Viscious malware won't allow spybot or any other anti maleware to run.

D

DJToast

New member
Title explains the problem:

Malware won't allow spybot or any other anti maleware to run.

Basically as soon as I attempt to run spybot's 'check for problems' function, it immediately shuts down and won't bring the window back up. I can see a cmd prompt window flicker for a split second, but then nothing happens.

I wanna mercilessly destroy the malware causing this.

On a side note:

I believe the malware to be one of those 'false anti spyware protection' programs. A giant red circle with a white X in the center appears, and when clicking on it a fake program pops up offering to fix the problem after i register. I've heard of the scam before, and just want it gone.

Its not my comp, but McAfee is installed. But when attempting a scan with that I get the following error:

Scanning has encountered a problem from which it cannot recover..
Here are the problem details
- Error starting the On Demand scanner

When finished, you will return to the home window.

[ OK ]

Have a feeling the malware is blocking all attempts to cure it.

Renaming the spybot.exe executable isn't fooling it either.
=====================
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
 
Last edited by a moderator:
Hello DJToast

Welcome to Safer Networking.

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

You said its not your computer, the owner should be the one posting ??


Please download RootRepeal one of these locations and save it to your desktop
Here
Here
Here
  • Open
    rootRepealDesktopIcon.png
    on your desktop.
  • Click the
    reportTab.png
    tab.
  • Click the
    btnScan.png
    button.
  • Check just these boxes:
  • post-75503-1250480183.gif
  • Push Ok
  • Check the box for your main system drive (Usually C:, and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the
    saveReport.png
    button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.
 
As in most cases, it isn't my computer. Its my mothers. It is basically used by everyone in the family accept me. But every time something is wrong with it, its my job to fix it. Removing malware is highly above my mom's comprehension.

Here's the rootrepeal log.

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/01 00:56
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF35C8000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B3A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB5521000 Size: 49152 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF7968000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xF3768000 Size: 61440 File Visible: No Signed: -
Status: -

==EOF====EOF==
 
Hi,

Your computer is infected with a Rootkit, we are going to remove it a bit at a time as to not overwhelm you .

Your going to download this program to your desktop, after you run it leave it there because we will need it again.

Download and run Win32kDiag:
  1. Download Win32kDiag from any of the following locations and save it to your Desktop.
  2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  4. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
 
What exactly is a rootkit?

Running from: C:\Documents and Settings\HP_Administrator\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\HP_Administrator\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\aolshare\aolshare

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP685.tmp\ZAP685.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7E9.tmp\ZAP7E9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8C6.tmp\ZAP8C6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\setup.pss\setupupd\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\policy\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\root\root

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e71bf1e24fe2c6e94f08da7e8353e0de\e71bf1e24fe2c6e94f08da7e8353e0de

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2008-04-13 17:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll (Microsoft Corporation)

[1] 2004-08-09 21:00:00 55808 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation)

[1] 2004-08-09 21:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2004-08-09 21:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\system32\wbem\wmiprvse.exe

[1] 2008-04-13 17:12:40 218112 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wmiprvse.exe (Microsoft Corporation)

[1] 2004-08-09 21:00:00 218112 C:\WINDOWS\system32\dllcache\wmiprvse.exe (Microsoft Corporation)

[1] 2004-08-09 21:00:00 218112 C:\WINDOWS\system32\wbem\wmiprvse.exe ()



Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^



Finished!
 
Hello,

A Rootkit is a nasty infection that sometimes is responsible for installing other junk, it hides from most scans and goes undetected so it has been a bit of a problem finding and removing it. RootRepeal is a new program and has been designed to find garbage like this. Your infected with max ++


Win32kdiag should still be on your desktop, so do this next.

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r
Make sure you get all of it, the " at the beginning and the r at the end

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
 
Heres the new log after inputting the start run cmd.

--------------------------------------------------------------------

Running from: C:\Documents and Settings\HP_Administrator\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\HP_Administrator\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143

Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Found mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Found mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533

Found mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864

Found mount point : C:\WINDOWS\aolshare\aolshare

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\aolshare\aolshare

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP685.tmp\ZAP685.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP685.tmp\ZAP685.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7E9.tmp\ZAP7E9.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7E9.tmp\ZAP7E9.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8C6.tmp\ZAP8C6.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8C6.tmp\ZAP8C6.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Minidump\Minidump

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe

Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\security\logs\logs

Found mount point : C:\WINDOWS\setup.pss\setupupd\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\setup.pss\setupupd\temp\temp

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\policy\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\policy\msft\msft

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\root\root

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\root\root

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e71bf1e24fe2c6e94f08da7e8353e0de\e71bf1e24fe2c6e94f08da7e8353e0de

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e71bf1e24fe2c6e94f08da7e8353e0de\e71bf1e24fe2c6e94f08da7e8353e0de

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Cannot access: C:\WINDOWS\system32\eventlog.dll

Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll

[1] 2008-04-13 17:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll (Microsoft Corporation)

[1] 2004-08-09 21:00:00 55808 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation)

[1] 2004-08-09 21:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2004-08-09 21:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\system32\wbem\wmiprvse.exe

Attempting to restore permissions of : C:\WINDOWS\system32\wbem\wmiprvse.exe

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp



Finished!
 
Good Morning,

This rootkit is responsible for you not being able to run any security scans and what we are doing is chipping away at it so we can run a tool to remove it


Please download exeHelper to your desktop.

Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
 
exeHelper by Raktor - 09
Build 20090925
Run at 01:46:28 on 10/03/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

There we have it :]
 
Good Morning,

Great so far. We are going to run Combofix, it may not run unless you rename it.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

CF_download_FF.gif



CF_download_rename.gif


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
I ran combofix, after it restarted the pc it was generating a log and a 60 second countdown began forcing windows to shutdown.

Upon restarting I get this message.

RUNDLL

Error loading C:\WINDOWS\aquwaruyumogavim.dll

The specified module could not be found.

Also, When attempting to load Mcafee to disable it, i get a 60 second countdown for windows to shut down.

Here is the log that was generated:

ComboFix 09-10-01.05 - HP_Administrator 10/03/2009 12:41:31.1.2 - NTFSx86
Running from: C:\Documents and Settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cuysn.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\zofity._sy
C:\Documents and Settings\HP_Administrator\Application Data\alot
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_0\Button_0.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_0\Button_0.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_1\Button_1.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_1\Button_1.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_10\Button_10.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_10\Button_10.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_11\Button_11.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_11\Button_11.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_2\Button_2.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_2\Button_2.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_3\Button_3.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_3\Button_3.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_4\Button_4.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_4\Button_4.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_5\Button_5.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_5\Button_5.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_6\Button_6.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_6\Button_6.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_7\Button_7.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_7\Button_7.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_8\Button_8.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_8\Button_8.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_9\Button_9.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Button_9\Button_9.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\configurator\configurator.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\configurator\configurator.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\postInstallLayout\postInstallLayout.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\products\products.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\products\products.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_2\images\default_267_alot_ref_refsearch.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_3\images\default_268_alot_ref_research.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\alert-icon.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\alert.png
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\clear.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\cloudy.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\default_281_alot_weather_widget.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\foggy.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\mcloud.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\nclear.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\ncloudy.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\nmcloud.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\pcloud.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\rain.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\shower.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\snow.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\tstorm.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\active_default_346_alot_ref_word.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\alert-icon.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\alert.png
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\clear.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\cloudy.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\default_281_alot_weather_widget.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\default_346_alot_ref_word.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\foggy.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\mcloud.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\nclear.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\nmcloud.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\pcloud.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\rain.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\shower.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\snow.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_6\images\default_319_alot_ref_calculator.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_7\images\default_270_alot_mrkt_travel_guides.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_7\images\default_270_alot_ref_mrkt_book.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_7\images\default_270_default_243_alot_news_mrkt_nyt.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_8\images\default_446_alot_mrkt_180.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_8\images\default_446_alot_mrkt_gamevance.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Button_8\images\default_446_alot_ref_mrkt_book.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\domains.dat
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\alot_brand.png
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\spinner.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_btnmin0.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_btnmin1.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_caption.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
C:\Documents and Settings\HP_Administrator\Application Data\alot\TimerManager\TimerManager.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\TimerManager\TimerManager.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\toolbar.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\alot\Updater\Updater.xml
C:\Documents and Settings\HP_Administrator\Application Data\alot\Updater\Updater.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\lizkavd.exe
C:\Documents and Settings\HP_Administrator\Application Data\seres.exe
C:\Documents and Settings\HP_Administrator\Application Data\svcst.exe
C:\Documents and Settings\HP_Administrator\Application Data\wiaserva.log
C:\Documents and Settings\HP_Administrator\Application Data\ytat.dll
C:\Documents and Settings\HP_Administrator\Application Data\ytomi.pif
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\cisusuc._sy
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ilyxuqo.scr
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\sibut._dl
C:\Documents and Settings\LocalService\Application Data\alot
C:\Documents and Settings\LocalService\Application Data\alot\Button_0\Button_0.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_0\Button_0.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_1\Button_1.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_1\Button_1.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_10\Button_10.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_10\Button_10.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_11\Button_11.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_11\Button_11.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_2\Button_2.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_2\Button_2.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_3\Button_3.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_3\Button_3.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_4\Button_4.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_4\Button_4.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_5\Button_5.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_5\Button_5.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_6\Button_6.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_6\Button_6.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_7\Button_7.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_7\Button_7.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_8\Button_8.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_8\Button_8.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\Button_9\Button_9.xml
C:\Documents and Settings\LocalService\Application Data\alot\Button_9\Button_9.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\configurator\configurator.xml
C:\Documents and Settings\LocalService\Application Data\alot\configurator\configurator.xml.backup
C:\Documents and Settings\LocalService\Application Data\alot\TimerManager\TimerManager.xml
C:\Documents and Settings\LocalService\Application Data\alot\TimerManager\TimerManager.xml.backup
C:\nksrq.exe
C:\pphqrer.exe
C:\Program Files\alot
C:\Program Files\alot\alotUninst.exe
C:\Program Files\Common Files\yjasyliha.exe
C:\tlcefbe.exe
C:\WINDOWS\9129837.exe
C:\WINDOWS\aconeloq.exe
C:\WINDOWS\aquwaruyumogavim.dll
C:\WINDOWS\Installer\54f091fc.msi
C:\WINDOWS\kb913800.exe
C:\WINDOWS\mqcd.dbt
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_scui.cpl
C:\WINDOWS\system32\ashl.nq
C:\WINDOWS\system32\gogowito.dll
C:\WINDOWS\system32\lowsec
C:\WINDOWS\system32\lowsec\local.ds
C:\WINDOWS\system32\lowsec\user.ds
C:\WINDOWS\system32\lowsec\user.ds.lll
C:\WINDOWS\system32\wbem\proquota.exe
C:\WINDOWS\system32\yidomabi.dll
C:\WINDOWS\ugilivi.sys
C:\WINDOWS\umuj.bin
C:\WINDOWS\upytyha.exe
C:\WINDOWS\uvir.ban
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://srv-ws-01.discoverconsole.com
hxxp://82.98.235.205
Infected copy of C:\WINDOWS\system32\eventlog.dll was found and disinfected
Restored copy from - C:\WINDOWS\system32\dllcache\eventlog.dll

C:\WINDOWS\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-09-03 to 2009-10-03 )))))))))))))))))))))))))))))))
.

2009-09-27 10:25:49 . 2009-09-27 10:25:49 0 d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\{5D6BD32C-E7F1-4910-94A0-444E5E7E818F}
2009-09-27 10:19:44 . 2009-09-27 10:19:44 0 d--h--w- C:\WINDOWS\system32\GroupPolicy
2009-09-27 09:59:09 . 2009-09-27 10:27:06 0 d-----w- C:\Program Files\PALADIN
2009-09-27 09:40:44 . 2009-09-27 10:24:33 0 d-----w- C:\Program Files\Search & Destroy
2009-09-27 09:03:29 . 2009-09-27 09:03:29 0 d-----w- C:\Documents and Settings\HP_Administrator\Application Data\McAfee
2009-09-25 04:38:30 . 2009-07-08 20:44:20 79816 ----a-w- C:\WINDOWS\system32\drivers\mfeavfk.sys
2009-09-25 04:38:30 . 2009-07-08 20:44:20 40552 ----a-w- C:\WINDOWS\system32\drivers\mfesmfk.sys
2009-09-25 04:38:30 . 2009-07-08 20:44:20 35272 ----a-w- C:\WINDOWS\system32\drivers\mfebopk.sys
2009-09-25 04:38:23 . 2009-07-16 19:32:26 120136 ----a-w- C:\WINDOWS\system32\drivers\Mpfp.sys
2009-09-25 04:37:42 . 2009-09-25 04:38:26 0 d-----w- C:\Program Files\Common Files\McAfee
2009-09-25 04:37:39 . 2009-09-25 04:37:54 0 d-----w- C:\Program Files\McAfee.com
2009-09-25 04:35:12 . 2009-07-08 20:43:46 34248 ----a-w- C:\WINDOWS\system32\drivers\mferkdk.sys
2009-09-25 04:05:59 . 2009-10-03 09:32:06 0 d-----w- C:\Program Files\McAfee
2009-09-25 03:01:47 . 2009-09-25 03:01:47 16524 ----a-w- C:\WINDOWS\ucejeliv.dat
2009-09-25 03:01:42 . 2009-09-25 03:01:42 18660 ----a-w- C:\WINDOWS\mosaxatod.dat
2009-09-25 03:01:39 . 2009-09-25 03:01:39 10487 ----a-w- C:\WINDOWS\system32\tomobico.dat
2009-09-24 22:04:07 . 2009-10-02 04:36:50 120 ----a-w- C:\WINDOWS\Dxilanerulato.dat
2009-09-24 22:04:07 . 2009-10-02 04:36:50 0 ----a-w- C:\WINDOWS\Kqoyedesuvaruku.bin
2009-09-24 22:04:05 . 2009-09-24 22:04:05 0 d-----w- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{B8542336-4284-4675-9352-84D2DE8DE27F}
2009-09-24 21:58:58 . 2009-05-14 01:47:25 61224 ----a-w- C:\Documents and Settings\HelpAssistant\GoToAssistDownloadHelper.exe
2009-09-24 21:53:26 . 2009-09-24 21:53:26 4707 ----a-w- C:\WINDOWS\system32\z98a.bin
2009-09-23 01:04:08 . 2009-09-24 15:08:13 0 d-----w- C:\Program Files\AOL 9.1c
2009-09-20 01:30:55 . 2009-10-03 19:41:13 0 ----a-w- C:\WINDOWS\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 19:50:38 . 2009-10-03 19:51:42 56832 ----a-w- C:\WINDOWS\9129837.exe
2009-09-30 21:45:18 . 2006-10-19 01:21:50 18668 ----a-w- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2009-09-27 10:26:59 . 2009-04-01 22:06:37 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-27 09:38:26 . 2009-04-01 22:06:37 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-09-27 09:05:15 . 2008-01-03 20:45:10 0 d-----w- C:\Program Files\Security Task Manager
2009-09-25 07:38:53 . 2009-05-13 18:11:54 0 d-----w- C:\Documents and Settings\All Users\Application Data\McAfee
2009-09-25 03:35:52 . 2006-08-01 02:25:01 0 d-----w- C:\Program Files\DISC
2009-09-24 15:18:21 . 2006-08-01 02:49:22 0 d-----w- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-09-24 15:07:30 . 2006-10-03 22:13:22 0 d-----w- C:\Documents and Settings\HP_Administrator\Application Data\AOL
2009-09-24 09:59:02 . 2009-05-14 05:15:51 0 d-----w- C:\Program Files\AOL Toolbar
2009-09-23 01:05:41 . 2006-10-03 22:05:14 0 d-----w- C:\Program Files\Common Files\AOL
2009-09-23 01:04:13 . 2006-10-03 22:07:20 0 d-----w- C:\Program Files\Common Files\aolshare
2009-09-23 01:04:08 . 2006-10-03 22:05:14 0 d-----w- C:\Documents and Settings\All Users\Application Data\AOL
2009-09-01 00:58:58 . 2009-08-14 09:08:04 0 d-----w- C:\Program Files\NCH Swift Sound
2009-09-01 00:58:55 . 2009-08-14 09:08:04 0 d-----w- C:\Documents and Settings\HP_Administrator\Application Data\NCH Swift Sound
2009-08-17 07:57:31 . 2007-11-19 19:51:22 0 d-----w- C:\Program Files\Common Files\Adobe
2009-08-17 07:49:56 . 2006-08-01 01:49:54 0 d-----w- C:\Program Files\GemMaster
2009-08-17 07:37:51 . 2009-08-14 09:08:37 0 d-----w- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2009-08-17 06:22:02 . 2009-08-13 21:21:53 0 d-----w- C:\Program Files\THQ
2009-08-17 06:22:00 . 2006-08-01 02:27:15 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-08-14 09:11:13 . 2009-08-14 09:11:13 0 d-----w- C:\Program Files\NCH Software
2009-08-14 02:10:17 . 2009-08-14 02:08:27 0 d-----w- C:\Documents and Settings\HP_Administrator\Application Data\Winamp
2009-08-14 02:09:05 . 2009-08-14 02:08:27 0 d-----w- C:\Program Files\Winamp
2009-07-08 20:44:20 . 2009-07-08 20:44:20 214024 ----a-w- C:\WINDOWS\system32\drivers\mfehidk.sys
2009-04-13 07:04:52 . 2009-04-13 07:04:52 2098 --sh--w- C:\WINDOWS\system32\liyujupe.dll
2009-04-13 07:04:52 . 2009-04-13 07:04:52 2098 --sh--w- C:\WINDOWS\system32\pokefige.dll
2009-01-28 21:53:10 . 2009-01-28 21:53:10 12288 --sha-w- C:\WINDOWS\system32\wetelumo.dll
.
 
Hi, that error will go away in a bit, its one of the rootkit files that where deleted but it still wants to load.

I need to see the entire Combofix log, you only posted half of it.

C:\Qoobox < You can find it here




Open notepad and copy/paste the text in the quote box below into it:

PEV -l "%systemdrive%\proquota.exe" >log.txt
start notepad log.txt
Click to expand...

Save this as look.bat Choose to "Save type as - All Files"
Save it to your desktop
Double click on look.bat & allow it to run. Then post the log which it produces
 
I was only able to post half of it. Computer shut down before combofix could run its course.

Heres a complete one:

ComboFix 09-10-01.05 - HP_Administrator 10/03/2009 13:19.2.2 - NTFSx86
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\wiaserva.log
c:\windows\9129837.exe
c:\windows\system32\wbem\proquota.exe
.
---- Previous Run -------
.
C:\cuysn.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\zofity._sy
c:\documents and settings\HP_Administrator\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_10\Button_10.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_10\Button_10.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_11\Button_11.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_11\Button_11.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\configurator\configurator.xml
c:\documents and settings\HP_Administrator\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\HP_Administrator\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\products\products.xml
c:\documents and settings\HP_Administrator\Application Data\alot\products\products.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_2\images\default_267_alot_ref_refsearch.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_3\images\default_268_alot_ref_research.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\alert-icon.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\alert.png
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\clear.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\cloudy.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\default_281_alot_weather_widget.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\foggy.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\mcloud.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\nclear.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\ncloudy.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\nmcloud.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\pcloud.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\rain.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\shower.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\snow.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_4\images\tstorm.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\active_default_346_alot_ref_word.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\alert-icon.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\alert.png
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\clear.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\cloudy.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\default_281_alot_weather_widget.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\default_346_alot_ref_word.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\foggy.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\mcloud.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\nclear.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\nmcloud.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\pcloud.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\rain.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\shower.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_5\images\snow.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_6\images\default_319_alot_ref_calculator.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_7\images\default_270_alot_mrkt_travel_guides.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_7\images\default_270_alot_ref_mrkt_book.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_7\images\default_270_default_243_alot_news_mrkt_nyt.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_8\images\default_446_alot_mrkt_180.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_8\images\default_446_alot_mrkt_gamevance.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Button_8\images\default_446_alot_ref_mrkt_book.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_btnmin0.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_btnmin1.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\HP_Administrator\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\HP_Administrator\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\toolbar.xml
c:\documents and settings\HP_Administrator\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\HP_Administrator\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\HP_Administrator\Application Data\alot\Updater\Updater.xml
c:\documents and settings\HP_Administrator\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\HP_Administrator\Application Data\lizkavd.exe
c:\documents and settings\HP_Administrator\Application Data\seres.exe
c:\documents and settings\HP_Administrator\Application Data\svcst.exe
c:\documents and settings\HP_Administrator\Application Data\wiaserva.log
c:\documents and settings\HP_Administrator\Application Data\ytat.dll
c:\documents and settings\HP_Administrator\Application Data\ytomi.pif
c:\documents and settings\HP_Administrator\Local Settings\Application Data\cisusuc._sy
c:\documents and settings\HP_Administrator\Local Settings\Application Data\ilyxuqo.scr
c:\documents and settings\HP_Administrator\Local Settings\Application Data\sibut._dl
c:\documents and settings\LocalService\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\LocalService\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\LocalService\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_10\Button_10.xml
c:\documents and settings\LocalService\Application Data\alot\Button_10\Button_10.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_11\Button_11.xml
c:\documents and settings\LocalService\Application Data\alot\Button_11\Button_11.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\LocalService\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\LocalService\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\LocalService\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\LocalService\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\LocalService\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\LocalService\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\LocalService\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\LocalService\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\LocalService\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\LocalService\Application Data\alot\configurator\configurator.xml
c:\documents and settings\LocalService\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\LocalService\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\LocalService\Application Data\alot\TimerManager\TimerManager.xml.backup
C:\nksrq.exe
C:\pphqrer.exe
c:\program files\alot\alotUninst.exe
c:\program files\Common Files\yjasyliha.exe
C:\tlcefbe.exe
c:\windows\9129837.exe
c:\windows\aconeloq.exe
c:\windows\aquwaruyumogavim.dll
c:\windows\Installer\54f091fc.msi
c:\windows\kb913800.exe
c:\windows\mqcd.dbt
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_scui.cpl
c:\windows\system32\ashl.nq
c:\windows\system32\gogowito.dll
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\yidomabi.dll
c:\windows\ugilivi.sys
c:\windows\umuj.bin
c:\windows\upytyha.exe
c:\windows\uvir.ban
D:\Autorun.inf

-- Previous Run --

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\eventlog.dll

c:\windows\system32\proquota.exe . . . is missing!!

--------

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-09-03 to 2009-10-03 )))))))))))))))))))))))))))))))
.

2009-10-03 20:05 . 2009-10-03 20:05 -------- d-----w- c:\windows\LastGood
2009-09-27 10:25 . 2009-09-27 10:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{5D6BD32C-E7F1-4910-94A0-444E5E7E818F}
2009-09-27 10:19 . 2009-09-27 10:19 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-09-27 09:59 . 2009-09-27 10:27 -------- d-----w- c:\program files\PALADIN
2009-09-27 09:40 . 2009-09-27 10:24 -------- d-----w- c:\program files\Search & Destroy
2009-09-27 09:03 . 2009-09-27 09:03 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\McAfee
2009-09-25 04:38 . 2009-07-08 20:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-25 04:38 . 2009-07-08 20:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-25 04:38 . 2009-07-08 20:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-25 04:38 . 2009-07-16 19:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-09-25 04:37 . 2009-09-25 04:38 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-25 04:37 . 2009-09-25 04:37 -------- d-----w- c:\program files\McAfee.com
2009-09-25 04:35 . 2009-07-08 20:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-25 04:05 . 2009-10-03 09:32 -------- d-----w- c:\program files\McAfee
2009-09-25 03:01 . 2009-09-25 03:01 16524 ----a-w- c:\windows\ucejeliv.dat
2009-09-25 03:01 . 2009-09-25 03:01 18660 ----a-w- c:\windows\mosaxatod.dat
2009-09-25 03:01 . 2009-09-25 03:01 10487 ----a-w- c:\windows\system32\tomobico.dat
2009-09-24 22:04 . 2009-10-02 04:36 120 ----a-w- c:\windows\Dxilanerulato.dat
2009-09-24 22:04 . 2009-10-02 04:36 0 ----a-w- c:\windows\Kqoyedesuvaruku.bin
2009-09-24 22:04 . 2009-09-24 22:04 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\{B8542336-4284-4675-9352-84D2DE8DE27F}
2009-09-24 21:58 . 2009-05-14 01:47 61224 ----a-w- c:\documents and settings\HelpAssistant\GoToAssistDownloadHelper.exe
2009-09-24 21:53 . 2009-09-24 21:53 4707 ----a-w- c:\windows\system32\z98a.bin
2009-09-23 01:04 . 2009-09-24 15:08 -------- d-----w- c:\program files\AOL 9.1c
2009-09-20 01:30 . 2009-10-03 19:41 0 ----a-w- c:\windows\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 21:45 . 2006-10-19 01:21 18668 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-09-27 10:26 . 2009-04-01 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-27 09:38 . 2009-04-01 22:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-27 09:05 . 2008-01-03 20:45 -------- d-----w- c:\program files\Security Task Manager
2009-09-25 07:38 . 2009-05-13 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-25 03:35 . 2006-08-01 02:25 -------- d-----w- c:\program files\DISC
2009-09-24 15:18 . 2006-08-01 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-24 15:07 . 2006-10-03 22:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AOL
2009-09-24 09:59 . 2009-05-14 05:15 -------- d-----w- c:\program files\AOL Toolbar
2009-09-23 01:05 . 2006-10-03 22:05 -------- d-----w- c:\program files\Common Files\AOL
2009-09-23 01:04 . 2006-10-03 22:07 -------- d-----w- c:\program files\Common Files\aolshare
2009-09-23 01:04 . 2006-10-03 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-09-01 00:58 . 2009-08-14 09:08 -------- d-----w- c:\program files\NCH Swift Sound
2009-09-01 00:58 . 2009-08-14 09:08 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\NCH Swift Sound
2009-08-17 07:57 . 2007-11-19 19:51 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-17 07:49 . 2006-08-01 01:49 -------- d-----w- c:\program files\GemMaster
2009-08-17 07:37 . 2009-08-14 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-08-17 06:22 . 2009-08-13 21:21 -------- d-----w- c:\program files\THQ
2009-08-17 06:22 . 2006-08-01 02:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-14 09:11 . 2009-08-14 09:11 -------- d-----w- c:\program files\NCH Software
2009-08-14 02:10 . 2009-08-14 02:08 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Winamp
2009-08-14 02:09 . 2009-08-14 02:08 -------- d-----w- c:\program files\Winamp
2009-07-08 20:44 . 2009-07-08 20:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-04-13 07:04 . 2009-04-13 07:04 2098 --sh--w- c:\windows\system32\liyujupe.dll
2009-04-13 07:04 . 2009-04-13 07:04 2098 --sh--w- c:\windows\system32\pokefige.dll
2009-01-28 21:53 . 2009-01-28 21:53 12288 --sha-w- c:\windows\system32\wetelumo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-01 180269]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2005-09-27 169984]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-14 16239616]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
mhbupd32.exe [2004-8-9 29184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ Shtret.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD@ccess.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD@ccess.lnk
backup=c:\windows\pss\DVD@ccess.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^mhbupd32.exe]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\mhbupd32.exe
backup=c:\windows\pss\mhbupd32.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ISPwdSvc"=3 (0x3)
"GameConsoleService"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"sprtsvc_ddoctorv2"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1159913245\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\1159913245\\EE\\aolsoftware.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\AOL 9.1a\\waol.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\AOL 9.1b\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AOL 9.1c\\waol.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop

R2 0229931254061299mcinstcleanup;McAfee Application Installer Cleanup (0229931254061299);c:\windows\TEMP\022993~1.EXE [x]
R3 {0D1C65DF-BFC7-4DB1-8A96CF4309C0C846};{0D1C65DF-BFC7-4DB1-8A96CF4309C0C846};c:\windows\System32\svchost.exe [2004-08-10 14336]
S2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [2003-11-22 29156]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
{0D1C65DF-BFC7-4DB1-8A96CF4309C0C846}
.
Contents of the 'Scheduled Tasks' folder

2009-09-25 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-25 04:26]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-25 04:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mhcc.edu
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\yafy98wb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query=
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: XULRunner: {B8542336-4284-4675-9352-84D2DE8DE27F} - c:\documents and settings\HP_Administrator\Local Settings\Application Data\{B8542336-4284-4675-9352-84D2DE8DE27F}
FF - HiddenExtension: XULRunner: {5D6BD32C-E7F1-4910-94A0-444E5E7E818F} - c:\documents and settings\Administrator\Local Settings\Application Data\{5D6BD32C-E7F1-4910-94A0-444E5E7E818F}\

---- FIREFOX POLICIES ----

FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -

BHO-{85cb03a9-763f-4358-8343-662441ea4870} - (no file)
HKCU-Run-SpybotSD TeaTimer - c:\program files\PALADIN\TeaTimer.exe
Notify-dbbin - dbbin.dll
AddRemove-alotToolbar - c:\program files\alot\alotUninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-03 13:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{0D1C65DF-BFC7-4DB1-8A96CF4309C0C846}]
"ServiceDll"="c:\docume~1\HP_ADM~1\LOCALS~1\Temp\11.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(824)
c:\windows\Shtret.dll
.
Completion time: 2009-10-03 13:25
ComboFix-quarantined-files.txt 2009-10-03 20:25

Pre-Run: 203,930,058,752 bytes free
Post-Run: 203,935,186,944 bytes free

434 --- E O F --- 2009-10-03 19:57
 
This is the result of the string:

PEV -l "%systemdrive%\proquota.exe" >log.txt
start notepad log.txt

------------------------------------------------------------------

----a-w- 50,176 2008-04-14 00:12:32 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe

Entries: 1 (1)
Directories: 0 Files: 1
Bytes: 50,176 Blocks: 98

------------------------------------------------------------------

The above is all that was opened in a log.
 
Hi,

There are some entries on your Combofix log that I need to look over, in the meantime do this please.

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::


Code: 
File::
C:\WINDOWS\win32k.sys
c:\windows\ucejeliv.dat
c:\windows\mosaxatod.dat
c:\windows\system32\tomobico.dat
c:\windows\Dxilanerulato.dat
c:\windows\Kqoyedesuvaruku.bin
c:\windows\system32\liyujupe.dll
c:\windows\system32\pokefige.dll
c:\windows\system32\wetelumo.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\11.tmp

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

Fcopy::
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe | C:\WINDOWS\system32\proquota.exe

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.






Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean






Please download Malwarebytes' Anti-Malware from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    post_a4255_MBAM.PNG
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report and also a new HJT log please





Download Trendmicros Hijackthis to your desktop.
  • Double click it to install
  • Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe
  • Open HJT Scan and Save a Log File, it will open in Notepad
  • Go to Format and make sure Wordwrap is Unchecked
  • Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Submit Reply and not start a New Thread.
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.


Post the following please

1. New Combofix log
2. Malwarebytes Log
3. Hijackthis log
 
Last edited:
I have to post the Combofix log as multiple parts, as it has too many characters for the forum.

Heres part 1:

ComboFix 09-10-01.05 - HP_Administrator 10/04/2009 11:41.3.2 - NTFSx86
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point

FILE ::
"c:\docume~1\HP_ADM~1\LOCALS~1\Temp\11.tmp"
"c:\windows\Dxilanerulato.dat"
"c:\windows\Kqoyedesuvaruku.bin"
"c:\windows\mosaxatod.dat"
"c:\windows\system32\liyujupe.dll"
"c:\windows\system32\pokefige.dll"
"c:\windows\system32\tomobico.dat"
"c:\windows\system32\wetelumo.dll"
"c:\windows\ucejeliv.dat"
"c:\windows\win32k.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\cyhahevega.ban
c:\documents and settings\All Users\Application Data\jamu.scr
c:\documents and settings\All Users\Application Data\pedegico.sys
c:\documents and settings\All Users\Application Data\tacisike.inf
c:\documents and settings\All Users\Application Data\yrebyleq.dl
c:\documents and settings\HP_Administrator\Application Data\afofybeg.dll
c:\documents and settings\HP_Administrator\Application Data\lizkavd.exe
c:\documents and settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\HP_Administrator\Application Data\oxoxutuxod.dll
c:\documents and settings\HP_Administrator\Application Data\seres.exe
c:\documents and settings\HP_Administrator\Application Data\svcst.exe
c:\documents and settings\HP_Administrator\Application Data\usigugowex.scr
c:\documents and settings\HP_Administrator\Application Data\wiaserva.log
c:\documents and settings\HP_Administrator\Application Data\ydumigymif._dl
c:\documents and settings\HP_Administrator\Desktop\AntivirusPro_2010.lnk
c:\documents and settings\HP_Administrator\Local Settings\Application Data\bihuhiqep.com
c:\documents and settings\HP_Administrator\Local Settings\Application Data\icebarofe._dl
c:\documents and settings\HP_Administrator\Local Settings\Application Data\utynu.inf
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\ifysepu._dl
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\zuhyjexu.db
c:\documents and settings\HP_Administrator\Start Menu\Programs\AntivirusPro_2010
c:\documents and settings\HP_Administrator\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\HP_Administrator\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg
c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
c:\program files\Common Files\derynipib.reg
c:\program files\Common Files\mifip.bat
c:\program files\Common Files\mopofi.bat
c:\program files\Common Files\ufiliwo.sys
c:\windows\Dxilanerulato.dat
c:\windows\Kqoyedesuvaruku.bin
c:\windows\mosaxatod.dat
c:\windows\system32\_scui.cpl
c:\windows\system32\jurujunip.dl
c:\windows\system32\liyujupe.dll
c:\windows\system32\pokefige.dll
c:\windows\system32\qinotokyzu.reg
c:\windows\system32\tomobico.dat
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\wetelumo.dll
c:\windows\ucejeliv.dat
c:\windows\win32k.sys
c:\windows\yqinexab.reg

.
--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe --> c:\windows\system32\proquota.exe
.
((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 )))))))))))))))))))))))))))))))
.

2009-10-04 18:41 . 2009-10-04 18:41 -------- d-----w- c:\windows\LastGood
2009-10-04 18:41 . 2004-08-09 21:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-04 18:41 . 2004-08-09 21:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-04 15:53 . 2009-10-04 15:53 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-04 15:53 . 2009-10-04 15:53 -------- d-----w- c:\program files\MSBuild
2009-10-04 15:53 . 2009-10-04 15:53 -------- d-----w- c:\program files\Reference Assemblies
2009-10-04 15:52 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-04 15:52 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-04 15:52 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-04 15:52 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-04 15:52 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-04 15:52 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-04 15:52 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-04 15:52 . 2009-10-04 15:53 -------- d-----w- C:\5fb73fb5a2ff3b786c24050f2cbed684
2009-10-04 15:50 . 2009-10-04 15:50 -------- d-----w- c:\program files\MSXML 6.0
2009-10-04 15:44 . 2009-10-04 15:44 -------- d-----w- c:\windows\ServicePackFiles
2009-10-03 20:18 . 2009-10-03 20:25 -------- d-----w- C:\Combo-Fix
2009-09-27 10:25 . 2009-09-27 10:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{5D6BD32C-E7F1-4910-94A0-444E5E7E818F}
2009-09-27 10:19 . 2009-09-27 10:19 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-09-27 09:59 . 2009-09-27 10:27 -------- d-----w- c:\program files\PALADIN
2009-09-27 09:40 . 2009-09-27 10:24 -------- d-----w- c:\program files\Search & Destroy
2009-09-27 09:03 . 2009-09-27 09:03 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\McAfee
2009-09-25 04:38 . 2009-07-08 20:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-25 04:38 . 2009-07-08 20:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-25 04:38 . 2009-07-08 20:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-25 04:38 . 2009-07-16 19:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-09-25 04:37 . 2009-09-25 04:38 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-25 04:37 . 2009-09-25 04:37 -------- d-----w- c:\program files\McAfee.com
2009-09-25 04:35 . 2009-07-08 20:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-25 04:05 . 2009-10-03 09:32 -------- d-----w- c:\program files\McAfee
2009-09-24 22:04 . 2009-09-24 22:04 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\{B8542336-4284-4675-9352-84D2DE8DE27F}
2009-09-24 21:58 . 2009-05-14 01:47 61224 ----a-w- c:\documents and settings\HelpAssistant\GoToAssistDownloadHelper.exe
2009-09-24 21:53 . 2009-09-24 21:53 4707 ----a-w- c:\windows\system32\z98a.bin
2009-09-23 01:04 . 2009-09-24 15:08 -------- d-----w- c:\program files\AOL 9.1c

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 15:59 . 2007-11-15 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-30 21:45 . 2006-10-19 01:21 18668 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-09-27 10:26 . 2009-04-01 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-27 09:38 . 2009-04-01 22:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-27 09:05 . 2008-01-03 20:45 -------- d-----w- c:\program files\Security Task Manager
2009-09-25 07:38 . 2009-05-13 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-25 03:35 . 2006-08-01 02:25 -------- d-----w- c:\program files\DISC
2009-09-24 15:18 . 2006-08-01 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-24 15:07 . 2006-10-03 22:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AOL
2009-09-24 09:59 . 2009-05-14 05:15 -------- d-----w- c:\program files\AOL Toolbar
2009-09-23 01:05 . 2006-10-03 22:05 -------- d-----w- c:\program files\Common Files\AOL
2009-09-23 01:04 . 2006-10-03 22:07 -------- d-----w- c:\program files\Common Files\aolshare
2009-09-23 01:04 . 2006-10-03 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-09-01 00:58 . 2009-08-14 09:08 -------- d-----w- c:\program files\NCH Swift Sound
2009-09-01 00:58 . 2009-08-14 09:08 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\NCH Swift Sound
2009-08-17 07:57 . 2007-11-19 19:51 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-17 07:49 . 2006-08-01 01:49 -------- d-----w- c:\program files\GemMaster
2009-08-17 07:37 . 2009-08-14 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-08-17 06:22 . 2009-08-13 21:21 -------- d-----w- c:\program files\THQ
2009-08-17 06:22 . 2006-08-01 02:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-14 09:11 . 2009-08-14 09:11 -------- d-----w- c:\program files\NCH Software
2009-08-14 02:10 . 2009-08-14 02:08 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Winamp
2009-08-14 02:09 . 2009-08-14 02:08 -------- d-----w- c:\program files\Winamp
2009-08-05 09:11 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2004-08-10 04:00 82432 ------w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-10 04:00 119808 ------w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-10 04:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 20:44 . 2009-07-08 20:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
.
 
part 2

((((((((((((((((((((((((((((( SnapShot@2009-10-03_20.24.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-02-18 03:00 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2008-07-30 04:10 . 2008-07-30 04:10 26112 c:\windows\system32\TsWpfWrp.exe
+ 2004-08-10 04:00 . 2009-06-12 11:50 80896 c:\windows\system32\tlntsess.exe
+ 2004-08-10 11:00 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe
+ 2006-08-01 01:50 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
+ 2009-10-04 15:53 . 2008-07-06 12:06 89088 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2009-05-01 19:02 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 55808 c:\windows\system32\secur32.dll
+ 2004-08-10 04:00 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
+ 2004-08-10 04:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
+ 2008-07-30 02:59 . 2008-07-30 02:59 43544 c:\windows\system32\PresentationHostProxy.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 39424 c:\windows\system32\pngfilt.dll
+ 2005-08-31 04:07 . 2009-10-04 16:40 71936 c:\windows\system32\perfc009.dat
+ 2008-07-25 18:17 . 2008-07-25 18:17 15360 c:\windows\system32\mui\0409\mscorees.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 15360 c:\windows\system32\mui\0409\mscorees.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2004-08-10 04:00 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
+ 2007-05-09 00:08 . 2007-05-09 00:08 86728 c:\windows\system32\msxml6r.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 83968 c:\windows\system32\mscories.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 48640 c:\windows\system32\mqupgrd.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 48640 c:\windows\system32\mqupgrd.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 95744 c:\windows\system32\mqsec.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 95744 c:\windows\system32\mqsec.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 16896 c:\windows\system32\mqise.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 16896 c:\windows\system32\mqise.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 47104 c:\windows\system32\mqdscli.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 47104 c:\windows\system32\mqdscli.dll
+ 2004-08-10 04:00 . 2009-06-22 11:49 19968 c:\windows\system32\mqbkup.exe
- 2004-08-10 04:00 . 2004-08-10 04:00 19968 c:\windows\system32\mqbkup.exe
+ 2004-08-10 04:00 . 2009-06-26 15:59 16384 c:\windows\system32\jsproxy.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 16384 c:\windows\system32\jsproxy.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 96256 c:\windows\system32\inseng.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 96256 c:\windows\system32\inseng.dll
+ 2008-07-30 02:24 . 2008-07-30 02:24 97800 c:\windows\system32\infocardapi.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 81920 c:\windows\system32\ieencode.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 81920 c:\windows\system32\ieencode.dll
+ 2008-07-30 02:24 . 2008-07-30 02:24 11264 c:\windows\system32\icardres.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 55808 c:\windows\system32\extmgr.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 55808 c:\windows\system32\extmgr.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 73720 c:\windows\system32\dxva2.dll
+ 2004-08-10 04:00 . 2009-06-22 11:48 91776 c:\windows\system32\drivers\mqac.sys
+ 2004-08-10 04:00 . 2009-06-12 11:50 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2004-08-10 11:00 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
+ 2004-08-10 04:00 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 55808 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-10 04:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2004-08-10 04:00 . 2009-06-26 15:59 39424 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2004-08-10 04:00 . 2006-03-01 19:42 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 48640 c:\windows\system32\dllcache\mqupgrd.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 48640 c:\windows\system32\dllcache\mqupgrd.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 16896 c:\windows\system32\dllcache\mqise.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 16896 c:\windows\system32\dllcache\mqise.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 47104 c:\windows\system32\dllcache\mqdscli.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 47104 c:\windows\system32\dllcache\mqdscli.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2004-08-10 04:00 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2004-08-10 04:00 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys
- 2004-08-10 04:00 . 2008-10-16 10:20 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 96256 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 96256 c:\windows\system32\dllcache\inseng.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 81920 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-10 04:00 . 2008-10-15 14:18 18432 c:\windows\system32\dllcache\iedw.exe
+ 2004-08-10 04:00 . 2009-06-22 11:40 18432 c:\windows\system32\dllcache\iedw.exe
+ 2004-08-10 04:00 . 2009-07-29 04:53 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 55808 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 55808 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2004-08-10 04:00 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 58880 c:\windows\system32\dllcache\atl.dll
+ 2004-08-10 04:00 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 96760 c:\windows\system32\dfshim.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 96760 c:\windows\system32\dfshim.dll
+ 2005-08-30 20:51 . 2009-10-03 20:25 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-30 20:51 . 2009-10-03 19:56 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-03 20:25 . 2009-10-03 20:25 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-10 04:00 . 2009-06-10 14:21 84992 c:\windows\system32\avifil32.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 84992 c:\windows\system32\avifil32.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-30 04:10 . 2008-07-30 04:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-30 02:59 . 2008-07-30 02:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-30 02:32 . 2008-07-30 02:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
- 2007-10-24 08:47 . 2007-10-24 08:47 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 18:17 . 2008-07-25 18:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2009-10-04 18:41 . 2008-04-14 00:12 50176 c:\windows\LastGood\system32\proquota.exe
+ 2008-07-30 04:07 . 2008-07-30 04:07 23040 c:\windows\Installer\441613a.msp
+ 2009-10-04 15:51 . 2009-10-04 15:51 88576 c:\windows\Installer\43e7837.msi
+ 2007-11-15 22:47 . 2009-10-04 15:59 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-11-15 22:47 . 2008-12-11 11:03 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-11-15 22:47 . 2008-12-11 11:03 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-11-15 22:47 . 2009-10-04 15:59 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-11-15 22:47 . 2009-10-04 15:59 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-11-15 22:47 . 2008-12-11 11:03 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-10-27 05:13 . 2006-10-27 05:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2009-10-04 15:52 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
+ 2009-10-04 15:57 . 2009-10-04 15:57 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe
+ 2009-10-04 15:57 . 2009-10-04 15:57 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d37e1ad1b4cb432c36e3f0b60fc121fb\Microsoft.SqlServer.CustomControls.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
+ 2009-10-04 16:29 . 2009-10-04 16:29 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2009-10-04 15:55 . 2009-10-04 15:55 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2009-10-04 15:55 . 2009-10-04 15:55 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2009-10-04 15:53 . 2009-10-04 15:53 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 4608 c:\windows\system32\mqsvc.exe
+ 2004-08-10 04:00 . 2009-06-22 11:49 4608 c:\windows\system32\mqsvc.exe
- 2004-08-10 04:00 . 2004-08-10 04:00 4608 c:\windows\system32\dllcache\mqsvc.exe
+ 2004-08-10 04:00 . 2009-06-22 11:49 4608 c:\windows\system32\dllcache\mqsvc.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2007-10-24 08:47 . 2007-10-24 08:47 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2009-10-04 15:54 . 2009-10-04 15:54 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-04-12 10:09 . 2008-04-12 10:09 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 09:19 . 2007-11-07 09:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 04:23 . 2007-11-07 04:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2008-07-30 04:26 . 2008-07-30 04:26 301568 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2006-08-01 01:51 . 2009-06-22 11:26 352768 c:\windows\system32\xpsp3res.dll
+ 2006-10-24 19:30 . 2006-10-24 19:30 276992 c:\windows\system32\WMPhoto.dll
- 2006-10-19 04:47 . 2006-10-19 04:47 295936 c:\windows\system32\wmpeffects.dll
+ 2006-10-19 04:47 . 2008-06-25 01:12 295936 c:\windows\system32\wmpeffects.dll
+ 2004-08-10 04:00 . 2008-06-18 12:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2004-08-10 04:00 . 2007-10-28 00:40 222720 c:\windows\system32\wmasf.dll
+ 2004-08-10 04:00 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll
- 2004-08-10 04:00 . 2006-08-17 12:28 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 668160 c:\windows\system32\wininet.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 351232 c:\windows\system32\winhttp.dll
+ 2004-08-10 04:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
+ 2006-10-24 19:29 . 2006-10-24 19:29 352256 c:\windows\system32\WindowsCodecsExt.dll
+ 2006-10-24 19:30 . 2006-10-24 19:30 716288 c:\windows\system32\WindowsCodecs.dll
+ 2004-08-10 04:00 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-10 04:00 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-10 04:00 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 620032 c:\windows\system32\urlmon.dll
+ 2008-07-30 02:59 . 2008-07-30 02:59 161296 c:\windows\system32\UIAutomationCore.dll
+ 2009-10-04 15:53 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2009-10-04 15:53 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2009-10-04 15:53 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2009-10-04 15:53 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2009-10-04 15:53 . 2008-07-06 12:06 147456 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2009-10-04 15:52 . 2008-07-06 10:50 597504 c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
+ 2009-10-04 15:52 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2009-10-04 15:52 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2009-10-04 15:52 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2009-10-04 15:52 . 2008-07-06 12:06 198656 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2009-10-04 15:52 . 2008-07-06 12:06 765440 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 169472 c:\windows\system32\Setup\msmqocm.dll
+ 2004-08-10 04:00 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe
+ 2004-08-10 04:00 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
- 2004-08-10 04:00 . 2007-07-09 13:09 584192 c:\windows\system32\rpcrt4.dll
+ 2004-08-10 04:00 . 2009-04-15 15:11 584192 c:\windows\system32\rpcrt4.dll
+ 2006-08-24 23:15 . 2006-08-24 23:15 150808 c:\windows\system32\rgb9rast_2.dll
+ 2008-07-30 02:59 . 2008-07-30 02:59 781344 c:\windows\system32\PresentationNative_v0300.dll
+ 2008-07-30 03:35 . 2008-07-30 03:35 326160 c:\windows\system32\PresentationHost.exe
+ 2008-07-30 02:59 . 2008-07-30 02:59 105016 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2006-10-24 19:30 . 2006-10-24 19:30 412160 c:\windows\system32\photometadatahandler.dll
+ 2005-08-31 04:07 . 2009-10-04 16:40 442796 c:\windows\system32\perfh009.dat
+ 2004-08-10 04:00 . 2009-03-06 14:44 283648 c:\windows\system32\pdh.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 283648 c:\windows\system32\pdh.dll
+ 2004-08-10 11:00 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll
+ 2004-08-10 04:00 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 532480 c:\windows\system32\mstime.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 532480 c:\windows\system32\mstime.dll
+ 2004-08-10 04:00 . 2006-12-04 23:21 414720 c:\windows\system32\msscp.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 146432 c:\windows\system32\msrating.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 146432 c:\windows\system32\msrating.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 449024 c:\windows\system32\mshtmled.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 449024 c:\windows\system32\mshtmled.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 158720 c:\windows\system32\mscorier.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 158720 c:\windows\system32\mscorier.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 282112 c:\windows\system32\mscoree.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 282112 c:\windows\system32\mscoree.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 471552 c:\windows\system32\mqutil.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 471552 c:\windows\system32\mqutil.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 186880 c:\windows\system32\mqtrig.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 186880 c:\windows\system32\mqtrig.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 117248 c:\windows\system32\mqtgsvc.exe
+ 2004-08-10 04:00 . 2009-06-22 11:49 117248 c:\windows\system32\mqtgsvc.exe
+ 2004-08-10 04:00 . 2009-06-25 18:36 517120 c:\windows\system32\mqsnap.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 123392 c:\windows\system32\mqrtdep.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 123392 c:\windows\system32\mqrtdep.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 177152 c:\windows\system32\mqrt.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 177152 c:\windows\system32\mqrt.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 661504 c:\windows\system32\mqqm.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 225280 c:\windows\system32\mqoa.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 225280 c:\windows\system32\mqoa.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 138240 c:\windows\system32\mqad.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 138240 c:\windows\system32\mqad.dll
+ 2004-08-10 04:00 . 2009-02-09 10:20 723456 c:\windows\system32\lsasrv.dll
+ 2004-08-10 04:00 . 2008-06-18 08:09 100864 c:\windows\system32\logagent.exe
- 2004-08-10 04:00 . 2006-10-19 03:03 100864 c:\windows\system32\logagent.exe
+ 2004-08-10 04:00 . 2009-05-07 15:44 344064 c:\windows\system32\localspl.dll
+ 2004-08-10 04:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2004-08-10 04:00 . 2009-08-21 09:46 450560 c:\windows\system32\jscript.dll
- 2004-08-10 04:00 . 2007-12-18 14:40 450560 c:\windows\system32\jscript.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 251904 c:\windows\system32\iepeers.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 251904 c:\windows\system32\iepeers.dll
+ 2008-07-30 02:24 . 2008-07-30 02:24 622080 c:\windows\system32\icardagt.exe
+ 2005-08-31 04:05 . 2009-10-04 16:36 224816 c:\windows\system32\FNTCACHE.DAT
+ 2008-07-30 04:10 . 2008-07-30 04:10 493048 c:\windows\system32\evr.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 205312 c:\windows\system32\dxtrans.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 205312 c:\windows\system32\dxtrans.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 357888 c:\windows\system32\dxtmsft.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-10 04:00 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-10 04:00 . 2009-07-14 06:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-10 04:00 . 2008-06-18 12:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2004-08-10 04:00 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2004-08-10 04:00 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2004-08-10 04:00 . 2007-10-28 00:40 222720 c:\windows\system32\dllcache\wmasf.dll
+ 2004-08-10 04:00 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2004-08-10 04:00 . 2006-08-17 12:28 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 668160 c:\windows\system32\dllcache\wininet.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-10 04:00 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 620032 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-10 04:00 . 2007-06-27 05:10 317440 c:\windows\system32\dllcache\unregmp2.exe
+ 2004-08-10 04:00 . 2009-06-21 22:04 153088 c:\windows\system32\dllcache\triedit.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 153088 c:\windows\system32\dllcache\triedit.dll
+ 2004-08-10 04:00 . 2009-07-29 04:53 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-10 04:00 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe
+ 2004-08-10 04:00 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
- 2004-08-10 04:00 . 2007-07-09 13:09 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-10 04:00 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-10 04:00 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-10 11:00 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-10 04:00 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2004-08-10 04:00 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 532480 c:\windows\system32\dllcache\mstime.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 532480 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-10 04:00 . 2006-12-04 23:21 414720 c:\windows\system32\dllcache\msscp.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 146432 c:\windows\system32\dllcache\msrating.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 146432 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 169472 c:\windows\system32\dllcache\msmqocm.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 449024 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2004-08-10 04:00 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 471552 c:\windows\system32\dllcache\mqutil.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 471552 c:\windows\system32\dllcache\mqutil.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 186880 c:\windows\system32\dllcache\mqtrig.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 186880 c:\windows\system32\dllcache\mqtrig.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 117248 c:\windows\system32\dllcache\mqtgsvc.exe
+ 2004-08-10 04:00 . 2009-06-22 11:49 117248 c:\windows\system32\dllcache\mqtgsvc.exe
+ 2004-08-10 04:00 . 2009-06-25 18:36 517120 c:\windows\system32\dllcache\mqsnap.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 123392 c:\windows\system32\dllcache\mqrtdep.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 123392 c:\windows\system32\dllcache\mqrtdep.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 661504 c:\windows\system32\dllcache\mqqm.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 225280 c:\windows\system32\dllcache\mqoa.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 225280 c:\windows\system32\dllcache\mqoa.dll
+ 2004-08-10 04:00 . 2009-06-25 18:36 138240 c:\windows\system32\dllcache\mqad.dll
- 2004-08-10 04:00 . 2007-07-06 12:46 138240 c:\windows\system32\dllcache\mqad.dll
+ 2004-08-10 04:00 . 2009-02-09 10:20 723456 c:\windows\system32\dllcache\lsasrv.dll
- 2004-08-10 04:00 . 2006-10-19 03:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-10 04:00 . 2008-06-18 08:09 100864 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-10 04:00 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2004-08-10 04:00 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
- 2004-08-10 04:00 . 2007-12-18 14:40 450560 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-10 04:00 . 2009-08-21 09:46 450560 c:\windows\system32\dllcache\jscript.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-10 04:00 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 151040 c:\windows\system32\dllcache\cdfview.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 151040 c:\windows\system32\dllcache\cdfview.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-10 04:00 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 151040 c:\windows\system32\cdfview.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 151040 c:\windows\system32\cdfview.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 616960 c:\windows\system32\advapi32.dll
+ 2004-08-10 04:00 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll
 
part 3

+ 2008-07-30 06:40 . 2008-07-30 06:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-30 06:40 . 2008-07-30 06:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-30 01:47 . 2008-07-30 01:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-30 01:47 . 2008-07-30 01:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-30 06:15 . 2008-07-30 06:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-30 06:40 . 2008-07-30 06:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-30 03:35 . 2008-07-30 03:35 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-30 02:59 . 2008-07-30 02:59 132120 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 806928 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 966656 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-30 02:16 . 2008-07-30 02:16 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-30 02:24 . 2008-07-30 02:24 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-30 02:16 . 2008-07-30 02:16 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-11-25 11:59 . 2008-11-25 11:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 392184 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 990032 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 18:16 . 2008-07-25 18:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 18:17 . 2008-07-25 18:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2008-12-13 16:58 . 2008-12-13 16:58 754688 c:\windows\Installer\4423d4d.msp
+ 2009-10-04 15:54 . 2009-10-04 15:54 648192 c:\windows\Installer\4423d27.msi
+ 2008-07-30 04:23 . 2008-07-30 04:23 250880 c:\windows\Installer\4416143.msp
+ 2008-07-30 04:28 . 2008-07-30 04:28 278016 c:\windows\Installer\4416141.msp
+ 2008-07-30 02:40 . 2008-07-30 02:40 291840 c:\windows\Installer\441613f.msp
+ 2009-10-04 15:53 . 2009-10-04 15:53 137728 c:\windows\Installer\4416139.msi
+ 2008-07-30 00:35 . 2008-07-30 00:35 553472 c:\windows\Installer\43e783c.msp
+ 2008-07-30 00:33 . 2008-07-30 00:33 506368 c:\windows\Installer\43e783a.msp
+ 2008-07-30 00:37 . 2008-07-30 00:37 911360 c:\windows\Installer\43e7839.msp
+ 2009-10-04 15:50 . 2009-10-04 15:50 871424 c:\windows\Installer\43e7789.msi
+ 2009-05-27 01:53 . 2009-05-27 01:53 579072 c:\windows\Installer\438c534.msp
+ 2007-11-15 22:47 . 2009-10-04 15:59 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-11-15 22:47 . 2008-12-11 11:03 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-11-15 22:47 . 2008-12-11 11:03 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-11-15 22:47 . 2009-10-04 15:59 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2007-11-15 22:47 . 2008-12-11 11:03 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2007-11-15 22:47 . 2009-10-04 15:59 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2007-11-15 22:47 . 2008-12-11 11:03 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-11-15 22:47 . 2009-10-04 15:59 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2004-08-10 04:00 . 2007-06-27 05:10 317440 c:\windows\inf\unregmp2.exe
+ 2004-08-10 10:11 . 2009-08-18 17:55 179712 c:\windows\ehome\ehkeyctl.dll
+ 2009-10-04 15:52 . 2008-03-13 04:52 761344 c:\windows\Driver Cache\i386\unires.dll
+ 2009-10-04 15:52 . 2008-07-06 12:06 744960 c:\windows\Driver Cache\i386\unidrvui.dll
+ 2009-10-04 15:52 . 2008-07-06 12:06 373248 c:\windows\Driver Cache\i386\unidrv.dll
+ 2009-10-04 15:52 . 2008-07-06 12:06 198656 c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2009-10-04 15:52 . 2008-07-06 12:06 765440 c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
+ 2009-10-04 15:59 . 2009-10-04 15:59 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2009-10-04 16:29 . 2009-10-04 16:29 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2009-10-04 15:58 . 2009-10-04 15:58 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll
+ 2009-10-04 15:58 . 2009-10-04 15:58 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
+ 2009-10-04 15:58 . 2009-10-04 15:58 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
+ 2009-10-04 15:58 . 2009-10-04 15:58 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
+ 2009-10-04 16:29 . 2009-10-04 16:29 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\da1fb799e2b232fb6787fc036cc5154d\Microsoft.SqlServer.Setup.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 989184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b4966c8609e8ccac78d186076dd04c55\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 530432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\36c6b5589c08cda7d8a063d6d6566c07\Microsoft.SqlServer.GridControl.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 231936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\70b1784f238cd25f66d8c0f53626f7b3\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
+ 2009-10-04 16:29 . 2009-10-04 16:29 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-04 15:55 . 2009-10-04 15:55 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-04 15:55 . 2009-10-04 15:55 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-10-04 15:57 . 2009-10-04 15:57 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2009-10-04 15:57 . 2009-10-04 15:57 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 966656 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-10-04 15:57 . 2009-10-04 15:57 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2009-10-04 15:57 . 2009-10-04 15:57 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
- 2008-04-12 10:09 . 2008-04-12 10:09 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-10-04 15:55 . 2009-10-04 15:55 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-10-04 15:47 . 2009-10-04 15:47 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
- 2009-05-01 19:08 . 2009-05-01 19:08 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiplay.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
- 2009-05-01 19:08 . 2009-05-01 19:08 868352 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 868352 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
- 2006-08-01 02:06 . 2006-08-01 02:06 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
+ 2004-08-10 04:00 . 2009-05-20 11:56 2458112 c:\windows\system32\WMVCore.dll
+ 2004-08-10 04:00 . 2009-04-17 09:58 1846656 c:\windows\system32\win32k.sys
+ 2009-10-04 15:53 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2009-10-04 15:53 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2009-10-04 15:53 . 2008-07-07 00:36 2936832 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2009-10-04 15:53 . 2008-07-07 00:36 2936832 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2009-10-04 15:52 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2004-08-10 04:00 . 2009-07-18 16:00 1509888 c:\windows\system32\shdocvw.dll
+ 2004-08-10 04:00 . 2009-06-03 19:24 1291264 c:\windows\system32\quartz.dll
+ 2004-08-10 11:00 . 2009-02-06 17:22 2136064 c:\windows\system32\ntoskrnl.exe
- 2004-08-10 11:00 . 2008-08-14 09:58 2136064 c:\windows\system32\ntoskrnl.exe
- 2004-08-10 11:00 . 2008-08-14 09:22 2015744 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-10 11:00 . 2009-02-06 16:49 2015744 c:\windows\system32\ntkrnlpa.exe
+ 2007-05-15 22:43 . 2007-05-15 22:43 1320800 c:\windows\system32\msxml6.dll
+ 2004-08-10 04:00 . 2009-07-18 16:00 3069440 c:\windows\system32\mshtml.dll
+ 2004-08-10 04:00 . 2009-05-20 11:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-10 04:00 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-10 04:00 . 2009-07-18 16:00 1509888 c:\windows\system32\dllcache\shdocvw.dll
+ 2004-08-10 04:00 . 2009-06-03 19:24 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2007-03-13 18:20 . 2009-02-06 17:24 2180480 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2007-03-13 18:20 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-03-13 18:20 . 2008-08-14 09:22 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
- 2006-12-19 11:55 . 2008-08-14 09:22 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2006-12-19 11:55 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-03-13 18:20 . 2008-08-14 09:58 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2007-03-13 18:20 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-10 04:00 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2004-08-10 04:00 . 2009-07-18 16:00 3069440 c:\windows\system32\dllcache\mshtml.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 1054208 c:\windows\system32\dllcache\danim.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 1054208 c:\windows\system32\dllcache\danim.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 1024000 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 1024000 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 1054208 c:\windows\system32\danim.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 1054208 c:\windows\system32\danim.dll
- 2004-08-10 04:00 . 2008-10-16 10:20 1024000 c:\windows\system32\browseui.dll
+ 2004-08-10 04:00 . 2009-06-26 15:59 1024000 c:\windows\system32\browseui.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-30 01:47 . 2008-07-30 01:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-30 01:47 . 2008-07-30 01:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-30 06:40 . 2008-07-30 06:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-12-06 02:35 . 2008-12-06 02:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 2637840 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-30 04:10 . 2008-07-30 04:10 4883464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-12-06 03:12 . 2008-12-06 03:12 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2007-10-24 08:47 . 2007-10-24 08:47 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- 2007-10-24 08:47 . 2007-10-24 08:47 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-11-25 11:59 . 2008-11-25 11:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 3149824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 18:17 . 2008-07-25 18:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 5813576 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2008-11-25 11:59 . 2008-11-25 11:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 18:16 . 2008-07-25 18:16 1163768 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2009-05-04 14:46 . 2009-05-04 14:46 8299008 c:\windows\Installer\4423d73.msp
+ 2009-05-04 14:47 . 2009-05-04 14:47 9124864 c:\windows\Installer\4423d60.msp
+ 2008-12-13 16:57 . 2008-12-13 16:57 8397824 c:\windows\Installer\4423d36.msp
+ 2008-07-30 02:26 . 2008-07-30 02:26 1043456 c:\windows\Installer\4416142.msp
+ 2008-07-30 03:37 . 2008-07-30 03:37 2679808 c:\windows\Installer\4416140.msp
+ 2008-07-30 04:15 . 2008-07-30 04:15 3697664 c:\windows\Installer\441613e.msp
+ 2008-07-30 02:34 . 2008-07-30 02:34 1448448 c:\windows\Installer\441613d.msp
+ 2008-07-30 03:22 . 2008-07-30 03:22 4137984 c:\windows\Installer\441613c.msp
+ 2008-07-30 02:18 . 2008-07-30 02:18 3376640 c:\windows\Installer\441613b.msp
+ 2008-07-30 00:45 . 2008-07-30 00:45 2543616 c:\windows\Installer\43e7840.msp
+ 2008-07-30 00:29 . 2008-07-30 00:29 2926080 c:\windows\Installer\43e783f.msp
+ 2008-07-30 00:41 . 2008-07-30 00:41 6487040 c:\windows\Installer\43e783e.msp
+ 2008-07-30 00:39 . 2008-07-30 00:39 3403264 c:\windows\Installer\43e783d.msp
+ 2008-07-30 00:43 . 2008-07-30 00:43 1013248 c:\windows\Installer\43e783b.msp
+ 2008-07-30 00:31 . 2008-07-30 00:31 6083072 c:\windows\Installer\43e7838.msp
+ 2009-04-24 19:30 . 2009-04-24 19:30 2583552 c:\windows\Installer\438c56d.msp
+ 2009-02-26 02:08 . 2009-02-26 02:08 8311808 c:\windows\Installer\438c559.msp
+ 2009-04-24 19:28 . 2009-04-24 19:28 4450816 c:\windows\Installer\438c548.msp
+ 2009-04-24 19:29 . 2009-04-24 19:29 9013760 c:\windows\Installer\438c522.msp
- 2007-11-15 22:47 . 2008-12-11 11:03 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-11-15 22:47 . 2009-10-04 15:59 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-03-13 18:20 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2007-03-13 18:20 . 2008-08-14 09:22 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2007-03-13 18:20 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2006-12-19 11:55 . 2008-08-14 09:22 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2006-12-19 11:55 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2007-03-13 18:20 . 2008-08-14 09:58 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2007-03-13 18:20 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
 
part 4

+ 2009-10-04 15:57 . 2009-10-04 15:57 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll
+ 2009-10-04 15:57 . 2009-10-04 15:57 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4FF.tmp\System.dll
+ 2009-10-04 15:57 . 2009-10-04 15:57 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll
+ 2009-10-04 15:58 . 2009-10-04 15:58 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
+ 2009-10-04 15:58 . 2009-10-04 15:58 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\0bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll
+ 2009-10-04 15:58 . 2009-10-04 15:58 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
+ 2009-10-04 15:58 . 2009-10-04 15:58 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll
+ 2009-10-04 15:58 . 2009-10-04 15:58 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll
+ 2009-10-04 15:57 . 2009-10-04 15:57 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2009-10-04 16:30 . 2009-10-04 16:30 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 1245184 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2009-10-04 15:55 . 2009-10-04 15:55 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-10-04 15:57 . 2009-10-04 15:57 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2009-10-04 15:55 . 2009-10-04 15:55 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-10-04 15:54 . 2009-10-04 15:54 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2009-10-04 15:55 . 2009-10-04 15:55 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-10-04 15:53 . 2009-10-04 15:53 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-04 16:36 . 2009-10-04 16:36 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
- 2009-05-01 19:08 . 2009-05-01 19:08 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\ehcm.dll
+ 2004-08-10 04:00 . 2009-07-14 06:43 10841088 c:\windows\system32\wmp.dll
+ 2004-08-10 04:00 . 2009-07-14 06:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2008-12-13 17:21 . 2008-12-13 17:21 10473472 c:\windows\Installer\4423d41.msp
+ 2009-10-04 15:55 . 2009-10-04 15:55 12213248 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3FC.tmp\PresentationCore.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
+ 2009-10-04 16:31 . 2009-10-04 16:31 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll
+ 2009-10-04 16:29 . 2009-10-04 16:29 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\85a68b5908535729e0458a1a58001df3\System.ServiceModel.ni.dll
+ 2009-10-04 15:59 . 2009-10-04 15:59 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8ee220bc3cce4f7bbd7818946519ed7f\System.Design.ni.dll
+ 2009-10-04 15:58 . 2009-10-04 15:58 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll
+ 2009-10-04 15:57 . 2009-10-04 15:57 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
+ 2009-10-04 15:56 . 2009-10-04 15:56 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL 9.1c\AOL.EXE" [2008-11-06 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-01 180269]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2005-09-27 169984]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-14 16239616]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
mhbupd32.exe [2004-8-9 29184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli Shtret.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD@ccess.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD@ccess.lnk
backup=c:\windows\pss\DVD@ccess.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^mhbupd32.exe]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\mhbupd32.exe
backup=c:\windows\pss\mhbupd32.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ISPwdSvc"=3 (0x3)
"GameConsoleService"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"sprtsvc_ddoctorv2"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1159913245\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\1159913245\\EE\\aolsoftware.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\AOL 9.1a\\waol.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\AOL 9.1b\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AOL 9.1c\\waol.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop

R2 0229931254061299mcinstcleanup;McAfee Application Installer Cleanup (0229931254061299);c:\windows\TEMP\022993~1.EXE [x]
R3 {0D1C65DF-BFC7-4DB1-8A96CF4309C0C846};{0D1C65DF-BFC7-4DB1-8A96CF4309C0C846};c:\windows\System32\svchost.exe [2004-08-10 14336]
S2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [2003-11-22 29156]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ATWPKT2
*Deregistered* - ATWPKT2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
{0D1C65DF-BFC7-4DB1-8A96CF4309C0C846}
.
Contents of the 'Scheduled Tasks' folder

2009-09-25 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-25 04:26]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-25 04:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mhcc.edu
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\yafy98wb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query=
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: XULRunner: {B8542336-4284-4675-9352-84D2DE8DE27F} - c:\documents and settings\HP_Administrator\Local Settings\Application Data\{B8542336-4284-4675-9352-84D2DE8DE27F}
FF - HiddenExtension: XULRunner: {5D6BD32C-E7F1-4910-94A0-444E5E7E818F} - c:\documents and settings\Administrator\Local Settings\Application Data\{5D6BD32C-E7F1-4910-94A0-444E5E7E818F}\

---- FIREFOX POLICIES ----

FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-mserv - c:\documents and settings\HP_Administrator\Application Data\svcst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 11:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{0D1C65DF-BFC7-4DB1-8A96CF4309C0C846}]
"ServiceDll"="c:\docume~1\HP_ADM~1\LOCALS~1\Temp\11.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(824)
c:\windows\Shtret.dll
.
Completion time: 2009-10-04 11:48
ComboFix-quarantined-files.txt 2009-10-04 18:48
ComboFix2.txt 2009-10-03 20:25

Pre-Run: 202,688,040,960 bytes free
Post-Run: 202,709,901,312 bytes free

1324 --- E O F --- 2009-10-04 15:59
 
The Malware Bytes Log:

Malwarebytes' Anti-Malware 1.41
Database version: 2905
Windows 5.1.2600 Service Pack 2

10/4/2009 12:05:55 PM
mbam-log-2009-10-04 (12-05-55).txt

Scan type: Quick Scan
Objects scanned: 113803
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 7
Registry Data Items Infected: 5
Folders Infected: 2
Files Infected: 26

Memory Processes Infected:
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (Rogue.AntiVirusPro2010) -> Unloaded process successfully.
C:\Documents and Settings\HP_Administrator\Application Data\seres.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\HP_Administrator\Application Data\svcst.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\fias4051 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus pro 2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: shtret.dll -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Shtret.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\HelpAssistant\Application Data\seres.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Application Data\lizkavd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Application Data\svcst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\mhbupd32.exe (Trojan.Bredolab) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wpv761253200429.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZM16H6T6\(SC)[1].(N) (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.cfg (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\seres.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\lizkavd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\svcst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\z98a.bin (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wpv031254600698.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wpv081251834303.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\igidony.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Desktop\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
 
You must log in or register to reply here.
Back
Top