2004-08-04 11:00 . 2011-03-04 06:37 420864 c:\windows\SYSTEM32\vbscript.dll
+ 2004-08-04 11:00 . 2011-04-29 17:25 151552 c:\windows\SYSTEM32\schannel.dll
- 2004-08-04 11:00 . 2008-06-20 17:46 245248 c:\windows\SYSTEM32\mswsock.dll
+ 2004-08-04 11:00 . 2008-06-20 16:02 245248 c:\windows\SYSTEM32\mswsock.dll
- 2004-08-04 11:00 . 2010-09-18 17:23 974848 c:\windows\SYSTEM32\mfc42u.dll
+ 2004-08-04 11:00 . 2011-02-08 13:33 974848 c:\windows\SYSTEM32\mfc42u.dll
+ 2004-08-04 11:00 . 2011-02-08 13:33 978944 c:\windows\SYSTEM32\mfc42.dll
- 2004-08-04 11:00 . 2009-12-09 05:53 726528 c:\windows\SYSTEM32\jscript.dll
+ 2004-08-04 11:00 . 2011-03-04 06:37 726528 c:\windows\SYSTEM32\jscript.dll
- 2004-08-11 23:20 . 2011-02-10 15:33 484488 c:\windows\SYSTEM32\FNTCACHE.DAT
+ 2004-08-11 23:20 . 2012-01-28 03:51 484488 c:\windows\SYSTEM32\FNTCACHE.DAT
- 2004-08-04 11:00 . 2011-02-09 13:53 186880 c:\windows\SYSTEM32\encdec.dll
+ 2004-08-04 11:00 . 2011-10-18 11:13 186880 c:\windows\SYSTEM32\encdec.dll
+ 2004-08-04 11:00 . 2011-02-17 13:18 357888 c:\windows\SYSTEM32\DRIVERS\srv.sys
+ 2004-08-04 11:00 . 2011-06-24 14:10 139656 c:\windows\SYSTEM32\DRIVERS\rdpwd.sys
- 2004-08-04 11:00 . 2008-04-14 00:13 139656 c:\windows\SYSTEM32\DRIVERS\rdpwd.sys
+ 2004-08-04 11:00 . 2011-04-21 13:37 105472 c:\windows\SYSTEM32\DRIVERS\mup.sys
+ 2004-08-04 11:00 . 2011-08-17 13:49 138496 c:\windows\SYSTEM32\DRIVERS\afd.sys
- 2004-08-04 11:00 . 2008-08-14 10:04 138496 c:\windows\SYSTEM32\DRIVERS\afd.sys
+ 2004-08-04 11:00 . 2011-03-03 06:55 149504 c:\windows\SYSTEM32\dnsapi.dll
+ 2004-08-04 11:00 . 2011-04-30 03:01 758784 c:\windows\SYSTEM32\DLLCACHE\vgx.dll
+ 2008-05-09 10:53 . 2011-03-04 06:37 420864 c:\windows\SYSTEM32\DLLCACHE\vbscript.dll
+ 2008-10-14 23:35 . 2011-02-17 13:18 357888 c:\windows\SYSTEM32\DLLCACHE\srv.sys
+ 2008-12-05 06:54 . 2011-04-29 17:25 151552 c:\windows\SYSTEM32\DLLCACHE\schannel.dll
+ 2008-06-20 17:46 . 2008-06-20 16:02 245248 c:\windows\SYSTEM32\DLLCACHE\mswsock.dll
- 2008-06-20 17:46 . 2008-06-20 17:46 245248 c:\windows\SYSTEM32\DLLCACHE\mswsock.dll
+ 2006-10-14 08:13 . 2011-02-08 13:33 974848 c:\windows\SYSTEM32\DLLCACHE\mfc42u.dll
- 2006-10-14 08:13 . 2010-09-18 17:23 974848 c:\windows\SYSTEM32\DLLCACHE\mfc42u.dll
+ 2010-12-27 18:10 . 2011-02-08 13:33 978944 c:\windows\SYSTEM32\DLLCACHE\mfc42.dll
- 2008-05-09 10:53 . 2009-12-09 05:53 726528 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
+ 2008-05-09 10:53 . 2011-03-04 06:37 726528 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
- 2011-02-09 13:53 . 2011-02-09 13:53 186880 c:\windows\SYSTEM32\DLLCACHE\encdec.dll
+ 2011-02-09 13:53 . 2011-10-18 11:13 186880 c:\windows\SYSTEM32\DLLCACHE\encdec.dll
+ 2008-06-20 17:46 . 2011-03-03 06:55 149504 c:\windows\SYSTEM32\DLLCACHE\dnsapi.dll
+ 2010-04-20 05:30 . 2011-02-15 12:56 290432 c:\windows\SYSTEM32\DLLCACHE\atmfd.dll
+ 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\SYSTEM32\DLLCACHE\afd.sys
- 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\SYSTEM32\DLLCACHE\afd.sys
+ 2004-08-04 11:00 . 2011-02-15 12:56 290432 c:\windows\SYSTEM32\atmfd.dll
+ 2012-01-28 00:30 . 2012-01-28 00:30 467456 c:\windows\Installer\2c8cf06.msi
+ 2005-01-10 15:11 . 2012-01-28 02:48 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-01-10 15:11 . 2011-03-11 12:47 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-01-10 15:11 . 2011-03-11 12:47 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2005-01-10 15:11 . 2011-03-11 12:47 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2005-01-10 15:11 . 2011-03-11 12:47 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2005-01-10 15:11 . 2012-01-28 02:48 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2005-01-28 04:39 . 2011-03-11 12:47 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2005-01-28 04:39 . 2012-01-28 02:54 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2012-01-27 05:10 . 2009-03-08 08:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2012-01-27 05:10 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2012-01-27 05:10 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2012-01-27 23:38 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2012-01-27 23:38 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2012-01-27 23:38 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2012-01-27 23:38 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2012-01-28 05:28 . 2012-01-28 05:28 385024 c:\windows\ERDNT\AutoBackup\1-28-2012\Users\00000002\UsrClass.dat
+ 2012-01-28 05:28 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\1-28-2012\ERDNT.EXE
+ 2012-01-28 05:26 . 2012-01-28 05:26 839680 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 839680 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 835584 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 835584 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 114688 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 114688 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 131072 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 131072 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 303104 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 303104 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 372736 c:\windows\ASSEMBLY\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 372736 c:\windows\ASSEMBLY\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 626688 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 626688 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 401408 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 401408 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 188416 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 188416 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-12-28 15:00 . 2010-12-28 15:00 970752 c:\windows\ASSEMBLY\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 970752 c:\windows\ASSEMBLY\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-12-28 15:00 . 2010-12-28 15:00 745472 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 745472 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 425984 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-12-28 15:00 . 2010-12-28 15:00 425984 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 110592 c:\windows\ASSEMBLY\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 110592 c:\windows\ASSEMBLY\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 659456 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 659456 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 372736 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 372736 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 110592 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 110592 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-12-28 14:58 . 2010-12-28 14:58 749568 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 749568 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 655360 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 655360 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 348160 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 348160 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 507904 c:\windows\ASSEMBLY\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-12-28 14:57 . 2010-12-28 14:57 507904 c:\windows\ASSEMBLY\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 261632 c:\windows\ASSEMBLY\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 261632 c:\windows\ASSEMBLY\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 113664 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 113664 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 258048 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 258048 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-12-28 15:00 . 2010-12-28 15:00 486400 c:\windows\ASSEMBLY\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 486400 c:\windows\ASSEMBLY\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-26 06:21 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
+ 2011-05-14 01:04 . 2011-05-14 01:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 01:04 . 2011-05-14 01:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2011-11-01 18:34 . 2011-11-01 18:34 1552384 c:\windows\Installer\5c09f.msp
+ 2011-12-06 20:22 . 2011-12-06 20:22 5519360 c:\windows\Installer\5c098.msp
+ 2011-08-10 22:43 . 2011-08-10 22:43 3795968 c:\windows\Installer\5c095.msp
+ 2011-04-29 17:28 . 2011-04-29 17:28 1995264 c:\windows\Installer\5c091.msp
+ 2011-05-17 23:28 . 2011-05-17 23:28 6862848 c:\windows\Installer\5c08b.msp
+ 2011-04-29 18:04 . 2011-04-29 18:04 5053440 c:\windows\Installer\5c08a.msp
+ 2011-10-30 04:10 . 2011-10-30 04:10 6824960 c:\windows\Installer\5c089.msp
+ 2011-09-20 20:36 . 2011-09-20 20:36 5521408 c:\windows\Installer\5c088.msp
+ 2011-10-31 17:37 . 2011-10-31 17:37 4146688 c:\windows\Installer\5c087.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 2531840 c:\windows\Installer\5c084.msp
+ 2011-05-23 19:15 . 2011-05-23 19:15 3617792 c:\windows\Installer\5c083.msp
+ 2011-07-27 12:39 . 2011-07-27 12:39 9892352 c:\windows\Installer\5c080.msp
+ 2011-11-11 21:16 . 2011-11-11 21:16 8458240 c:\windows\Installer\5c07e.msp
+ 2011-12-26 15:00 . 2011-12-26 15:00 2608640 c:\windows\Installer\396b353.msp
+ 2011-12-26 14:59 . 2011-12-26 14:59 4368896 c:\windows\Installer\396b352.msp
+ 2011-12-06 20:22 . 2011-12-06 20:22 5519360 c:\windows\Installer\34388e.msp
+ 2011-08-10 22:43 . 2011-08-10 22:43 3795968 c:\windows\Installer\34388b.msp
+ 2011-04-29 17:28 . 2011-04-29 17:28 1995264 c:\windows\Installer\343887.msp
+ 2011-05-17 23:28 . 2011-05-17 23:28 6862848 c:\windows\Installer\343886.msp
+ 2011-04-29 18:04 . 2011-04-29 18:04 5053440 c:\windows\Installer\343885.msp
+ 2011-10-30 04:10 . 2011-10-30 04:10 6824960 c:\windows\Installer\343884.msp
+ 2011-09-20 20:36 . 2011-09-20 20:36 5521408 c:\windows\Installer\343883.msp
+ 2011-10-31 17:37 . 2011-10-31 17:37 4146688 c:\windows\Installer\343882.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 2531840 c:\windows\Installer\34387f.msp
+ 2011-05-23 19:15 . 2011-05-23 19:15 3617792 c:\windows\Installer\34387e.msp
+ 2011-07-27 12:39 . 2011-07-27 12:39 9892352 c:\windows\Installer\34387b.msp
+ 2011-05-17 23:28 . 2011-05-17 23:28 6862848 c:\windows\Installer\3358571.msp
+ 2011-04-29 18:04 . 2011-04-29 18:04 5053440 c:\windows\Installer\3358560.msp
+ 2011-10-30 04:10 . 2011-10-30 04:10 6824960 c:\windows\Installer\3358539.msp
+ 2011-10-31 17:37 . 2011-10-31 17:37 4146688 c:\windows\Installer\32339be.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 2531840 c:\windows\Installer\32339a8.msp
+ 2011-05-23 19:15 . 2011-05-23 19:15 3617792 c:\windows\Installer\2c8cf31.msp
+ 2012-01-28 00:51 . 2012-01-28 00:52 1067008 c:\windows\Installer\2c8cf21.msi
+ 2011-07-27 12:39 . 2011-07-27 12:39 9892352 c:\windows\Installer\2c8cf0d.msp
+ 2007-04-19 19:09 . 2007-04-19 19:09 1061720 c:\windows\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OMFC.DLL
+ 2012-01-28 05:25 . 2012-01-28 05:25 3182592 c:\windows\ASSEMBLY\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-12-28 15:00 . 2010-12-28 15:00 3182592 c:\windows\ASSEMBLY\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 2048000 c:\windows\ASSEMBLY\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 2048000 c:\windows\ASSEMBLY\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-12-28 14:57 . 2010-12-28 14:57 5025792 c:\windows\ASSEMBLY\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 5025792 c:\windows\ASSEMBLY\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 5062656 c:\windows\ASSEMBLY\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-12-28 14:57 . 2010-12-28 14:57 5062656 c:\windows\ASSEMBLY\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-01-28 05:26 . 2012-01-28 05:26 5242880 c:\windows\ASSEMBLY\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-12-28 14:57 . 2010-12-28 14:57 5242880 c:\windows\ASSEMBLY\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 2933248 c:\windows\ASSEMBLY\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-12-28 15:00 . 2010-12-28 15:00 2933248 c:\windows\ASSEMBLY\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-12-28 14:59 . 2010-12-28 14:59 4550656 c:\windows\ASSEMBLY\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-28 05:25 . 2012-01-28 05:25 4550656 c:\windows\ASSEMBLY\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-07-26 21:33 . 2011-07-26 21:33 10984448 c:\windows\Installer\5c094.msp
+ 2011-07-26 21:33 . 2011-07-26 21:33 10984448 c:\windows\Installer\34388a.msp
+ 2012-01-28 05:28 . 2012-01-28 05:28 14344192 c:\windows\ERDNT\AutoBackup\1-28-2012\Users\00000001\ntuser.dat
+ 2012-01-27 03:19 . 2012-01-27 03:19 14344192 c:\windows\ERDNT\AutoBackup\1-26-2012\Users\00000001\ntuser.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2005-06-07 1339392]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"cdloader"="c:\documents and settings\adnott\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-26 4632576]
"nwiz"="nwiz.exe" [2004-10-26 921600]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-08-22 155648]
"bacstray"="BacsTray.exe" [2003-05-15 98304]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-09-30 57344]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-14 50688]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-04 180269]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-06-06 936960]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]
"Control Center"="c:\program files\TRENDnet\MFP Server\Control Center.exe" [2009-08-04 3294720]
"UMonit"="c:\windows\system32\umonit.exe" [2004-10-28 53248]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\adnott\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-1-26 98304]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-1-10 24576]
Media Card Companion Monitor.lnk - c:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2005-1-21 98304]
MediaManager.lnk - c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaManager.exe [2009-9-10 366136]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2009-9-10 604008]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TRENDnet\\MFP Server\\Control Center.exe"=
"c:\\Documents and Settings\\adnott\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"7303:UDP"= 7303:UDP:Control Center UDP Port
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\SYSTEM32\DRIVERS\RCFOX.SYS [5/2/2006 10:17 PM 91136]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 11:03 AM 169312]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 6:00 AM 14336]
R2 NkPtpEnumP2;NkPtpEnumP2;c:\program files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe [6/17/2005 11:11 AM 24064]
R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/6/2008 9:22 AM 30152]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [10/7/2009 1:48 PM 376680]
R3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;c:\windows\SYSTEM32\DRIVERS\KUSBusByTCPMasterBus.sys [11/11/2008 1:59 PM 70656]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\SYSTEM32\DRIVERS\Pcouffin.sys [1/20/2005 11:31 PM 32416]
R3 VBus;Virtual Bus;c:\windows\SYSTEM32\DRIVERS\NkVBus.sys [6/17/2005 11:11 AM 17664]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\adnott\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\adnott\LOCALS~1\Temp\ALSysIO.sys [?]
S3 BackupReader;BackupReader;c:\windows\SYSTEM32\DRIVERS\BackupReader.sys [4/20/2009 8:49 PM 44784]
S3 fixustor;fixustor;c:\windows\SYSTEM32\DRIVERS\fixustor.sys [10/21/2009 6:30 PM 6016]
S3 KUSBusByTCP;KUSBusByTCP;c:\windows\SYSTEM32\DRIVERS\KUSBusByTCP.sys [11/11/2008 1:59 PM 97664]
S3 PLISp50;PLISp50 NDIS Protocol Driver;c:\windows\SYSTEM32\DRIVERS\PLISp50.sys [1/16/2008 1:21 PM 27072]
S3 PortlUSB;PortlUSB;c:\windows\SYSTEM32\DRIVERS\SiriusUSB.sys [12/28/2005 8:24 PM 7552]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\SYSTEM32\DRIVERS\rcvpn.sys [5/2/2006 10:01 PM 23180]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\adnott\Application Data\Mozilla\Firefox\Profiles\kmroaven.default\
FF - prefs.js: browser.search.defaulturl - hxxp://google.com
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-dplaysvr - c:\documents and settings\adnott\Application Data\dplaysvr.exe
HKCU-Run-Internet Security 2012 - c:\documents and settings\All Users\Application Data\isecurity.exe
HKLM-Run-dplaysvr - c:\documents and settings\adnott\Application Data\dplaysvr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-28 00:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?p\WZSE1.TMP\imagemate-6.30\WinXP\fixustor.sys??????????????????????????A~?5??????????tqQ?l??? ??|`??|????]??|??D~?????????5??F$?|??B~??B~*?,??5????????????????????????????????B~????????????tqQ?????T?????Q?????tqQ???????V????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4090913760-1689954004-2845501671-1006\Software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
@Allowed: (2) (Administrators)
"Policy"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
"Policy"=hex:00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1696)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(1668)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\BacsTray.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Windows Home Server\WHSTrayApp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Verizon\McciBrowser.exe
.
**************************************************************************
.
Completion time: 2012-01-28 00:46:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-28 05:45
ComboFix2.txt 2012-01-26 01:58
.
Pre-Run: 9,334,677,504 bytes free
Post-Run: 7,745,761,280 bytes free
.
- - End Of File - - 8ECAA10D7BE2C85DF7F78D66B0677C9E