Sign In
Create Account
1
I have a trojan and can't get rid of it at all please help me I use my pc for work and contracts Need help Please!!!!!!!
Back to top
#2
Posted 13 October 2009 - 09:17 PM
-
- Members
-
- 5 posts
New Member
still having malware removal problems downloaded mbam and it quits right after scan starts anyone know how to fix
#3
Posted 16 October 2009 - 04:28 PM
-
- Moderators
-
- 6,031 posts
Forum Deity
Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingc...to-use-combofix
Post the log from ComboFix when you've accomplished that.
http://www.bleepingc...to-use-combofix
Post the log from ComboFix when you've accomplished that.
#4
Posted 21 October 2009 - 12:19 PM
-
- Members
-
- 5 posts
New Member
sUBs, on Oct 16 2009, 05:28 PM, said:
Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingc...to-use-combofix
Post the log from ComboFix when you've accomplished that.
http://www.bleepingc...to-use-combofix
Post the log from ComboFix when you've accomplished that.
Here is the Combofix log sorry for the lack of response i have been sick
Thank you for your help.
ComboFix 09-10-12.03 - mine 10/13/2009 11:12.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.601 [GMT -5:00]
Running from: c:\documents and settings\mine\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\mine\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\mine\Local Settings\Temp\IadHide5.dll
-- Previous Run --
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll
--------
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.
2009-10-13 16:04 . 2009-10-13 16:04 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\Apple Computer
2009-10-13 16:03 . 2009-10-13 16:03 -------- d-----w- c:\documents and settings\mine\Logs
2009-10-13 14:42 . 2009-10-13 14:42 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\AOL
2009-10-13 14:42 . 2009-10-13 14:42 -------- d-----w- c:\documents and settings\mine\Application Data\AOL
2009-10-13 13:40 . 2009-10-13 13:40 -------- d-----w- c:\documents and settings\mine\Application Data\Malwarebytes
2009-10-13 13:21 . 2009-10-13 13:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-13 13:10 . 2009-06-18 17:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2009-10-13 01:40 . 2009-10-13 01:40 -------- d-----w- c:\program files\Sophos
2009-10-13 01:07 . 2009-10-13 01:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL
2009-10-13 01:06 . 2009-10-13 01:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL
2009-10-13 00:50 . 2009-10-13 00:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-12 21:26 . 2009-10-12 21:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-10-12 21:20 . 2009-10-12 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-12 13:02 . 2009-10-12 13:02 -------- d-----w- c:\documents and settings\Guest.YOUR-4DACD0EA75\Local Settings\Application Data\AOL
2009-10-12 13:02 . 2009-10-12 13:02 -------- d-----w- c:\documents and settings\Guest.YOUR-4DACD0EA75\Application Data\AOL
2009-10-12 11:26 . 2009-10-12 11:26 -------- d-----w- c:\documents and settings\HP_Administrator\Logs
2009-10-12 00:02 . 2009-10-12 00:12 -------- d-----w- c:\windows\BDOSCAN8
2009-10-12 00:00 . 2009-10-12 22:59 -------- d-----w- c:\program files\a-squared Free
2009-10-11 23:48 . 2009-10-11 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2009-10-11 23:06 . 2009-10-11 23:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-11 22:50 . 2009-10-11 22:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Safer Networking
2009-10-11 22:34 . 2009-10-12 21:13 -------- d-----w- c:\program files\Safer Networking
2009-10-11 21:25 . 2009-10-12 21:12 -------- d-----w- c:\program files\Free Window Registry Repair
2009-10-11 20:07 . 2009-10-11 22:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-11 20:07 . 2009-10-11 20:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-10-11 19:43 . 2009-10-11 19:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-11 19:16 . 2009-10-11 20:42 -------- d-----w- c:\program files\Uniblue
2009-10-11 19:16 . 2009-10-11 20:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Uniblue
2009-10-11 17:59 . 2009-10-11 22:39 -------- d-----w- c:\program files\spybot
2009-10-11 16:08 . 2009-10-11 16:08 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\InstallShield
2009-10-11 16:08 . 2009-10-11 16:08 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\The Weather Channel
2009-10-11 16:08 . 2009-10-11 16:08 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Local Settings\Application Data\The Weather Channel
2009-10-11 16:08 . 2009-10-11 16:08 -------- d--h--w- c:\documents and settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}
2009-10-11 04:15 . 2009-10-11 04:15 -------- d-----w- c:\program files\Avira
2009-10-11 04:15 . 2009-10-11 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-09 14:49 . 2009-10-09 14:49 -------- d-----w- c:\program files\Lowrance
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 16:28 . 2006-02-23 02:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-13 12:03 . 2009-02-25 23:04 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp
2009-10-12 23:28 . 2008-05-27 15:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AOL
2009-10-12 21:13 . 2008-05-27 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-10-12 11:52 . 2006-12-16 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-12 11:27 . 2008-06-01 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-10-12 11:21 . 2008-02-11 14:23 -------- d-----w- c:\program files\Bonjour
2009-10-12 11:21 . 2006-02-23 01:32 -------- d-----w- c:\program files\DISC
2009-10-12 11:21 . 2007-01-26 14:18 -------- d-----w- c:\program files\Freeze.com
2009-10-11 17:34 . 2006-02-23 02:05 -------- d-----w- c:\program files\Norton Internet Security
2009-10-11 17:30 . 2009-10-11 17:29 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-11 17:30 . 2009-10-11 17:29 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-11 17:30 . 2006-02-23 02:04 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-11 17:30 . 2006-02-23 02:04 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-11 17:30 . 2006-02-23 02:04 -------- d-----w- c:\program files\Symantec
2009-10-11 17:06 . 2008-01-03 14:24 -------- d-----w- c:\program files\AOL 9.1
2009-10-11 16:09 . 2009-03-28 21:37 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\mjusbsp
2009-10-11 16:08 . 2006-02-23 01:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-11 14:20 . 2006-02-23 01:32 61008 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-11 04:02 . 2007-04-12 19:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-05 23:13 . 2006-09-06 13:23 -------- d-----w- c:\program files\Print Workshop 2006
2009-09-09 19:53 . 2009-09-09 19:19 176 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-09-09 19:21 . 2009-09-09 19:21 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Template
2009-09-05 13:30 . 2008-07-23 23:02 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\Apple Computer
2009-09-01 01:49 . 2009-09-01 01:47 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\Move Networks
2009-08-26 01:30 . 2006-04-28 01:37 -------- d-----w- c:\program files\Punch! Pro
2009-08-07 00:24 . 2004-08-10 04:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2004-08-10 04:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2007-07-31 02:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2007-07-31 02:19 44768 ----a-w- c:\windows\system32\wups2(2).dll
2009-08-07 00:24 . 2004-08-10 04:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2004-08-10 04:00 35552 ----a-w- c:\windows\system32\wups(2).dll
2009-08-07 00:24 . 2004-08-10 04:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-10 04:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2004-08-10 04:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2004-08-10 04:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2007-01-22 00:43 . 2006-12-23 02:40 0 ----a-w- c:\program files\llh.dll
2007-01-22 00:43 . 2006-12-23 02:32 7176 ----a-w- c:\program files\ARA.ini
2006-12-23 02:40 . 2006-12-23 02:40 679936 ----a-w- c:\program files\libeay32.dll
2006-12-23 02:40 . 2006-12-23 02:40 59904 ----a-w- c:\program files\zlib1.dll
2006-12-23 02:40 . 2006-12-23 02:40 147728 ----a-w- c:\program files\ASYCFILT.DLL
2006-12-23 02:40 . 2006-12-23 02:40 147456 ----a-w- c:\program files\ssleay32.dll
2006-12-23 02:32 . 2006-12-23 02:32 77824 ----a-w- c:\program files\DM.dll
2006-12-23 02:32 . 2006-12-23 02:32 995410 ----a-w- c:\program files\MFC42LU.DLL
2006-12-23 02:32 . 2006-12-23 02:32 393216 ----a-w- c:\program files\MSLUP60.dll
2006-12-23 02:32 . 2006-12-23 02:32 258352 ----a-w- c:\program files\UNICOWS.DLL
2006-12-23 02:32 . 2006-12-23 02:32 237568 ----a-w- c:\program files\MSLURT.dll
2006-10-31 01:27 . 2006-10-31 01:27 0 ----a-w- c:\program files\Common Files\err.log
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-02-23 01:32 . 2006-02-23 01:32 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2006-02-23 02:12 . 2005-11-10 00:29 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
2006-02-23 02:12 . 2005-11-10 00:29 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
2006-02-23 00:47 . 2005-06-02 06:35 49152 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe
2006-02-23 00:47 . 2005-06-02 06:35 49152 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
2005-05-12 14:12 . 2005-05-12 14:12 49152 c:\program files\HP\HP Software Update\bak\HPwuSchd2.exe
2007-05-08 21:24 . 2007-05-08 21:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe
2006-10-23 23:50 . 2005-11-10 18:03 36975 c:\program files\Java\jre1.5.0_06\bin\bak\jusched.exe
2005-11-01 17:01 . 2005-11-01 17:01 90112 c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\bak\DMAScheduler.exe
2005-11-01 17:01 . 2005-11-01 17:01 90112 c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
2006-10-29 04:05 . 2006-10-24 21:10 4662776 c:\program files\Yahoo!\Messenger\bak\YAHOOM~1.EXE
2006-02-23 01:45 . 2004-12-14 10:23 663552 c:\windows\CREATOR\bak\Remind_XP.exe
2006-02-23 01:45 . 2004-12-14 10:23 663552 c:\windows\CREATOR\Remind_XP.exe
2004-08-10 10:04 . 2005-08-06 04:56 64512 c:\windows\ehome\bak\ehtray.exe
2004-08-10 10:04 . 2005-08-06 04:56 64512 c:\windows\ehome\ehtray.exe
2006-02-23 01:45 . 2005-07-23 06:14 237568 c:\windows\SMINST\bak\RECGUARD.EXE
2006-02-23 01:45 . 2005-07-23 06:14 237568 c:\windows\SMINST\Recguard.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"AOL Fast Start"="c:\progra~1\AOL9~1.1\AOL.EXE" [2007-10-27 50528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [N/A]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HostManager"="c:\program files\Common Files\AOL\1225479186\ee\AOLSoftware.exe" [2008-06-24 41824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [N/A]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-25 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-01-23 15969280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
c:\documents and settings\Guest.YOUR-4DACD0EA75\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-22 27136]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
MEMonitor.lnk - c:\program files\Sprint music manager\MEMonitor.exe [2008-2-19 983040]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-5-27 1470480]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-12 972064]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-2-22 36903]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Carrie.YOUR-4DACD0EA75\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM(135)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [10/13/2009 8:10 AM 18816]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1.tmp --> c:\windows\system32\1.tmp [?]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 XoftSpyService;XoftSpyService;"c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe" --> c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2009-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
2009-10-11 c:\windows\Tasks\Norton Security Scan for Carrie.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-17 00:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
- - - - ORPHANS REMOVED - - - -
BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
Toolbar-Locked - (no file)
AddRemove-SuperiorCasino - c:\program files\SuperiorCasino\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 11:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2460)
c:\docume~1\mine\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\Common Files\Symantec Shared\CCPROXY.EXE
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\a-squared Free\a2service.exe
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\AOL9~1.1\waol.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\progra~1\AOL9~1.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2009-10-13 12:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-13 17:04
Pre-Run: 83,890,946,048 bytes free
Post-Run: 85,394,812,928 bytes free
333 --- E O F --- 2009-10-12 08:00
#5
Posted 21 October 2009 - 03:29 PM
-
- Moderators
-
- 6,031 posts
Forum Deity
Quote
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
You have a bad habit of installing assorted antivirus programs which do not uninstall well. They leave orphaned driver services on the machine. We need to clean those up.
-----------
Quote
c:\Program Files\Free Window Registry Repair
----------
Open NOTEPAD and copy/paste the text in the quotebox below into it:
SECCENTER::
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE::
c:\windows\system32\wups2(2).dll
c:\windows\system32\wups(2).dll
FOLDER::
c:\program files\Common Files\Real\Update_OB\bak
c:\program files\Hewlett-Packard\HP Boot Optimizer\bak
c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak
c:\program files\HP\HP Software Update\bak
c:\program files\Java\jre1.5.0_06\bin\bak
c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\bak
c:\program files\Yahoo!\Messenger\bak
C:\windows\CREATOR\bak
c:\windows\ehome\bak
c:\windows\SMINST\bak
DRIVER::
SASDIFSV
SASKUTIL
AntiVirSchedulerService
MEMSWEEP2
SASENUM
XoftSpyService
Save this as "CFScript"
Referring to the picture above, drag CFScript.txt into ComboFix.exe
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
Additonally, ComboFix will generate a zipped file at C:\Qoobox\Quarantine\[4]Submit@Date_Time.zip
Before proceeding to the next step, please submit this file to http://www.bleepingc...e.php?channel=4
---------------
ESET Online Scanner
- Please go to the following link ESET Online Scanner Link
- Tick the box YES, I accept the Terms Of Use
- Click the Start button
- Now click the Install button
- Click Start
The scanner engine will initialise and update
- Do Not tick the box Remove found threats
- Click the Scan button
The scan will now run, please be patient
- When the scan finishes click the Details tab
- Copy and paste the contents of the C:\Program Files\EsetOnlineScanner\log.txt back here.
---------------
In your next post, please include fresh logs from:
- Online scan
- ComboFix's log
#6
Posted 24 October 2009 - 12:25 AM
-
- Members
-
- 5 posts
New Member
Combofixs log
ComboFix 09-10-22.01 - mine 10/23/2009 18:27.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.564 [GMT -5:00]
Running from: c:\documents and settings\mine\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mine\Desktop\CFScript.txt
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FILE ::
"c:\windows\system32\wups(2).dll"
"c:\windows\system32\wups2(2).dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\mine\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\mine\Local Settings\temp\IadHide5.dll
.
---- Previous Run -------
.
c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe
c:\program files\HP\HP Software Update\bak\HPwuSchd2.exe
c:\program files\Java\jre1.5.0_06\bin\bak\jusched.exe
c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\bak\DMAScheduler.exe
c:\program files\Yahoo!\Messenger\bak\YAHOOM~1.EXE
c:\windows\CREATOR\bak\Remind_XP.exe
c:\windows\ehome\bak\ehtray.exe
c:\windows\SMINST\bak\RECGUARD.EXE
c:\windows\system32\wups(2).dll
c:\windows\system32\wups2(2).dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ANTIVIRSCHEDULERSERVICE
-------\Legacy_MEMSWEEP2
-------\Legacy_SASDIFSV
-------\Legacy_SASENUM
-------\Legacy_SASKUTIL
-------\Legacy_XOFTSPYSERVICE
-------\Service_AntiVirSchedulerService
-------\Service_MEMSWEEP2
-------\Service_SASDIFSV
-------\Service_SASENUM
-------\Service_SASKUTIL
-------\Service_XoftSpyService
((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.
2009-10-23 13:32 . 2009-10-23 13:32 -------- d-----w- c:\program files\ESET
2009-10-21 12:51 . 2009-10-21 12:51 -------- d-----w- c:\documents and settings\mine\Application Data\HP
2009-10-21 12:51 . 2009-10-21 12:51 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\IsolatedStorage
2009-10-21 12:51 . 2009-10-21 12:51 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\HP
2009-10-19 20:47 . 2009-10-21 05:47 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Logs
2009-10-14 15:35 . 2009-10-14 15:36 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\Adobe
2009-10-13 16:04 . 2009-10-13 16:04 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\Apple Computer
2009-10-13 16:03 . 2009-10-23 13:26 -------- d-----w- c:\documents and settings\mine\Logs
2009-10-13 14:42 . 2009-10-13 14:42 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\AOL
2009-10-13 14:42 . 2009-10-13 14:42 -------- d-----w- c:\documents and settings\mine\Application Data\AOL
2009-10-13 13:40 . 2009-10-13 13:40 -------- d-----w- c:\documents and settings\mine\Application Data\Malwarebytes
2009-10-13 13:21 . 2009-10-13 13:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-13 13:10 . 2009-06-18 17:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2009-10-13 01:40 . 2009-10-13 01:40 -------- d-----w- c:\program files\Sophos
2009-10-13 01:07 . 2009-10-13 01:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL
2009-10-13 01:06 . 2009-10-13 01:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL
2009-10-13 00:50 . 2009-10-13 00:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-12 21:26 . 2009-10-12 21:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-10-12 21:20 . 2009-10-12 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-12 13:02 . 2009-10-12 13:02 -------- d-----w- c:\documents and settings\Guest.YOUR-4DACD0EA75\Local Settings\Application Data\AOL
2009-10-12 13:02 . 2009-10-12 13:02 -------- d-----w- c:\documents and settings\Guest.YOUR-4DACD0EA75\Application Data\AOL
2009-10-12 11:26 . 2009-10-23 12:49 -------- d-----w- c:\documents and settings\HP_Administrator\Logs
2009-10-12 00:02 . 2009-10-12 00:12 -------- d-----w- c:\windows\BDOSCAN8
2009-10-12 00:00 . 2009-10-23 23:38 -------- d-----w- c:\program files\a-squared Free
2009-10-11 23:48 . 2009-10-11 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2009-10-11 23:06 . 2009-10-11 23:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-11 22:50 . 2009-10-11 22:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Safer Networking
2009-10-11 22:34 . 2009-10-12 21:13 -------- d-----w- c:\program files\Safer Networking
2009-10-11 21:25 . 2009-10-12 21:12 -------- d-----w- c:\program files\Free Window Registry Repair
2009-10-11 20:07 . 2009-10-11 22:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-11 20:07 . 2009-10-11 20:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-10-11 19:43 . 2009-10-11 19:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-11 19:16 . 2009-10-11 20:42 -------- d-----w- c:\program files\Uniblue
2009-10-11 19:16 . 2009-10-11 20:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Uniblue
2009-10-11 17:59 . 2009-10-11 22:39 -------- d-----w- c:\program files\spybot
2009-10-11 16:08 . 2009-10-11 16:08 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\InstallShield
2009-10-11 16:08 . 2009-10-11 16:08 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\The Weather Channel
2009-10-11 16:08 . 2009-10-11 16:08 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Local Settings\Application Data\The Weather Channel
2009-10-11 16:08 . 2009-10-11 16:08 -------- d--h--w- c:\documents and settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}
2009-10-11 04:15 . 2009-10-11 04:15 -------- d-----w- c:\program files\Avira
2009-10-11 04:15 . 2009-10-11 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-09 14:49 . 2009-10-09 14:49 -------- d-----w- c:\program files\Lowrance
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 23:38 . 2006-02-23 02:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-23 12:50 . 2009-02-25 23:04 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp
2009-10-22 17:23 . 2009-07-17 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-10-22 17:23 . 2007-04-12 19:09 -------- d-----w- c:\program files\Norton Security Scan
2009-10-21 12:51 . 2009-10-13 13:37 127 ----a-w- c:\documents and settings\mine\Local Settings\Application Data\fusioncache.dat
2009-10-19 20:47 . 2009-03-28 21:37 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\mjusbsp
2009-10-19 20:47 . 2006-12-16 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-12 23:28 . 2008-05-27 15:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AOL
2009-10-12 21:13 . 2008-05-27 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-10-12 11:27 . 2008-06-01 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-10-12 11:21 . 2008-02-11 14:23 -------- d-----w- c:\program files\Bonjour
2009-10-12 11:21 . 2006-02-23 01:32 -------- d-----w- c:\program files\DISC
2009-10-12 11:21 . 2007-01-26 14:18 -------- d-----w- c:\program files\Freeze.com
2009-10-11 17:34 . 2006-02-23 02:05 -------- d-----w- c:\program files\Norton Internet Security
2009-10-11 17:30 . 2009-10-11 17:29 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-11 17:30 . 2009-10-11 17:29 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-11 17:30 . 2006-02-23 02:04 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-11 17:30 . 2006-02-23 02:04 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-11 17:30 . 2006-02-23 02:04 -------- d-----w- c:\program files\Symantec
2009-10-11 17:06 . 2008-01-03 14:24 -------- d-----w- c:\program files\AOL 9.1
2009-10-11 16:08 . 2006-02-23 01:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-11 14:20 . 2006-02-23 01:32 61008 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-11 04:02 . 2007-04-12 19:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-05 23:13 . 2006-09-06 13:23 -------- d-----w- c:\program files\Print Workshop 2006
2009-09-11 14:18 . 2004-08-10 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 19:53 . 2009-09-09 19:19 176 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-09-09 19:21 . 2009-09-09 19:21 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Template
2009-09-05 13:30 . 2008-07-23 23:02 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\Apple Computer
2009-09-04 21:03 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 01:49 . 2009-09-01 01:47 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\Move Networks
2009-08-26 08:00 . 2004-08-10 04:00 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-26 01:30 . 2006-04-28 01:37 -------- d-----w- c:\program files\Punch! Pro
2009-08-07 00:24 . 2004-08-10 04:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2004-08-10 04:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2007-07-31 02:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2004-08-10 04:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2004-08-10 04:00 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-10 04:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2004-08-10 04:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2004-08-10 04:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2008-05-27 14:17 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-10 11:00 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2007-01-22 00:43 . 2006-12-23 02:40 0 ----a-w- c:\program files\llh.dll
2007-01-22 00:43 . 2006-12-23 02:32 7176 ----a-w- c:\program files\ARA.ini
2006-12-23 02:40 . 2006-12-23 02:40 679936 ----a-w- c:\program files\libeay32.dll
2006-12-23 02:40 . 2006-12-23 02:40 59904 ----a-w- c:\program files\zlib1.dll
2006-12-23 02:40 . 2006-12-23 02:40 147728 ----a-w- c:\program files\ASYCFILT.DLL
2006-12-23 02:40 . 2006-12-23 02:40 147456 ----a-w- c:\program files\ssleay32.dll
2006-12-23 02:32 . 2006-12-23 02:32 77824 ----a-w- c:\program files\DM.dll
2006-12-23 02:32 . 2006-12-23 02:32 995410 ----a-w- c:\program files\MFC42LU.DLL
2006-12-23 02:32 . 2006-12-23 02:32 393216 ----a-w- c:\program files\MSLUP60.dll
2006-12-23 02:32 . 2006-12-23 02:32 258352 ----a-w- c:\program files\UNICOWS.DLL
2006-12-23 02:32 . 2006-12-23 02:32 237568 ----a-w- c:\program files\MSLURT.dll
2006-10-31 01:27 . 2006-10-31 01:27 0 ----a-w- c:\program files\Common Files\err.log
.
((((((((((((((((((((((((((((( SnapShot@2009-10-13_16.57.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-23 23:38 . 2009-10-23 23:38 16384 c:\windows\temp\Perflib_Perfdata_6d0.dat
+ 2004-08-10 04:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
- 2004-08-10 04:00 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2004-08-10 04:00 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
- 2005-08-31 04:07 . 2009-08-06 09:03 71936 c:\windows\system32\perfc009.dat
+ 2005-08-31 04:07 . 2009-10-15 08:07 71936 c:\windows\system32\perfc009.dat
+ 2004-08-10 11:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2009-06-25 00:56 . 2009-06-25 00:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2007-04-14 01:58 . 2007-04-14 01:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 02:30 . 2007-04-14 02:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-09-30 01:11 . 2009-06-24 17:56 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
+ 2004-10-08 00:36 . 2009-06-24 17:56 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
+ 2004-08-04 04:12 . 2009-06-24 03:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2004-08-04 04:12 . 2007-01-02 21:29 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2004-08-04 04:12 . 2007-01-02 21:29 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2004-08-04 04:12 . 2009-06-24 03:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2004-08-04 04:11 . 2009-06-24 03:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2004-08-04 04:11 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2002-06-21 23:31 . 2009-06-24 03:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
- 2002-06-21 23:31 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2009-10-15 08:04 . 2009-10-15 08:04 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_eadff9a2\System.Drawing.Design.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_4222eac3\CustomMarshalers.dll
+ 2009-10-15 08:02 . 2009-10-15 08:02 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_60a2a8b3\System.Drawing.Design.dll
+ 2009-10-15 08:01 . 2009-10-15 08:01 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_6ee7e500\CustomMarshalers.dll
+ 2009-10-15 08:09 . 2009-10-15 08:09 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2009-10-15 08:07 . 2009-10-15 08:07 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2009-10-15 08:10 . 2009-10-15 08:10 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2004-07-20 00:54 . 2007-01-02 21:29 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2004-07-20 00:54 . 2009-06-29 16:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2009-08-06 09:02 . 2009-08-06 09:02 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-08-06 09:02 . 2009-08-06 09:02 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-08-06 09:02 . 2009-08-06 09:02 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2004-08-10 04:00 . 2009-04-02 04:02 604160 c:\windows\system32\wmspdmod.dll
+ 2004-08-10 04:00 . 2009-06-25 08:25 147456 c:\windows\system32\schannel.dll
+ 2005-08-31 04:07 . 2009-10-15 08:07 442796 c:\windows\system32\perfh009.dat
- 2005-08-31 04:07 . 2009-08-06 09:03 442796 c:\windows\system32\perfh009.dat
+ 2004-08-10 04:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2004-08-10 04:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2004-08-10 04:00 . 2009-04-02 04:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-08-10 04:00 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
- 2004-08-10 04:00 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-04-15 17:00 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-08-08 04:51 . 2009-08-08 04:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 01:58 . 2007-04-14 01:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 01:56 . 2007-04-14 01:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 02:30 . 2007-04-14 02:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2004-07-20 00:54 . 2009-06-24 02:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2004-07-20 00:54 . 2004-07-20 00:54 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2004-08-04 04:11 . 2009-06-24 03:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
- 2004-08-04 04:11 . 2008-04-13 16:09 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2007-07-11 08:05 . 2007-07-11 08:05 835584 c:\windows\assembly\temp\GPX5DLT19H\System.Drawing.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6e601873\System.Drawing.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b440d574\System.Drawing.Design.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_2c383db0\CustomMarshalers.dll
+ 2009-10-15 08:02 . 2009-10-15 08:02 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_99eb12a3\System.Drawing.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2009-10-15 08:09 . 2009-10-15 08:09 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2009-10-15 08:09 . 2009-10-15 08:09 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2009-10-15 08:09 . 2009-10-15 08:09 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2009-10-15 08:13 . 2009-10-15 08:13 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2009-10-15 08:10 . 2009-10-15 08:10 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2009-10-15 08:10 . 2009-10-15 08:10 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2009-10-15 08:09 . 2009-10-15 08:09 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2009-10-15 08:11 . 2009-10-15 08:11 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2009-10-15 08:08 . 2009-10-15 08:08 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2009-10-15 08:11 . 2009-10-15 08:11 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2009-10-15 08:10 . 2009-10-15 08:10 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-14 11:28 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2004-08-10 04:00 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
- 2004-08-10 04:00 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
+ 2008-10-15 03:50 . 2009-08-05 01:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-15 03:50 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 03:50 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-15 03:50 . 2009-02-08 00:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 03:50 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-15 03:50 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-15 03:50 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-08-08 04:51 . 2009-08-08 04:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2009-08-08 04:51 . 2009-08-08 04:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2008-11-25 09:59 . 2008-11-25 09:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2007-04-14 02:35 . 2007-04-14 02:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 02:35 . 2007-04-14 02:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2007-04-14 01:50 . 2007-04-14 01:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2004-07-20 00:54 . 2009-06-29 16:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2004-07-20 00:54 . 2007-01-02 21:40 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2004-07-20 00:54 . 2009-06-24 03:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2004-07-20 00:54 . 2007-12-17 11:59 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2004-07-20 00:54 . 2007-12-17 11:58 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2004-07-20 00:54 . 2009-06-24 03:00 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2004-07-20 00:54 . 2009-06-29 16:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
- 2004-07-20 00:54 . 2007-01-02 21:21 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2008-10-15 03:50 . 2009-08-05 01:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-15 03:50 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 03:50 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 03:50 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-15 03:50 . 2009-02-08 00:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-15 03:50 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-15 03:50 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-05-27 15:25 . 2008-05-27 15:25 1966080 c:\windows\assembly\temp\JT18GOW4CK\System.dll
+ 2007-07-11 08:05 . 2007-07-11 08:05 3391488 c:\windows\assembly\temp\HQX5DLT19I\mscorlib.dll
+ 2008-05-27 15:25 . 2008-05-27 15:25 3018752 c:\windows\assembly\temp\BKS08GOW4C\System.Windows.Forms.dll
+ 2008-05-27 15:24 . 2008-05-27 15:24 1232896 c:\windows\assembly\temp\9IQY6EMU2A\System.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_e5a6130a\System.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_1b6b0e48\System.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_5624fde4\System.Xml.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_073078b1\System.Xml.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a7e408ef\System.Windows.Forms.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_40af74a8\System.Windows.Forms.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_246b5f70\System.Drawing.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_d31c95f6\System.Design.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_5dc3b1e9\System.Design.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f1f2ed3b\mscorlib.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e82d3b19\mscorlib.dll
+ 2009-10-15 08:01 . 2009-10-15 08:01 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_9de2f62a\System.dll
+ 2009-10-15 08:02 . 2009-10-15 08:02 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_8f6a95b4\System.Xml.dll
+ 2009-10-15 08:02 . 2009-10-15 08:02 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_9dc78be5\System.Windows.Forms.dll
+ 2009-10-15 08:02 . 2009-10-15 08:02 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_c8124de0\System.Design.dll
+ 2009-10-15 08:01 . 2009-10-15 08:01 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_3d728a4e\mscorlib.dll
+ 2009-10-15 08:07 . 2009-10-15 08:07 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2009-10-15 08:09 . 2009-10-15 08:09 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2009-10-15 08:07 . 2009-10-15 08:07 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2009-10-15 08:09 . 2009-10-15 08:09 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2009-10-15 08:09 . 2009-10-15 08:09 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2009-10-15 08:10 . 2009-10-15 08:10 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2009-10-15 08:09 . 2009-10-15 08:09 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2009-10-15 08:10 . 2009-10-15 08:10 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2009-10-15 08:09 . 2009-10-15 08:09 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2009-10-15 08:07 . 2009-10-15 08:07 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-15 08:03 . 2009-10-15 08:03 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2008-05-27 15:24 . 2008-05-27 15:24 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-10-15 08:03 . 2009-10-15 08:03 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-05-27 15:24 . 2008-05-27 15:24 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-08-21 11:32 . 2008-08-21 11:32 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-15 08:01 . 2009-10-15 08:01 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-08-11 02:08 . 2009-08-11 02:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-08-15 01:32 . 2009-08-15 01:32 11110912 c:\windows\Installer\87f317c.msp
+ 2009-08-10 19:09 . 2009-08-10 19:09 17254912 c:\windows\Installer\87f3173.msp
+ 2009-10-15 08:09 . 2009-10-15 08:09 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2009-10-15 08:07 . 2009-10-15 08:07 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"AOL Fast Start"="c:\progra~1\AOL9~1.1\AOL.EXE" [2007-10-27 50528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HostManager"="c:\program files\Common Files\AOL\1225479186\ee\AOLSoftware.exe" [2008-06-24 41824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-25 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-01-23 15969280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
c:\documents and settings\Guest.YOUR-4DACD0EA75\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-22 27136]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
MEMonitor.lnk - c:\program files\Sprint music manager\MEMonitor.exe [2008-2-19 983040]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-5-27 1470480]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-12 972064]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-2-22 36903]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Documents and Settings\\Carrie.YOUR-4DACD0EA75\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM(135)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [10/13/2009 8:10 AM 18816]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-DISCover - c:\program files\DISC\DISCover.exe
HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 18:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1256)
c:\docume~1\mine\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\combofix\CF8876.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\AOL9~1.1\waol.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\progra~1\AOL9~1.1\shellmon.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-23 18:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-23 23:58
ComboFix2.txt 2009-10-13 17:04
Pre-Run: 91,431,337,984 bytes free
Post-Run: 91,439,345,664 bytes free
- - End Of File - - E28D34C0A72CA53B7EB4B7270C1B389B
and here is the eset log
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# waol.exe=9.05.001
# OnlineScanner.ocx=1.0.0.6210
# api_version=3.0.2
# EOSSerial=3786ec64b74e73499760cd3e6620608a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-23 02:53:38
# local_time=2009-10-23 09:53:38 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777215 100 0 148975 148975 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=217091
# found=13
# cleaned=13
# scan_time=4542
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GameVance10.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GameVance11.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\B75FA91E\3E688669\stbsvc.exe Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\EB91CE86\3E688669\stbdl.exe a variant of Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Downloads\DTR2-dm[1].exe Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Carrie.YOUR-4DACD0EA75\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.0.21210\bin\stbup.exe.vir a variant of Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Carrie.YOUR-4DACD0EA75\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe.vir multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Carrie.YOUR-4DACD0EA75\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe.vir a variant of Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir a variant of Win32/Kryptik.YQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP565\A0105230.exe Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP565\A0105231.exe a variant of Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP565\A0105232.exe Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# waol.exe=9.05.001
# OnlineScanner.ocx=1.0.0.6210
# api_version=3.0.2
# EOSSerial=3786ec64b74e73499760cd3e6620608a
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-23 11:22:58
# local_time=2009-10-23 06:22:58 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777215 100 0 184069 184069 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=241
# found=0
# cleaned=0
# scan_time=5
ComboFix 09-10-22.01 - mine 10/23/2009 18:27.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.564 [GMT -5:00]
Running from: c:\documents and settings\mine\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mine\Desktop\CFScript.txt
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FILE ::
"c:\windows\system32\wups(2).dll"
"c:\windows\system32\wups2(2).dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\mine\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\mine\Local Settings\temp\IadHide5.dll
.
---- Previous Run -------
.
c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe
c:\program files\HP\HP Software Update\bak\HPwuSchd2.exe
c:\program files\Java\jre1.5.0_06\bin\bak\jusched.exe
c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\bak\DMAScheduler.exe
c:\program files\Yahoo!\Messenger\bak\YAHOOM~1.EXE
c:\windows\CREATOR\bak\Remind_XP.exe
c:\windows\ehome\bak\ehtray.exe
c:\windows\SMINST\bak\RECGUARD.EXE
c:\windows\system32\wups(2).dll
c:\windows\system32\wups2(2).dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ANTIVIRSCHEDULERSERVICE
-------\Legacy_MEMSWEEP2
-------\Legacy_SASDIFSV
-------\Legacy_SASENUM
-------\Legacy_SASKUTIL
-------\Legacy_XOFTSPYSERVICE
-------\Service_AntiVirSchedulerService
-------\Service_MEMSWEEP2
-------\Service_SASDIFSV
-------\Service_SASENUM
-------\Service_SASKUTIL
-------\Service_XoftSpyService
((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.
2009-10-23 13:32 . 2009-10-23 13:32 -------- d-----w- c:\program files\ESET
2009-10-21 12:51 . 2009-10-21 12:51 -------- d-----w- c:\documents and settings\mine\Application Data\HP
2009-10-21 12:51 . 2009-10-21 12:51 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\IsolatedStorage
2009-10-21 12:51 . 2009-10-21 12:51 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\HP
2009-10-19 20:47 . 2009-10-21 05:47 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Logs
2009-10-14 15:35 . 2009-10-14 15:36 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\Adobe
2009-10-13 16:04 . 2009-10-13 16:04 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\Apple Computer
2009-10-13 16:03 . 2009-10-23 13:26 -------- d-----w- c:\documents and settings\mine\Logs
2009-10-13 14:42 . 2009-10-13 14:42 -------- d-----w- c:\documents and settings\mine\Local Settings\Application Data\AOL
2009-10-13 14:42 . 2009-10-13 14:42 -------- d-----w- c:\documents and settings\mine\Application Data\AOL
2009-10-13 13:40 . 2009-10-13 13:40 -------- d-----w- c:\documents and settings\mine\Application Data\Malwarebytes
2009-10-13 13:21 . 2009-10-13 13:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-13 13:10 . 2009-06-18 17:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2009-10-13 01:40 . 2009-10-13 01:40 -------- d-----w- c:\program files\Sophos
2009-10-13 01:07 . 2009-10-13 01:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL
2009-10-13 01:06 . 2009-10-13 01:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL
2009-10-13 00:50 . 2009-10-13 00:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-12 21:26 . 2009-10-12 21:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-10-12 21:20 . 2009-10-12 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-12 13:02 . 2009-10-12 13:02 -------- d-----w- c:\documents and settings\Guest.YOUR-4DACD0EA75\Local Settings\Application Data\AOL
2009-10-12 13:02 . 2009-10-12 13:02 -------- d-----w- c:\documents and settings\Guest.YOUR-4DACD0EA75\Application Data\AOL
2009-10-12 11:26 . 2009-10-23 12:49 -------- d-----w- c:\documents and settings\HP_Administrator\Logs
2009-10-12 00:02 . 2009-10-12 00:12 -------- d-----w- c:\windows\BDOSCAN8
2009-10-12 00:00 . 2009-10-23 23:38 -------- d-----w- c:\program files\a-squared Free
2009-10-11 23:48 . 2009-10-11 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2009-10-11 23:06 . 2009-10-11 23:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-11 22:50 . 2009-10-11 22:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Safer Networking
2009-10-11 22:34 . 2009-10-12 21:13 -------- d-----w- c:\program files\Safer Networking
2009-10-11 21:25 . 2009-10-12 21:12 -------- d-----w- c:\program files\Free Window Registry Repair
2009-10-11 20:07 . 2009-10-11 22:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-11 20:07 . 2009-10-11 20:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-10-11 19:43 . 2009-10-11 19:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-11 19:16 . 2009-10-11 20:42 -------- d-----w- c:\program files\Uniblue
2009-10-11 19:16 . 2009-10-11 20:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Uniblue
2009-10-11 17:59 . 2009-10-11 22:39 -------- d-----w- c:\program files\spybot
2009-10-11 16:08 . 2009-10-11 16:08 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\InstallShield
2009-10-11 16:08 . 2009-10-11 16:08 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\The Weather Channel
2009-10-11 16:08 . 2009-10-11 16:08 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Local Settings\Application Data\The Weather Channel
2009-10-11 16:08 . 2009-10-11 16:08 -------- d--h--w- c:\documents and settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}
2009-10-11 04:15 . 2009-10-11 04:15 -------- d-----w- c:\program files\Avira
2009-10-11 04:15 . 2009-10-11 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-09 14:49 . 2009-10-09 14:49 -------- d-----w- c:\program files\Lowrance
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 23:38 . 2006-02-23 02:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-23 12:50 . 2009-02-25 23:04 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp
2009-10-22 17:23 . 2009-07-17 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-10-22 17:23 . 2007-04-12 19:09 -------- d-----w- c:\program files\Norton Security Scan
2009-10-21 12:51 . 2009-10-13 13:37 127 ----a-w- c:\documents and settings\mine\Local Settings\Application Data\fusioncache.dat
2009-10-19 20:47 . 2009-03-28 21:37 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\mjusbsp
2009-10-19 20:47 . 2006-12-16 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-12 23:28 . 2008-05-27 15:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AOL
2009-10-12 21:13 . 2008-05-27 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-10-12 11:27 . 2008-06-01 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-10-12 11:21 . 2008-02-11 14:23 -------- d-----w- c:\program files\Bonjour
2009-10-12 11:21 . 2006-02-23 01:32 -------- d-----w- c:\program files\DISC
2009-10-12 11:21 . 2007-01-26 14:18 -------- d-----w- c:\program files\Freeze.com
2009-10-11 17:34 . 2006-02-23 02:05 -------- d-----w- c:\program files\Norton Internet Security
2009-10-11 17:30 . 2009-10-11 17:29 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-11 17:30 . 2009-10-11 17:29 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-11 17:30 . 2006-02-23 02:04 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-11 17:30 . 2006-02-23 02:04 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-11 17:30 . 2006-02-23 02:04 -------- d-----w- c:\program files\Symantec
2009-10-11 17:06 . 2008-01-03 14:24 -------- d-----w- c:\program files\AOL 9.1
2009-10-11 16:08 . 2006-02-23 01:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-11 14:20 . 2006-02-23 01:32 61008 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-11 04:02 . 2007-04-12 19:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-05 23:13 . 2006-09-06 13:23 -------- d-----w- c:\program files\Print Workshop 2006
2009-09-11 14:18 . 2004-08-10 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 19:53 . 2009-09-09 19:19 176 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-09-09 19:21 . 2009-09-09 19:21 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Template
2009-09-05 13:30 . 2008-07-23 23:02 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\Apple Computer
2009-09-04 21:03 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 01:49 . 2009-09-01 01:47 -------- d-----w- c:\documents and settings\Carrie.YOUR-4DACD0EA75\Application Data\Move Networks
2009-08-26 08:00 . 2004-08-10 04:00 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-26 01:30 . 2006-04-28 01:37 -------- d-----w- c:\program files\Punch! Pro
2009-08-07 00:24 . 2004-08-10 04:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2004-08-10 04:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2007-07-31 02:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2004-08-10 04:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2004-08-10 04:00 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-10 04:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2004-08-10 04:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2004-08-10 04:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2008-05-27 14:17 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-10 11:00 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2007-01-22 00:43 . 2006-12-23 02:40 0 ----a-w- c:\program files\llh.dll
2007-01-22 00:43 . 2006-12-23 02:32 7176 ----a-w- c:\program files\ARA.ini
2006-12-23 02:40 . 2006-12-23 02:40 679936 ----a-w- c:\program files\libeay32.dll
2006-12-23 02:40 . 2006-12-23 02:40 59904 ----a-w- c:\program files\zlib1.dll
2006-12-23 02:40 . 2006-12-23 02:40 147728 ----a-w- c:\program files\ASYCFILT.DLL
2006-12-23 02:40 . 2006-12-23 02:40 147456 ----a-w- c:\program files\ssleay32.dll
2006-12-23 02:32 . 2006-12-23 02:32 77824 ----a-w- c:\program files\DM.dll
2006-12-23 02:32 . 2006-12-23 02:32 995410 ----a-w- c:\program files\MFC42LU.DLL
2006-12-23 02:32 . 2006-12-23 02:32 393216 ----a-w- c:\program files\MSLUP60.dll
2006-12-23 02:32 . 2006-12-23 02:32 258352 ----a-w- c:\program files\UNICOWS.DLL
2006-12-23 02:32 . 2006-12-23 02:32 237568 ----a-w- c:\program files\MSLURT.dll
2006-10-31 01:27 . 2006-10-31 01:27 0 ----a-w- c:\program files\Common Files\err.log
.
((((((((((((((((((((((((((((( SnapShot@2009-10-13_16.57.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-23 23:38 . 2009-10-23 23:38 16384 c:\windows\temp\Perflib_Perfdata_6d0.dat
+ 2004-08-10 04:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
- 2004-08-10 04:00 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2004-08-10 04:00 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
- 2005-08-31 04:07 . 2009-08-06 09:03 71936 c:\windows\system32\perfc009.dat
+ 2005-08-31 04:07 . 2009-10-15 08:07 71936 c:\windows\system32\perfc009.dat
+ 2004-08-10 11:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2009-06-25 00:56 . 2009-06-25 00:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2007-04-14 01:58 . 2007-04-14 01:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 02:30 . 2007-04-14 02:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-09-30 01:11 . 2009-06-24 17:56 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
+ 2004-10-08 00:36 . 2009-06-24 17:56 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
+ 2004-08-04 04:12 . 2009-06-24 03:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2004-08-04 04:12 . 2007-01-02 21:29 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2004-08-04 04:12 . 2007-01-02 21:29 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2004-08-04 04:12 . 2009-06-24 03:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2004-08-04 04:11 . 2009-06-24 03:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2004-08-04 04:11 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2002-06-21 23:31 . 2009-06-24 03:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
- 2002-06-21 23:31 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2009-10-15 08:04 . 2009-10-15 08:04 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_eadff9a2\System.Drawing.Design.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_4222eac3\CustomMarshalers.dll
+ 2009-10-15 08:02 . 2009-10-15 08:02 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_60a2a8b3\System.Drawing.Design.dll
+ 2009-10-15 08:01 . 2009-10-15 08:01 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_6ee7e500\CustomMarshalers.dll
+ 2009-10-15 08:09 . 2009-10-15 08:09 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2009-10-15 08:07 . 2009-10-15 08:07 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2009-10-15 08:10 . 2009-10-15 08:10 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2004-07-20 00:54 . 2007-01-02 21:29 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2004-07-20 00:54 . 2009-06-29 16:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2009-08-06 09:02 . 2009-08-06 09:02 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-08-06 09:02 . 2009-08-06 09:02 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-08-06 09:02 . 2009-08-06 09:02 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2004-08-10 04:00 . 2009-04-02 04:02 604160 c:\windows\system32\wmspdmod.dll
+ 2004-08-10 04:00 . 2009-06-25 08:25 147456 c:\windows\system32\schannel.dll
+ 2005-08-31 04:07 . 2009-10-15 08:07 442796 c:\windows\system32\perfh009.dat
- 2005-08-31 04:07 . 2009-08-06 09:03 442796 c:\windows\system32\perfh009.dat
+ 2004-08-10 04:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2004-08-10 04:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2004-08-10 04:00 . 2009-04-02 04:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-08-10 04:00 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
- 2004-08-10 04:00 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-04-15 17:00 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-08-08 04:51 . 2009-08-08 04:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 01:58 . 2007-04-14 01:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 01:56 . 2007-04-14 01:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 02:30 . 2007-04-14 02:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2004-07-20 00:54 . 2009-06-24 02:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2004-07-20 00:54 . 2004-07-20 00:54 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2004-08-04 04:11 . 2009-06-24 03:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
- 2004-08-04 04:11 . 2008-04-13 16:09 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2007-07-11 08:05 . 2007-07-11 08:05 835584 c:\windows\assembly\temp\GPX5DLT19H\System.Drawing.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6e601873\System.Drawing.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b440d574\System.Drawing.Design.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_2c383db0\CustomMarshalers.dll
+ 2009-10-15 08:02 . 2009-10-15 08:02 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_99eb12a3\System.Drawing.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2009-10-15 08:09 . 2009-10-15 08:09 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2009-10-15 08:09 . 2009-10-15 08:09 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2009-10-15 08:09 . 2009-10-15 08:09 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2009-10-15 08:13 . 2009-10-15 08:13 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2009-10-15 08:10 . 2009-10-15 08:10 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2009-10-15 08:10 . 2009-10-15 08:10 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2009-10-15 08:09 . 2009-10-15 08:09 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2009-10-15 08:11 . 2009-10-15 08:11 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2009-10-15 08:08 . 2009-10-15 08:08 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2009-10-15 08:11 . 2009-10-15 08:11 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2009-10-15 08:10 . 2009-10-15 08:10 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-14 11:28 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2004-08-10 04:00 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
- 2004-08-10 04:00 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
+ 2008-10-15 03:50 . 2009-08-05 01:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-15 03:50 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 03:50 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-15 03:50 . 2009-02-08 00:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 03:50 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-15 03:50 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-15 03:50 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-08-08 04:51 . 2009-08-08 04:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2009-08-08 04:51 . 2009-08-08 04:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2008-11-25 09:59 . 2008-11-25 09:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2007-04-14 02:35 . 2007-04-14 02:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 02:35 . 2007-04-14 02:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2007-04-14 01:50 . 2007-04-14 01:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2004-07-20 00:54 . 2009-06-29 16:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2004-07-20 00:54 . 2007-01-02 21:40 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2004-07-20 00:54 . 2009-06-24 03:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2004-07-20 00:54 . 2007-12-17 11:59 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2004-07-20 00:54 . 2007-12-17 11:58 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2004-07-20 00:54 . 2009-06-24 03:00 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2004-07-20 00:54 . 2009-06-29 16:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
- 2004-07-20 00:54 . 2007-01-02 21:21 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2008-10-15 03:50 . 2009-08-05 01:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-15 03:50 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 03:50 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 03:50 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-15 03:50 . 2009-02-08 00:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-15 03:50 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-15 03:50 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-05-27 15:25 . 2008-05-27 15:25 1966080 c:\windows\assembly\temp\JT18GOW4CK\System.dll
+ 2007-07-11 08:05 . 2007-07-11 08:05 3391488 c:\windows\assembly\temp\HQX5DLT19I\mscorlib.dll
+ 2008-05-27 15:25 . 2008-05-27 15:25 3018752 c:\windows\assembly\temp\BKS08GOW4C\System.Windows.Forms.dll
+ 2008-05-27 15:24 . 2008-05-27 15:24 1232896 c:\windows\assembly\temp\9IQY6EMU2A\System.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_e5a6130a\System.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_1b6b0e48\System.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_5624fde4\System.Xml.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_073078b1\System.Xml.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a7e408ef\System.Windows.Forms.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_40af74a8\System.Windows.Forms.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_246b5f70\System.Drawing.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_d31c95f6\System.Design.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_5dc3b1e9\System.Design.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f1f2ed3b\mscorlib.dll
+ 2009-10-15 08:04 . 2009-10-15 08:04 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e82d3b19\mscorlib.dll
+ 2009-10-15 08:01 . 2009-10-15 08:01 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_9de2f62a\System.dll
+ 2009-10-15 08:02 . 2009-10-15 08:02 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_8f6a95b4\System.Xml.dll
+ 2009-10-15 08:02 . 2009-10-15 08:02 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_9dc78be5\System.Windows.Forms.dll
+ 2009-10-15 08:02 . 2009-10-15 08:02 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_c8124de0\System.Design.dll
+ 2009-10-15 08:01 . 2009-10-15 08:01 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_3d728a4e\mscorlib.dll
+ 2009-10-15 08:07 . 2009-10-15 08:07 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2009-10-15 08:09 . 2009-10-15 08:09 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2009-10-15 08:07 . 2009-10-15 08:07 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2009-10-15 08:09 . 2009-10-15 08:09 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2009-10-15 08:09 . 2009-10-15 08:09 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2009-10-15 08:10 . 2009-10-15 08:10 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2009-10-15 08:09 . 2009-10-15 08:09 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2009-10-15 08:10 . 2009-10-15 08:10 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2009-10-15 08:09 . 2009-10-15 08:09 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2009-10-15 08:07 . 2009-10-15 08:07 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-08-06 09:02 . 2009-08-06 09:02 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-15 08:06 . 2009-10-15 08:06 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-15 08:03 . 2009-10-15 08:03 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2008-05-27 15:24 . 2008-05-27 15:24 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-10-15 08:03 . 2009-10-15 08:03 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-05-27 15:24 . 2008-05-27 15:24 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-08-21 11:32 . 2008-08-21 11:32 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-15 08:01 . 2009-10-15 08:01 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-08-11 02:08 . 2009-08-11 02:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-08-15 01:32 . 2009-08-15 01:32 11110912 c:\windows\Installer\87f317c.msp
+ 2009-08-10 19:09 . 2009-08-10 19:09 17254912 c:\windows\Installer\87f3173.msp
+ 2009-10-15 08:09 . 2009-10-15 08:09 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2009-10-15 08:12 . 2009-10-15 08:12 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2009-10-15 08:11 . 2009-10-15 08:11 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2009-10-15 08:08 . 2009-10-15 08:08 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2009-10-15 08:07 . 2009-10-15 08:07 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"AOL Fast Start"="c:\progra~1\AOL9~1.1\AOL.EXE" [2007-10-27 50528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HostManager"="c:\program files\Common Files\AOL\1225479186\ee\AOLSoftware.exe" [2008-06-24 41824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-25 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-01-23 15969280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
c:\documents and settings\Guest.YOUR-4DACD0EA75\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-22 27136]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
MEMonitor.lnk - c:\program files\Sprint music manager\MEMonitor.exe [2008-2-19 983040]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-5-27 1470480]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-12 972064]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-2-22 36903]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Documents and Settings\\Carrie.YOUR-4DACD0EA75\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM(135)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [10/13/2009 8:10 AM 18816]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-DISCover - c:\program files\DISC\DISCover.exe
HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 18:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1256)
c:\docume~1\mine\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\combofix\CF8876.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\AOL9~1.1\waol.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\progra~1\AOL9~1.1\shellmon.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-23 18:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-23 23:58
ComboFix2.txt 2009-10-13 17:04
Pre-Run: 91,431,337,984 bytes free
Post-Run: 91,439,345,664 bytes free
- - End Of File - - E28D34C0A72CA53B7EB4B7270C1B389B
and here is the eset log
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# waol.exe=9.05.001
# OnlineScanner.ocx=1.0.0.6210
# api_version=3.0.2
# EOSSerial=3786ec64b74e73499760cd3e6620608a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-23 02:53:38
# local_time=2009-10-23 09:53:38 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777215 100 0 148975 148975 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=217091
# found=13
# cleaned=13
# scan_time=4542
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GameVance10.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GameVance11.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\B75FA91E\3E688669\stbsvc.exe Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\OFFLINE\EB91CE86\3E688669\stbdl.exe a variant of Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Downloads\DTR2-dm[1].exe Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Carrie.YOUR-4DACD0EA75\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.2.0.21210\bin\stbup.exe.vir a variant of Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Carrie.YOUR-4DACD0EA75\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe.vir multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Carrie.YOUR-4DACD0EA75\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe.vir a variant of Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir a variant of Win32/Kryptik.YQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP565\A0105230.exe Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP565\A0105231.exe a variant of Win32/Adware.DoubleD.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP565\A0105232.exe Win32/Adware.Trymedia application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# waol.exe=9.05.001
# OnlineScanner.ocx=1.0.0.6210
# api_version=3.0.2
# EOSSerial=3786ec64b74e73499760cd3e6620608a
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-23 11:22:58
# local_time=2009-10-23 06:22:58 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777215 100 0 184069 184069 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=241
# found=0
# cleaned=0
# scan_time=5
sUBs, on Oct 21 2009, 04:29 PM, said:
Did ComboFix not warn you to disable them?
You have a bad habit of installing assorted antivirus programs which do not uninstall well. They leave orphaned driver services on the machine. We need to clean those up.
-----------
Uninstall/remove this program if you don't need it anymore.
----------
Open NOTEPAD and copy/paste the text in the quotebox below into it:
Save this as "CFScript"
Referring to the picture above, drag CFScript.txt into ComboFix.exe
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
Additonally, ComboFix will generate a zipped file at C:\Qoobox\Quarantine\[4]Submit@Date_Time.zip
Before proceeding to the next step, please submit this file to http://www.bleepingc...e.php?channel=4
---------------
ESET Online Scanner
---------------
In your next post, please include fresh logs from:
You have a bad habit of installing assorted antivirus programs which do not uninstall well. They leave orphaned driver services on the machine. We need to clean those up.
-----------
Uninstall/remove this program if you don't need it anymore.
----------
Open NOTEPAD and copy/paste the text in the quotebox below into it:
SECCENTER::
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE::
c:\windows\system32\wups2(2).dll
c:\windows\system32\wups(2).dll
FOLDER::
c:\program files\Common Files\Real\Update_OB\bak
c:\program files\Hewlett-Packard\HP Boot Optimizer\bak
c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak
c:\program files\HP\HP Software Update\bak
c:\program files\Java\jre1.5.0_06\bin\bak
c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\bak
c:\program files\Yahoo!\Messenger\bak
C:\windows\CREATOR\bak
c:\windows\ehome\bak
c:\windows\SMINST\bak
DRIVER::
SASDIFSV
SASKUTIL
AntiVirSchedulerService
MEMSWEEP2
SASENUM
XoftSpyService
Save this as "CFScript"
Referring to the picture above, drag CFScript.txt into ComboFix.exe
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
Additonally, ComboFix will generate a zipped file at C:\Qoobox\Quarantine\[4]Submit@Date_Time.zip
Before proceeding to the next step, please submit this file to http://www.bleepingc...e.php?channel=4
---------------
ESET Online Scanner
- Please go to the following link ESET Online Scanner Link
- Tick the box YES, I accept the Terms Of Use
- Click the Start button
- Now click the Install button
- Click Start
The scanner engine will initialise and update
- Do Not tick the box Remove found threats
- Click the Scan button
The scan will now run, please be patient
- When the scan finishes click the Details tab
- Copy and paste the contents of the C:\Program Files\EsetOnlineScanner\log.txt back here.
---------------
In your next post, please include fresh logs from:
- Online scan
- ComboFix's log
#7
Posted 24 October 2009 - 12:31 AM
-
- Moderators
-
- 6,031 posts
Forum Deity
Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://www.spywarein...showtopic=60955
After doing all these, your system will be optimised against future threats.
.
Have a safe & happy computing day.
Kindly respond to this thread once more so we can mark this thread as resolved.
- Uninstall ComboFix ... do not skip this step
This process will perform some post cleanup measures.
Do this by going to to Start > Run & typing in ComboFix /U
- ANTIVIRUS SOFTWARE
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
- Microsoft Windows Update → http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
- http://www.mozilla.o...oducts/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
- http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
- http://www.aumha.org...erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://www.spywarein...showtopic=60955
After doing all these, your system will be optimised against future threats.
.
Have a safe & happy computing day.
Kindly respond to this thread once more so we can mark this thread as resolved.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
