Solved Win32:Inject=XP[trj]

Status
Not open for further replies.
A

al davis

Posts: 232   +7
Well it seem I have a virus/malware that is causing me problems. Avast ver 4.8 'thorough scan' shows the trojan Win32:inject=xp but cannot remove it. The symptoms I see are a popup 'Wait a minute..." and an explorer looking window that declares my system to be full of viruses. I also have a problem with my web browsers (IE and Chrome) being redirected and not being able to get to many sites that I can get to on other machines. I'm running XP Pro and have been using Avast 4.8 and recently 5.0. They are updated often. I'm now backing up my machine and doing the things suggested on this site to prepare for removing the cause of this mess. Any preliminary advice ?

Al
 
Welcome to TechSpot- I'll help with the malware. Be careful of what you're backing up until we see what the malware is:

Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, paste the logs for review into your next reply Okay to use multiple posts if needed..

Important!
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
Thanks for your help. What you asked for is in process. This is gonna take a while. Well likely have to continue next week.

Al
 
You might want to hold up on the backup until I an see the logs- at least giving me some idea of the infection. Then I can tell how much caution you will need in the backup.

Th scans shouldn't take you that long and if you paste in the logs as requested, it allows me to search more quickly.
 
logs

I have generated the log files but I am unable to copy and paste the log files as requested. After I 'copy' the file I don't get the 'paste' option in the reply window. I can drag and drop the lof file contents to the reply window but then there is no wat to 'send'.
Is there another method I can use ?
 
logs attached

Log files are attached
 

Attachments

  • Attach.txt
    6.1 KB · Views: 0
  • DDS.txt
    6.5 KB · Views: 1
  • gmer.log
    4.5 KB · Views: 2
  • mbam-log-2010-10-01 (13-01-10).txt
    3.5 KB · Views: 2
Did you try a right click with mouse> Paste?

It just takes me longer because I have to copy and paste an entry I need to identify. You have a DNS Changer infection. Please do the following:

You will need to do a DNS Flush, then reset your router.
Start> Run> type cmd> enter> at the C prompt type ipconfig /flushdns (note space before the /)

Exit the Command prompt when finished and shut the system down.-

  • [1]. Shut down your computer, and any other computer connected to your router.
    [2]. On the back of the router, there should be a small hole or button labelled RESET. Using a bent paper clip or similar item, hold that in continuously for twenty seconds.
    [3]. Unplug the router. Wait sixty seconds.
    [4].Now holding again the reset button, plug it back in. Continue holding the reset button for twenty seconds. Unplug the router again.
    [5].With the router unplugged, start your computer. Run MBAM again.
    [6].Connect to the router again. The turn the router back on.
    [7].When it stabilizes, reboot your workstation and try to access the internet. If you have any issues, access the Router configuration page and re-enter your authentication information.
    [8]. Reboot the system and test the internet. You may have to reconfigure the router settings based on your setup.
==========================================
When you have finished the above:
Please download ComboFix from Here and save to your Desktop.

  • [1]. Do NOT rename Combofix unless instructed.
    [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3].Close any open browsers.
    [4]. Double click combofix.exe & follow the prompts to run.
  • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
    [5]. If Combofix asks you to install Recovery Console, please allow it.
    [6]. If Combofix asks you to update the program, always allow.
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
==========================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Hopefully you will be noticing some improvement by this point.
Just use your mouse or touchad to right click> Copy, then right click> Paste here.
Okay to use multiple posts if needed.
 
Yes I did try to right click and paste. The paste option remains grayed out.

My infected machine is on a network of many machines. It is the only one that has exhibited problems accessing sites and the only one to fail a virus or malware scan. This machine is on the same network leg as the infected machine and I've been using it without issue for two working days. I don't have access to the router and because no other machines are affected it's unlikely the router can be reset. Could your procedure be modified in light of this ?

Al
 
You can try doing the DNS flush on your machine. Mbam confirms NameServer (Trojan.DNSChanger) -> Data: 93.188.163.72> your searches are being directed to:
netname: PROMNET-NET
descr: Promnet Ltd.
country: UA> Ukraine

NOTE: If you get a popup for swupdate.dll, do NOT click on it. Also stay away from shopping sites for coupons or SmartShoper in particular.

Let's try this: If it is just confined to the one machine, maybe this will suffice.
Download the HijackThis Installer and save to the desktop:
  1. Double-click on HJTInstall.exe to run the program.
  2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
  3. Accept the license agreement by clicking the "I Accept" button.
  4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  5. Click "Save log" to save the log file and then the log will open in notepad.
  6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

These entries should show up as 017 entries and I'll have you remove them in HJT- Please wait until I see the log- no removals yet.
=============================================
Then please download ComboFix from Here and save to your Desktop.

  • [1]. Do NOT rename Combofix unless instructed.
    [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3].Close any open browsers.
    [4]. Double click combofix.exe & follow the prompts to run.
  • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
    [5]. If Combofix asks you to install Recovery Console, please allow it.
    [6]. If Combofix asks you to update the program, always allow.
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
=========================
Follow with the Eset online scan.
Please try pasting the logs again. If the original logs were copied from Notepad, they should allow paste here.
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:26:07 AM, on 10/6/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Vhaxigokidonotu] rundll32.exe "C:\WINDOWS\uyocacir.dll",Startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\al\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Csolu] rundll32.exe "C:\WINDOWS\wmfoneg.dll",Startup
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - https://intranet.argonst.com/org/OrgPubX.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5607 bytes
 
ComboFix 10-10-05.06 - al 10/06/2010 11:42:41.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3839.3351 [GMT -5:00]
Running from: c:\documents and settings\al\Desktop\virus_et_al\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 101006-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\al\Local Settings\Application Data\{2244FBD6-6812-4F82-9B3A-E7287922071E}
c:\documents and settings\al\Local Settings\Application Data\{2244FBD6-6812-4F82-9B3A-E7287922071E}\chrome.manifest
c:\documents and settings\al\Local Settings\Application Data\{2244FBD6-6812-4F82-9B3A-E7287922071E}\chrome\content\_cfg.js
c:\documents and settings\al\Local Settings\Application Data\{2244FBD6-6812-4F82-9B3A-E7287922071E}\chrome\content\overlay.xul
c:\documents and settings\al\Local Settings\Application Data\{2244FBD6-6812-4F82-9B3A-E7287922071E}\install.rdf
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Flags.dtd
c:\windows\system32\stu2.exe
E:\install.exe

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\userinit.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-06 16:23 . 2010-10-06 16:23 388096 ----a-r- c:\documents and settings\al\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-06 16:23 . 2010-10-06 16:23 -------- d-----w- c:\program files\Trend Micro
2010-10-01 17:51 . 2010-10-01 17:51 -------- d-----w- c:\documents and settings\al\Application Data\Malwarebytes
2010-10-01 17:50 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-01 17:50 . 2010-10-01 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-01 17:50 . 2010-10-01 17:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-01 17:50 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 11:33 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-01 11:33 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-01 11:33 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-01 11:33 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-01 11:33 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-01 11:33 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-01 11:33 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-01 11:33 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-10-01 11:33 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-30 11:45 . 2010-09-30 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-22 15:32 . 2010-09-23 16:48 120 ----a-w- c:\windows\Ddutuyu.dat
2010-09-22 15:32 . 2010-09-23 12:16 0 ----a-w- c:\windows\Plocofaneyafi.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 11:59 . 2008-08-01 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-30 16:45 . 2008-07-30 16:57 -------- d-----w- c:\program files\Alwil Software
2010-09-29 12:01 . 2008-08-01 19:18 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-25 04:26 . 2008-08-01 19:17 -------- d-----w- c:\program files\Google
2010-09-16 15:29 . 2008-08-08 13:07 -------- d-----w- c:\documents and settings\al\Application Data\CoreFTP
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\al\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-10 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-18 148888]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2006-06-01 1106562]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImage\TimounterMonitor.exe" [2006-06-01 1827640]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-06-01 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-10 51984]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"69:UDP"= 69:UDP:TFTPD32

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/1/2010 6:33 AM 114768]
R1 vcdrom;Virtual CD-ROM Device Driver;e:\vs_2008_proj\sp1\VCdRom.sys [12/19/2001 11:45 AM 8576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/1/2010 6:33 AM 20560]
R2 DriverX;DriverX;c:\windows\system32\drivers\driverx.sys [1/28/2009 8:42 AM 52512]
R3 PslIGvFilter;Prosilica GigE Filter Service;c:\windows\system32\drivers\psligvfilter.sys [7/31/2008 7:19 AM 26752]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 11:03 AM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-10-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-01 02:36]

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:03]

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 16:03]

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-630328440-682003330-1003Core.job
- c:\documents and settings\al\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-10 14:58]

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-630328440-682003330-1003UA.job
- c:\documents and settings\al\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-10 14:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/advanced_search?hl=en
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} - hxxps://intranet.argonst.com/org/OrgPubX.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKCU-Run-Csolu - c:\windows\wmfoneg.dll
HKLM-Run-Vhaxigokidonotu - c:\windows\uyocacir.dll
AddRemove-HijackThis - c:\documents and settings\al\Desktop\HijackThis.exe
AddRemove-PowerTCP 4.1 for Visual C++ - e:\vs_200~1\tcp_lib\dart\C__~1\PowerTCP\VC\UNWISE.EXE
AddRemove-RS232 Data Logger_is1 - c:\serial\unins000.exe
AddRemove-Winsock for ActiveX - e:\vs_200~1\tcp_lib\dart\winsock\PowerTCP\WINSOC~1\UNWISE.EXE


.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1172)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\documents and settings\al\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-10-06 11:50:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-06 16:50

Pre-Run: 84,890,726,400 bytes free
Post-Run: 84,845,654,016 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C8837266A35A43A7F5C7725F493B7343
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3309be9dcd7f194fb272d299da26a8d8
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-06 05:45:19
# local_time=2010-10-06 12:45:19 (-0500, Eastern Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16775141 100 98 0 221747794 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=153975
# found=6
# cleaned=0
# scan_time=2479
C:\diff\ahs\console\charSet\Debug\charSet.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\diff\ahs_roll\console\charSet\Debug\charSet.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\Documents and Settings\al\Desktop\EudoraSave\Eudora Pro\Trash.mbx HTML/TrojanClicker.IFrame.NAG trojan 00000000000000000000000000000000 I
C:\Program Files\Qualcomm\Eudora Pro\trashold.mbx HTML/TrojanClicker.IFrame.NAG trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir a variant of Win32/Kryptik.GXQ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{C68D029C-1818-433E-99E8-26F8520DAEF1}\RP1\A0002410.exe a variant of Win32/Kryptik.GXQ trojan 00000000000000000000000000000000 I
 
Not good what I see in the Eset scan: unknown NewHeur_PE virus has turned out to be Ramnit in some cases, which is not curable. I'd like you to run OTMoveIT, then follow with the other scan:

Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Processes	
:Files 
C:\diff\ahs\console\charSet\Debug\charSet.exe 
C:\diff\ahs_roll\console\charSet\Debug\charSet.exe 
C:\Documents and Settings\al\Desktop\EudoraSave\Eudora Pro\Trash.mbx 
C:\Program Files\Qualcomm\Eudora Pro\trashold.mbx 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
These entries from Eudora are infected. I can move these here, but please see Eudora forum for handling of the trash.mbxx files
-------------------------------------------------------
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org free on-line scan service
  • Copy and paste each of the following file paths into the "Suspicious files to scan" box on the top of the page, one at a time:

    c:\windows\system32\userinit.exe

    c:\windows\explorer.exe

    c:\window\system32\svchost.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
 
All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\diff\ahs\console\charSet\Debug\charSet.exe moved successfully.
C:\diff\ahs_roll\console\charSet\Debug\charSet.exe moved successfully.
C:\Documents and Settings\al\Desktop\EudoraSave\Eudora Pro\Trash.mbx moved successfully.
C:\Program Files\Qualcomm\Eudora Pro\trashold.mbx moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: al
->Temp folder emptied: 151673 bytes
->Temporary Internet Files folder emptied: 5287450 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 7054128 bytes
->Flash cache emptied: 897 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 12.00 mb


OTM by OldTimer - Version 3.1.16.1 log created on 10062010_143216

Files moved on Reboot...
File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_5c4.dat not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_164.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
VirSCAN.org Scanned Report :
Scanned time : 2010/10/06 12:09:43 (PDT)
Scanner results: Scanners did not find malware!
File Name : userinit.exe
File Size : 24576 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 39b1ffb03c2296323832acbae50d2aff
SHA1 : e5aedcbe25a97c89101f1f3860ff846e94d70445
Online report : http://virscan.org/report/cc3c44c64ab256494149dafb6a4e6b29.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.20 20101007030904 2010-10-07 4.96 -
AhnLab V3 2010.10.04.01 2010.10.04 2010-10-04 1.37 -
AntiVir 8.2.4.72 7.10.12.142 2010-10-06 0.29 -
Antiy 2.0.18 20101005.5271176 2010-10-05 0.02 -
Authentium 5.1.1 201010061232 2010-10-06 1.39 -
AVAST! 4.7.4 101006-0 2010-10-06 0.01 -
AVG 8.5.850 271.1.1/3180 2010-10-06 0.26 -
BitDefender 7.90123.6272624 7.34172 2010-10-07 4.68 -
ClamAV 0.96.1 12096 2010-10-06 0.01 -
Comodo 4.0 6303 2010-10-06 1.39 -
CP Secure 1.3.0.5 2010.10.06 2010-10-06 0.08 -
Dr.Web 5.0.2.3300 2010.10.07 2010-10-07 9.64 -
F-Prot 4.4.4.56 20101006 2010-10-06 1.45 -
F-Secure 7.02.73807 2010.10.06.09 2010-10-06 0.34 -
Fortinet 4.2.249 12.427 2010-10-06 0.26 -
GData 21.947/21.384 20101006 2010-10-06 8.43 -
ViRobot 20101006 2010.10.06 2010-10-06 0.37 -
Ikarus T3.1.32.15.0 2010.10.06.76889 2010-10-06 4.80 -
JiangMin 13.0.900 2010.10.06 2010-10-06 1.53 -
Kaspersky 5.5.10 2010.09.28 2010-09-28 0.25 -
KingSoft 2009.2.5.15 2010.10.6.7 2010-10-06 0.80 -
McAfee 5400.1158 6128 2010-10-06 19.29 -
Microsoft 1.6201 2010.10.05 2010-10-05 5.50 -
Norman 6.05.11 6.05.00 2010-09-02 8.01 -
Panda 9.05.01 2010.10.05 2010-10-05 2.46 -
Trend Micro 9.120-1004 7.518.01 2010-10-06 0.04 -
Quick Heal 11.00 2010.10.05 2010-10-05 2.21 -
Rising 20.0 22.67.02.07 2010-09-29 1.71 -
Sophos 3.12.1 4.58 2010-10-07 4.06 -
Sunbelt 3.9.2453.2 6991 2010-10-05 20.50 -
Symantec 1.3.0.24 20101006.003 2010-10-06 0.22 -
nProtect 20101001.02 9012073 2010-10-01 10.37 -
The Hacker 6.7.0.1 v00050 2010-10-06 0.44 -
VBA32 3.12.14.1 20101006.1233 2010-10-06 3.60 -
VirusBuster 4.5.11.10 10.129.6/2002491 2010-10-06 2.38 -





VirSCAN.org Scanned Report :
Scanned time : 2010/10/06 12:13:35 (PDT)
Scanner results: Scanners did not find malware!
File Name : explorer.exe
File Size : 1032192 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : a0732187050030ae399b241436565e64
SHA1 : 69f33740413da112630be73ebb805a23b69f2f7f
Online report : http://virscan.org/report/0657e9795cb088d4a70b4bce0626a022.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.20 20101007030904 2010-10-07 4.62 -
AhnLab V3 2010.10.04.01 2010.10.04 2010-10-04 1.59 -
AntiVir 8.2.4.72 7.10.12.142 2010-10-06 0.27 -
Antiy 2.0.18 20101005.5271176 2010-10-05 0.02 -
Authentium 5.1.1 201010061232 2010-10-06 2.26 -
AVAST! 4.7.4 101006-0 2010-10-06 0.06 -
AVG 8.5.850 271.1.1/3180 2010-10-06 0.27 -
BitDefender 7.90123.6272624 7.34172 2010-10-07 4.64 -
ClamAV 0.96.1 12096 2010-10-06 0.22 -
Comodo 4.0 6303 2010-10-06 1.20 -
CP Secure 1.3.0.5 2010.10.06 2010-10-06 0.11 -
Dr.Web 5.0.2.3300 2010.10.07 2010-10-07 9.62 -
F-Prot 4.4.4.56 20101006 2010-10-06 2.20 -
F-Secure 7.02.73807 2010.10.06.09 2010-10-06 11.32 -
Fortinet 4.2.249 12.427 2010-10-06 0.20 -
GData 21.947/21.384 20101006 2010-10-06 7.70 -
ViRobot 20101006 2010.10.06 2010-10-06 0.36 -
Ikarus T3.1.32.15.0 2010.10.06.76889 2010-10-06 4.81 -
JiangMin 13.0.900 2010.10.06 2010-10-06 1.41 -
Kaspersky 5.5.10 2010.09.28 2010-09-28 0.09 -
KingSoft 2009.2.5.15 2010.10.6.7 2010-10-06 0.71 -
McAfee 5400.1158 6128 2010-10-06 18.83 -
Microsoft 1.6201 2010.10.05 2010-10-05 6.21 -
Norman 6.05.11 6.05.00 2010-09-02 8.01 -
Panda 9.05.01 2010.10.05 2010-10-05 2.08 -
Trend Micro 9.120-1004 7.518.01 2010-10-06 0.04 -
Quick Heal 11.00 2010.10.05 2010-10-05 2.64 -
Rising 20.0 22.67.02.07 2010-09-29 1.71 -
Sophos 3.12.1 4.58 2010-10-07 4.98 -
Sunbelt 3.9.2453.2 6991 2010-10-05 16.74 -
Symantec 1.3.0.24 20101006.003 2010-10-06 0.13 -
nProtect 20101001.02 9012073 2010-10-01 11.64 -
The Hacker 6.7.0.1 v00050 2010-10-06 0.42 -
VBA32 3.12.14.1 20101006.1233 2010-10-06 3.52 -
VirusBuster 4.5.11.10 10.129.6/2002491 2010-10-06 2.77 -








VirSCAN.org Scanned Report :
Scanned time : 2010/10/06 12:05:01 (PDT)
Scanner results: Scanners did not find malware!
File Name : svchost.exe
File Size : 14336 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 8f078ae4ed187aaabc0a305146de6716
SHA1 : da0ff4006859a7580aba81f486f692dead2014fe
Online report : http://virscan.org/report/b929f2c198c9ee815143e5fee0a30372.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.20 20101006020758 2010-10-06 18.11 -
AhnLab V3 2010.10.04.01 2010.10.04 2010-10-04 3.74 -
AntiVir 8.2.4.72 7.10.12.142 2010-10-06 0.27 -
Antiy 2.0.18 20101005.5271176 2010-10-05 0.02 -
Authentium 5.1.1 201010061232 2010-10-06 1.32 -
AVAST! 4.7.4 101006-0 2010-10-06 0.01 -
AVG 8.5.850 271.1.1/3180 2010-10-06 0.27 -
BitDefender 7.90123.6272624 7.34172 2010-10-07 4.64 -
ClamAV 0.96.1 12096 2010-10-06 0.01 -
Comodo 4.0 6303 2010-10-06 1.24 -
CP Secure 1.3.0.5 2010.10.06 2010-10-06 0.04 -
Dr.Web 5.0.2.3300 2010.10.07 2010-10-07 9.37 -
F-Prot 4.4.4.56 20101006 2010-10-06 1.36 -
F-Secure 7.02.73807 2010.10.06.09 2010-10-06 0.12 -
Fortinet 4.2.249 12.427 2010-10-06 0.71 -
GData 21.947/21.384 20101006 2010-10-06 9.25 -
ViRobot 20101006 2010.10.06 2010-10-06 0.38 -
Ikarus T3.1.32.15.0 2010.10.06.76889 2010-10-06 4.77 -
JiangMin 13.0.900 2010.10.06 2010-10-06 1.51 -
Kaspersky 5.5.10 2010.09.28 2010-09-28 0.08 -
KingSoft 2009.2.5.15 2010.10.6.7 2010-10-06 0.88 -
McAfee 5400.1158 6128 2010-10-06 18.93 -
Microsoft 1.6201 2010.10.05 2010-10-05 5.94 -
Norman 6.05.11 6.05.00 2010-09-02 8.01 -
Panda 9.05.01 2010.10.05 2010-10-05 6.02 -
Trend Micro 9.120-1004 7.518.01 2010-10-06 0.00 -
Quick Heal 11.00 2010.10.05 2010-10-05 2.42 -
Rising 20.0 22.67.02.07 2010-09-29 1.96 -
Sophos 3.12.1 4.58 2010-10-07 4.04 -
Sunbelt 3.9.2453.2 6991 2010-10-05 28.33 -
Symantec 1.3.0.24 20101006.003 2010-10-06 0.06 -
nProtect 20101001.02 9012073 2010-10-01 10.38 -
The Hacker 6.7.0.1 v00050 2010-10-06 0.45 -
VBA32 3.12.14.1 20101006.1233 2010-10-06 3.37 -
VirusBuster 4.5.11.10 10.129.6/2002491 2010-10-06 2.34 -
 
Good! That is one scan we don't want anything found!

Al, I'm not sure what you're doing that is creating the ORPHANS REMOVED It appears you're attempting to remove programs or processes, but the removals aren't complete because entries relating to those processes remain on the system. So whatever you're doing, please stop. There is a proper way to remove these processes.When I'm working with your multiple logs and one logs shows one thing and another shows something else, it's a waste of my time trying to make sure then entries are really removed.
==================================================
Please reopen HijackThis to 'do system scan only.' Check each of the following, if present:Logfile of Trend Micro HijackThis v2.0.4

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Vhaxigokidonotu] rundll32.exe "C:\WINDOWS\uyocacir.dll",Startup
O4 - HKCU\..\Run: [Csolu] rundll32.exe "C:\WINDOWS\wmfoneg.dll",Startup
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
Close all Windows except HijackThis and click on "Fix Checked"

For any programs you have uninstalled, using Windows Explorer: My Computer> double click on Local Drive (C)> Programs> do a right click> Delete on program folders for uninstalled programs. Then Close Windows Explorer
===========================================
Please run this Custom Script:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad and copy/paste the text in the code below into it:
Code: 
File::
c:\windows\Ddutuyu.dat
c:\windows\Plocofaneyafi.bin
c:\windows\system32\drivers\driverx.sys
Driver::
DriverX
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Reboot the computer and run a new scan with Eset online AV to make sure we've found and removed the malware.
 
My sincere appologies for the mis-step. I'm unfamiliar with many of these tools. I understand that the sequences you call out are very important and I've tried to follow them to the letter. I'll continue, with more caution, as soon as as possible.
 
None of the 4 you listed where present in the 'hiJackthis' output. No action taken.

I'm unclear on this action :
For any programs you have uninstalled, using Windows Explorer: My Computer> double click on Local Drive (C)> Programs> do a right click> Delete on program folders for uninstalled programs. Then Close Windows Explorer


I have no (C)> Programs. Do you mean

...on Local Drive (C)> Program Files > do a right click>...
 
My combofix log file is 115k. Is there a better way to send it ?

After getting the combofix log file and shutting down, windows installed a 3 part update. On startup "windows genuine advantage" installed.
 
ComboFix 10-10-06.02 - al 10/07/2010 8:54.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3839.3421 [GMT -5:00]
Running from: c:\documents and settings\al\Desktop\virus_et_al\ComboFix.exe
Command switches used :: c:\documents and settings\al\Desktop\virus_et_al\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 101007-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\Ddutuyu.dat"
"c:\windows\Plocofaneyafi.bin"
"c:\windows\system32\drivers\driverx.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Ddutuyu.dat
c:\windows\Plocofaneyafi.bin
c:\windows\system32\drivers\driverx.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRIVERX
-------\Service_DriverX


((((((((((((((((((((((((( Files Created from 2010-09-07 to 2010-10-07 )))))))))))))))))))))))))))))))
.

2010-10-07 12:01 . 2010-10-07 12:01 388096 ----a-r- c:\documents and settings\al\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-07 12:01 . 2010-10-07 12:01 -------- d-----w- c:\program files\Trend Micro
2010-10-06 21:06 . 2010-10-06 21:06 -------- d-----w- c:\windows\ServicePackFiles
2010-10-06 21:03 . 2006-02-28 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-06 19:32 . 2010-10-06 19:32 -------- d-----w- C:\_OTM
2010-10-06 17:26 . 2010-10-06 17:47 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-10-06 17:12 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-10-06 17:03 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-10-06 17:03 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-10-06 16:58 . 2010-10-06 16:58 -------- d-----w- c:\program files\ESET
2010-10-06 16:52 . 2010-02-16 13:19 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-10-06 16:52 . 2010-02-16 13:17 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-10-06 16:52 . 2010-02-16 12:39 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-10-06 16:52 . 2010-02-16 12:39 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-10-01 17:51 . 2010-10-01 17:51 -------- d-----w- c:\documents and settings\al\Application Data\Malwarebytes
2010-10-01 17:50 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-01 17:50 . 2010-10-01 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-01 17:50 . 2010-10-01 17:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-01 17:50 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 11:33 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-01 11:33 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-01 11:33 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-01 11:33 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-01 11:33 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-01 11:33 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-01 11:33 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-01 11:33 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-10-01 11:33 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-30 11:45 . 2010-09-30 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-21 18:37 . 2010-09-21 18:37 932288 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\28819\AdobeARM.exe
2010-09-21 18:37 . 2010-09-21 18:37 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\28819\AdobeExtractFiles.dll
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\28819\ReaderUpdater.exe
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\28819\AcrobatUpdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 13:00 . 2008-08-01 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-30 16:45 . 2008-07-30 16:57 -------- d-----w- c:\program files\Alwil Software
2010-09-29 12:01 . 2008-08-01 19:18 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-25 04:26 . 2008-08-01 19:17 -------- d-----w- c:\program files\Google
2010-09-16 15:29 . 2008-08-08 13:07 -------- d-----w- c:\documents and settings\al\Application Data\CoreFTP
.

((((((((((((((((((((((((((((( SnapShot@2010-10-06_16.47.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-29 04:42 . 2009-06-29 04:42 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2010-10-07 13:59 . 2010-10-07 13:59 16384 c:\windows\Temp\Perflib_Perfdata_3a0.dat
+ 2010-10-07 13:58 . 2010-10-07 13:58 16384 c:\windows\Temp\Perflib_Perfdata_164.dat
- 2010-10-06 16:46 . 2010-10-06 16:46 16384 c:\windows\Temp\Perflib_Perfdata_164.dat
+ 2006-02-28 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\wdigest.dll
+ 2006-02-28 12:00 . 2006-10-04 08:48 50176 c:\windows\system32\utilman.exe
- 2006-02-28 12:00 . 2006-02-28 12:00 50176 c:\windows\system32\utilman.exe
+ 2006-02-28 12:00 . 2006-10-04 13:33 35840 c:\windows\system32\umandlg.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 35840 c:\windows\system32\umandlg.dll
+ 2010-10-06 16:38 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2006-02-28 12:00 . 2009-06-12 11:50 80896 c:\windows\system32\tlntsess.exe
+ 2006-02-28 12:00 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe
- 2008-10-24 15:32 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
+ 2008-10-24 15:32 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
- 2008-07-30 14:35 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2008-07-30 14:35 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\secur32.dll
+ 2006-02-28 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
- 2006-02-28 12:00 . 2006-02-28 12:00 69632 c:\windows\system32\raschap.dll
+ 2006-02-28 12:00 . 2009-10-12 13:54 69632 c:\windows\system32\raschap.dll
+ 2010-03-31 05:16 . 2010-03-31 05:16 99176 c:\windows\system32\PresentationHostProxy.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 39424 c:\windows\system32\pngfilt.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 39424 c:\windows\system32\pngfilt.dll
+ 2006-02-28 12:00 . 2010-10-07 11:48 88644 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2009-05-28 12:31 88644 c:\windows\system32\perfc009.dat
+ 2009-11-07 06:07 . 2009-11-07 06:07 49488 c:\windows\system32\netfxperf.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 53760 c:\windows\system32\narrator.exe
+ 2006-02-28 12:00 . 2006-10-04 08:48 53760 c:\windows\system32\narrator.exe
+ 2009-11-07 06:07 . 2009-11-07 06:07 11600 c:\windows\system32\mui\0409\mscorees.dll
+ 2008-07-30 14:31 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
+ 2006-02-28 12:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 00:56 . 2009-11-27 17:33 17920 c:\windows\system32\msyuv.dll
+ 2006-02-28 12:00 . 2009-11-27 16:37 28672 c:\windows\system32\msvidc32.dll
+ 2006-02-28 12:00 . 2009-11-27 16:37 11264 c:\windows\system32\msrle32.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 11264 c:\windows\system32\msrle32.dll
- 2008-07-30 14:31 . 2006-02-28 12:00 58880 c:\windows\system32\msdtclog.dll
+ 2008-07-30 14:31 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
+ 2006-02-28 12:00 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll
+ 2006-02-28 12:00 . 2009-09-04 20:45 58880 c:\windows\system32\msasn1.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 48640 c:\windows\system32\mqupgrd.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 48640 c:\windows\system32\mqupgrd.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 95744 c:\windows\system32\mqsec.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 95744 c:\windows\system32\mqsec.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 16896 c:\windows\system32\mqise.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 16896 c:\windows\system32\mqise.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 47104 c:\windows\system32\mqdscli.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 47104 c:\windows\system32\mqdscli.dll
+ 2006-02-28 12:00 . 2009-06-22 11:49 19968 c:\windows\system32\mqbkup.exe
- 2006-02-28 12:00 . 2006-02-28 12:00 19968 c:\windows\system32\mqbkup.exe
- 2006-02-28 12:00 . 2006-02-28 12:00 72704 c:\windows\system32\magnify.exe
+ 2006-02-28 12:00 . 2006-10-04 08:48 72704 c:\windows\system32\magnify.exe
+ 2006-02-28 12:00 . 2010-04-16 15:36 16384 c:\windows\system32\jsproxy.dll
+ 2004-08-04 00:56 . 2009-11-27 16:37 48128 c:\windows\system32\iyuv_32.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 96256 c:\windows\system32\inseng.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 96256 c:\windows\system32\inseng.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 81920 c:\windows\system32\ieencode.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 81920 c:\windows\system32\ieencode.dll
+ 2006-02-28 12:00 . 2009-10-15 17:21 82432 c:\windows\system32\fontsub.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 55808 c:\windows\system32\extmgr.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 55808 c:\windows\system32\extmgr.dll
 
+ 2006-02-28 12:00 . 2009-06-22 11:48 91776 c:\windows\system32\drivers\mqac.sys
+ 2006-02-28 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys
+ 2006-02-28 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\dllcache\wdigest.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 50176 c:\windows\system32\dllcache\utilman.exe
+ 2006-02-28 12:00 . 2006-10-04 08:48 50176 c:\windows\system32\dllcache\utilman.exe
+ 2006-02-28 12:00 . 2006-10-04 13:33 35840 c:\windows\system32\dllcache\umandlg.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 35840 c:\windows\system32\dllcache\umandlg.dll
+ 2006-02-28 12:00 . 2009-06-12 11:50 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2006-02-28 12:00 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
+ 2006-02-28 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\dllcache\secur32.dll
+ 2006-02-28 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
- 2006-02-28 12:00 . 2006-02-28 12:00 69632 c:\windows\system32\dllcache\raschap.dll
+ 2006-02-28 12:00 . 2009-10-12 13:54 69632 c:\windows\system32\dllcache\raschap.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 39424 c:\windows\system32\dllcache\pngfilt.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 53760 c:\windows\system32\dllcache\narrator.exe
+ 2006-02-28 12:00 . 2006-10-04 08:48 53760 c:\windows\system32\dllcache\narrator.exe
+ 2008-07-30 14:31 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2006-02-28 12:00 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-11-27 17:33 . 2009-11-27 17:33 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2006-02-28 12:00 . 2009-11-27 16:37 28672 c:\windows\system32\dllcache\msvidc32.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2006-02-28 12:00 . 2009-11-27 16:37 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2008-07-30 14:31 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2008-07-30 14:31 . 2006-02-28 12:00 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2006-02-28 12:00 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
+ 2006-02-28 12:00 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 48640 c:\windows\system32\dllcache\mqupgrd.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 48640 c:\windows\system32\dllcache\mqupgrd.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 95744 c:\windows\system32\dllcache\mqsec.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 16896 c:\windows\system32\dllcache\mqise.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 16896 c:\windows\system32\dllcache\mqise.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 47104 c:\windows\system32\dllcache\mqdscli.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 47104 c:\windows\system32\dllcache\mqdscli.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2006-02-28 12:00 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2006-02-28 12:00 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys
- 2006-02-28 12:00 . 2006-02-28 12:00 72704 c:\windows\system32\dllcache\magnify.exe
+ 2006-02-28 12:00 . 2006-10-04 08:48 72704 c:\windows\system32\dllcache\magnify.exe
+ 2006-02-28 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys
+ 2006-02-28 12:00 . 2010-04-16 15:36 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 48128 c:\windows\system32\dllcache\iyuv_32.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 96256 c:\windows\system32\dllcache\inseng.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 96256 c:\windows\system32\dllcache\inseng.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 81920 c:\windows\system32\dllcache\ieencode.dll
- 2008-07-30 14:32 . 2006-02-28 12:00 18432 c:\windows\system32\dllcache\iedw.exe
+ 2008-07-30 14:32 . 2010-04-16 13:36 18432 c:\windows\system32\dllcache\iedw.exe
+ 2006-02-28 12:00 . 2009-10-15 17:21 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 55808 c:\windows\system32\dllcache\extmgr.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2006-02-28 12:00 . 2009-12-14 07:35 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2008-07-30 14:31 . 2005-07-26 04:39 60416 c:\windows\system32\dllcache\colbact.dll
+ 2006-02-28 12:00 . 2010-01-13 14:10 85504 c:\windows\system32\dllcache\cabview.dll
+ 2006-02-28 12:00 . 2009-11-27 16:37 84992 c:\windows\system32\dllcache\avifil32.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2006-02-28 12:00 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 58880 c:\windows\system32\dllcache\atl.dll
+ 2006-02-28 12:00 . 2010-03-05 14:57 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2006-02-28 12:00 . 2009-12-14 07:35 33280 c:\windows\system32\csrsrv.dll
+ 2008-07-30 14:31 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll
+ 2006-02-28 12:00 . 2010-01-13 14:10 85504 c:\windows\system32\cabview.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 84992 c:\windows\system32\avifil32.dll
+ 2006-02-28 12:00 . 2009-11-27 16:37 84992 c:\windows\system32\avifil32.dll
+ 2006-02-28 12:00 . 2009-07-17 18:55 58880 c:\windows\system32\atl.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 58880 c:\windows\system32\atl.dll
+ 2006-02-28 12:00 . 2010-03-05 14:57 65536 c:\windows\system32\asycfilt.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2010-03-23 10:31 . 2010-03-23 10:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2009-06-25 00:56 . 2009-06-25 00:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2010-04-01 16:42 . 2010-04-01 16:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2003-02-21 00:09 . 2003-02-21 00:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2003-02-21 00:09 . 2003-02-21 00:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2004-07-15 05:32 . 2004-07-15 05:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-03-31 20:32 . 2010-03-31 20:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-15 06:49 . 2004-07-15 06:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-03-31 20:32 . 2010-03-31 20:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2003-02-21 00:19 . 2003-02-21 00:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2010-10-06 21:00 . 2010-10-06 21:00 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2010-10-06 21:00 . 2010-10-06 21:00 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2009-11-27 17:33 . 2009-11-27 17:33 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
 
+ 2010-10-06 21:26 . 2010-10-06 21:26 16896 c:\windows\assembly\NativeImages1_v1.1.4322\VJSWfcBrowserStubLib\1.0.5000.0__b03f5f7f11d50a3a_c6153b10\VJSWfcBrowserStubLib.dll
+ 2010-10-06 21:23 . 2010-10-06 21:23 10240 c:\windows\assembly\NativeImages1_v1.1.4322\VJSWfcBrowserStubLib\1.0.5000.0__b03f5f7f11d50a3a_7633c64d\VJSWfcBrowserStubLib.dll
+ 2010-10-06 21:23 . 2010-10-06 21:23 32768 c:\windows\assembly\NativeImages1_v1.1.4322\vjslibcw\1.0.5000.0__b03f5f7f11d50a3a_f37a471e\vjslibcw.dll
+ 2010-10-06 21:23 . 2010-10-06 21:23 69632 c:\windows\assembly\NativeImages1_v1.1.4322\VJSharpCodeProvider\7.0.5000.0__b03f5f7f11d50a3a_82ff3c78\VJSharpCodeProvider.dll
+ 2010-10-06 21:23 . 2010-10-06 21:23 20480 c:\windows\assembly\NativeImages1_v1.1.4322\vjscor\1.0.5000.0__b03f5f7f11d50a3a_c7b03892\vjscor.dll
+ 2010-10-06 21:26 . 2010-10-06 21:26 18432 c:\windows\assembly\NativeImages1_v1.1.4322\vjscor\1.0.5000.0__b03f5f7f11d50a3a_c48d6fc8\vjscor.dll
+ 2010-10-06 21:21 . 2010-10-06 21:21 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_3f5b2f7b\System.Drawing.Design.dll
+ 2010-10-06 21:20 . 2010-10-06 21:20 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_c33f59b0\CustomMarshalers.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 78336 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\d90bace7c161bd3bc0bfceb435385b4c\WindowsFormsIntegration.Package.ni.dll
+ 2010-10-06 21:32 . 2010-10-06 21:32 98816 c:\windows\assembly\NativeImages_v2.0.50727_32\VSLangProj\5f0f978bba55cfcc3be421a0216b961a\VSLangProj.ni.dll
+ 2010-10-06 21:26 . 2010-10-06 21:26 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll
+ 2010-10-06 21:30 . 2010-10-06 21:30 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-10-06 21:30 . 2010-10-06 21:30 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 87040 c:\windows\assembly\NativeImages_v2.0.50727_32\SqlWorkbench.Interf#\07d23d90857de4c20b6439b19d36dbd8\SqlWorkbench.Interfaces.ni.dll
+ 2010-10-06 21:24 . 2010-10-06 21:24 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe
+ 2010-10-06 21:24 . 2010-10-06 21:24 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll
+ 2010-10-06 21:30 . 2010-10-06 21:30 48640 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\3ace81c69844137015a79b728bad193b\Microsoft.Windows.Design.Host.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 22016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8bf7977c9827c97857dd9b3473f918b7\Microsoft.VisualStudio.Designer.Interfaces.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 73728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\479c4e5bb115ebf10d38b19eb7fec56d\Microsoft.VisualStudio.Shell.Interop.9.0.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ddb3ea7230577de51cb4cb2dc46564d1\Microsoft.SqlServer.CustomControls.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\94d3439b246fcf041862ab0b795851ed\Microsoft.SqlServer.SqlTDiagM.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\92945e97851bd4a6945abc44a1672d60\Microsoft.SqlServer.ServiceBrokerEnum.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 72704 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8df3de2484774303eeb95bb0ea278bc5\Microsoft.SqlServer.BatchParserClient.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 65536 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\819215842d8329870e80b628977633c8\Microsoft.SqlServer.WmiEnum.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 32768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7cbc856e87884e87142690b29599c642\Microsoft.SqlServer.PolicyEnum.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 76288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3f44250988d951596b7883ec85ef74bc\Microsoft.SqlServer.CustomControls.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0eb124f5e65c3f7d654e3c8f47e9413c\Microsoft.SqlServer.SqlClrProvider.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\07102187452cb6a685cfd449650b5e60\Microsoft.SqlServer.SString.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 18944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Internal.#\b3ecc90a7889567a3d2397c70a0da08a\Microsoft.Internal.VisualStudio.Shell.Interop.9.0.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\MetaGen\7a7a64db678d6e23d9ff5a8178500d0c\MetaGen.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\MetaGen\5e95ff7771b0ea4ba4ad2d5126feeda4\MetaGen.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 34304 c:\windows\assembly\NativeImages_v2.0.50727_32\MenuAndCommands\c38324dff5989aff129876c83263427f\MenuAndCommands.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 31232 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE90a\1584c9abfbc1674e1c6cbb84c1f8011c\EnvDTE90a.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 46080 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE90\c7ef2d56118bb619cbf73a4f07b3d43d\EnvDTE90.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2010-10-06 21:28 . 2010-10-06 21:28 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2008-11-24 15:57 . 2008-11-24 15:57 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-10-06 21:06 . 2010-10-06 21:06 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-10-06 21:23 . 2010-10-06 21:23 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-10-06 21:19 . 2010-10-06 21:19 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2001-08-17 22:36 . 2009-11-27 16:37 8704 c:\windows\system32\tsbyuv.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 4608 c:\windows\system32\mqsvc.exe
+ 2006-02-28 12:00 . 2009-06-22 11:49 4608 c:\windows\system32\mqsvc.exe
+ 2009-11-27 16:37 . 2009-11-27 16:37 8704 c:\windows\system32\dllcache\tsbyuv.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 4608 c:\windows\system32\dllcache\mqsvc.exe
+ 2006-02-28 12:00 . 2009-06-22 11:49 4608 c:\windows\system32\dllcache\mqsvc.exe
+ 2009-11-27 16:37 . 2009-11-27 16:37 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-11-24 15:55 . 2008-11-24 15:55 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-11-24 15:55 . 2008-11-24 15:55 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
 
+ 2008-07-30 14:35 . 2010-04-16 13:21 352768 c:\windows\system32\xpsp3res.dll
+ 2006-02-28 12:00 . 2009-04-03 17:15 485376 c:\windows\system32\wmspdmod.dll
+ 2006-02-28 12:00 . 2009-07-13 07:18 233472 c:\windows\system32\wmpdxm.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 233472 c:\windows\system32\wmpdxm.dll
+ 2006-02-28 12:00 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 132096 c:\windows\system32\wkssvc.dll
+ 2006-02-28 12:00 . 2009-12-24 07:05 177664 c:\windows\system32\wintrust.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 662016 c:\windows\system32\wininet.dll
+ 2006-02-28 12:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 351232 c:\windows\system32\winhttp.dll
+ 2008-07-30 14:31 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2008-07-30 14:31 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2008-07-30 14:31 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
+ 2006-02-28 12:00 . 2010-03-10 08:02 417792 c:\windows\system32\vbscript.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 417792 c:\windows\system32\vbscript.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 624640 c:\windows\system32\urlmon.dll
+ 2006-02-28 12:00 . 2009-10-16 03:51 119808 c:\windows\system32\t2embed.dll
+ 2006-02-28 12:00 . 2009-08-26 08:16 247326 c:\windows\system32\strmdll.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 474112 c:\windows\system32\shlwapi.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 474112 c:\windows\system32\shlwapi.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 169472 c:\windows\system32\Setup\msmqocm.dll
+ 2006-02-28 12:00 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe
+ 2006-02-28 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\schannel.dll
+ 2006-02-28 12:00 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
+ 2006-02-28 12:00 . 2009-04-15 15:11 584192 c:\windows\system32\rpcrt4.dll
+ 2006-02-28 12:00 . 2009-10-12 13:54 112128 c:\windows\system32\rastls.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 112128 c:\windows\system32\rastls.dll
+ 2010-03-31 05:10 . 2010-03-31 05:10 295264 c:\windows\system32\PresentationHost.exe
- 2006-02-28 12:00 . 2009-05-28 12:31 487392 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2010-10-07 11:48 487392 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2006-02-28 12:00 283648 c:\windows\system32\pdh.dll
+ 2006-02-28 12:00 . 2009-03-06 14:44 283648 c:\windows\system32\pdh.dll
+ 2006-02-28 12:00 . 2006-10-04 08:48 215552 c:\windows\system32\osk.exe
- 2006-02-28 12:00 . 2006-02-28 12:00 215552 c:\windows\system32\osk.exe
+ 2006-02-28 12:00 . 2009-10-13 10:53 266752 c:\windows\system32\oakley.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 266752 c:\windows\system32\oakley.dll
+ 2006-02-28 12:00 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll
+ 2006-02-28 12:00 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
+ 2006-02-28 12:00 . 2008-06-20 17:41 245248 c:\windows\system32\mswsock.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 245248 c:\windows\system32\mswsock.dll
+ 2006-02-28 12:00 . 2009-08-05 09:11 204800 c:\windows\system32\mswebdvd.dll
+ 2006-02-28 12:00 . 2009-09-11 14:33 133632 c:\windows\system32\msv1_0.dll
+ 2008-07-30 14:31 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 532480 c:\windows\system32\mstime.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 146432 c:\windows\system32\msrating.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 146432 c:\windows\system32\msrating.dll
- 2008-07-30 14:31 . 2006-02-28 12:00 343040 c:\windows\system32\mspaint.exe
+ 2008-07-30 14:31 . 2009-12-16 12:58 343040 c:\windows\system32\mspaint.exe
+ 2006-02-28 12:00 . 2010-04-16 15:36 449024 c:\windows\system32\mshtmled.dll
+ 2008-07-30 14:31 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2008-07-30 14:31 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2008-07-30 14:31 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2009-11-07 06:07 . 2009-11-07 06:07 297808 c:\windows\system32\mscoree.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 471552 c:\windows\system32\mqutil.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 471552 c:\windows\system32\mqutil.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 186880 c:\windows\system32\mqtrig.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 186880 c:\windows\system32\mqtrig.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 117248 c:\windows\system32\mqtgsvc.exe
+ 2006-02-28 12:00 . 2009-06-22 11:49 117248 c:\windows\system32\mqtgsvc.exe
+ 2006-02-28 12:00 . 2009-06-25 18:36 517120 c:\windows\system32\mqsnap.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 123392 c:\windows\system32\mqrtdep.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 123392 c:\windows\system32\mqrtdep.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 177152 c:\windows\system32\mqrt.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 177152 c:\windows\system32\mqrt.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 661504 c:\windows\system32\mqqm.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 225280 c:\windows\system32\mqoa.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 225280 c:\windows\system32\mqoa.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 138240 c:\windows\system32\mqad.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 138240 c:\windows\system32\mqad.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 724480 c:\windows\system32\lsasrv.dll
+ 2006-02-28 12:00 . 2008-06-10 06:31 103936 c:\windows\system32\logagent.exe
- 2006-02-28 12:00 . 2006-02-28 12:00 103936 c:\windows\system32\logagent.exe
+ 2006-02-28 12:00 . 2009-05-07 15:44 344064 c:\windows\system32\localspl.dll
+ 2006-02-28 12:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 298496 c:\windows\system32\kerberos.dll
+ 2006-02-28 12:00 . 2009-08-21 09:46 450560 c:\windows\system32\jscript.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 450560 c:\windows\system32\jscript.dll
+ 2008-07-30 14:32 . 2010-01-29 15:08 683520 c:\windows\system32\inetcomm.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 251392 c:\windows\system32\iepeers.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 251392 c:\windows\system32\iepeers.dll
+ 2006-02-28 12:00 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
- 2008-07-30 10:25 . 2009-12-03 13:05 123728 c:\windows\system32\FNTCACHE.DAT
+ 2008-07-30 10:25 . 2010-10-06 21:40 123728 c:\windows\system32\FNTCACHE.DAT
+ 2006-02-28 12:00 . 2008-07-07 20:32 253952 c:\windows\system32\es.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 205312 c:\windows\system32\dxtrans.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 357888 c:\windows\system32\dxtmsft.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 357888 c:\windows\system32\dxtmsft.dll
+ 2006-02-28 12:00 . 2010-02-11 12:01 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2006-02-28 12:00 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys
+ 2006-02-28 12:00 . 2009-12-31 16:14 352640 c:\windows\system32\drivers\srv.sys
+ 2006-02-28 12:00 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys
+ 2006-02-28 12:00 . 2010-02-24 12:31 454016 c:\windows\system32\drivers\mrxsmb.sys
+ 2006-02-28 12:00 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys
+ 2006-02-28 12:00 . 2008-06-20 17:41 148992 c:\windows\system32\dnsapi.dll
+ 2008-07-30 14:31 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2006-02-28 12:00 . 2009-04-03 17:15 485376 c:\windows\system32\dllcache\wmspdmod.dll
+ 2006-02-28 12:00 . 2009-07-13 07:18 233472 c:\windows\system32\dllcache\wmpdxm.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2008-07-30 14:31 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2008-07-30 14:31 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2006-02-28 12:00 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2006-02-28 12:00 . 2009-12-24 07:05 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 662016 c:\windows\system32\dllcache\wininet.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2006-02-28 12:00 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2006-02-28 12:00 . 2010-03-10 08:02 417792 c:\windows\system32\dllcache\vbscript.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 624640 c:\windows\system32\dllcache\urlmon.dll
- 2008-07-30 14:32 . 2006-02-28 12:00 153088 c:\windows\system32\dllcache\triedit.dll
+ 2008-07-30 14:32 . 2009-06-21 22:04 153088 c:\windows\system32\dllcache\triedit.dll
+ 2006-02-28 12:00 . 2010-02-11 12:01 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2006-02-28 12:00 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys
+ 2006-02-28 12:00 . 2009-10-16 03:51 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2006-02-28 12:00 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2006-02-28 12:00 . 2009-12-31 16:14 352640 c:\windows\system32\dllcache\srv.sys
- 2006-02-28 12:00 . 2006-02-28 12:00 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2006-02-28 12:00 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe
+ 2006-02-28 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\dllcache\schannel.dll
+ 2006-02-28 12:00 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
+ 2006-02-28 12:00 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2006-02-28 12:00 . 2008-05-08 12:28 202752 c:\windows\system32\dllcache\rmcast.sys
+ 2006-02-28 12:00 . 2009-10-12 13:54 112128 c:\windows\system32\dllcache\rastls.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 112128 c:\windows\system32\dllcache\rastls.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 283648 c:\windows\system32\dllcache\pdh.dll
+ 2006-02-28 12:00 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll
+ 2006-02-28 12:00 . 2006-10-04 08:48 215552 c:\windows\system32\dllcache\osk.exe
- 2006-02-28 12:00 . 2006-02-28 12:00 215552 c:\windows\system32\dllcache\osk.exe
- 2006-02-28 12:00 . 2006-02-28 12:00 266752 c:\windows\system32\dllcache\oakley.dll
+ 2006-02-28 12:00 . 2009-10-13 10:53 266752 c:\windows\system32\dllcache\oakley.dll
+ 2006-02-28 12:00 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2006-02-28 12:00 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2006-02-28 12:00 . 2008-06-20 17:41 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2006-02-28 12:00 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2006-02-28 12:00 . 2009-09-11 14:33 133632 c:\windows\system32\dllcache\msv1_0.dll
+ 2008-07-30 14:31 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 532480 c:\windows\system32\dllcache\mstime.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 146432 c:\windows\system32\dllcache\msrating.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 146432 c:\windows\system32\dllcache\msrating.dll
- 2008-07-30 14:31 . 2006-02-28 12:00 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2008-07-30 14:31 . 2009-12-16 12:58 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2006-02-28 12:00 . 2009-06-25 18:36 169472 c:\windows\system32\dllcache\msmqocm.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-07-30 14:31 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-07-30 14:31 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-07-30 14:31 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
- 2008-07-30 14:32 . 2006-02-28 12:00 331776 c:\windows\system32\dllcache\msadce.dll
+ 2008-07-30 14:32 . 2008-05-01 14:30 331776 c:\windows\system32\dllcache\msadce.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 471552 c:\windows\system32\dllcache\mqutil.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 471552 c:\windows\system32\dllcache\mqutil.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 186880 c:\windows\system32\dllcache\mqtrig.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 186880 c:\windows\system32\dllcache\mqtrig.dll
+ 2006-02-28 12:00 . 2009-06-22 11:49 117248 c:\windows\system32\dllcache\mqtgsvc.exe
- 2006-02-28 12:00 . 2006-02-28 12:00 117248 c:\windows\system32\dllcache\mqtgsvc.exe
+ 2006-02-28 12:00 . 2009-06-25 18:36 517120 c:\windows\system32\dllcache\mqsnap.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 123392 c:\windows\system32\dllcache\mqrtdep.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 123392 c:\windows\system32\dllcache\mqrtdep.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 177152 c:\windows\system32\dllcache\mqrt.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 661504 c:\windows\system32\dllcache\mqqm.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 225280 c:\windows\system32\dllcache\mqoa.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 225280 c:\windows\system32\dllcache\mqoa.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 138240 c:\windows\system32\dllcache\mqad.dll
+ 2006-02-28 12:00 . 2009-06-25 18:36 138240 c:\windows\system32\dllcache\mqad.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 724480 c:\windows\system32\dllcache\lsasrv.dll
+ 2006-02-28 12:00 . 2008-06-10 06:31 103936 c:\windows\system32\dllcache\logagent.exe
- 2006-02-28 12:00 . 2006-02-28 12:00 103936 c:\windows\system32\dllcache\logagent.exe
+ 2006-02-28 12:00 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2006-02-28 12:00 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2006-02-28 12:00 . 2009-06-25 08:44 298496 c:\windows\system32\dllcache\kerberos.dll
+ 2006-02-28 12:00 . 2009-08-21 09:46 450560 c:\windows\system32\dllcache\jscript.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 450560 c:\windows\system32\dllcache\jscript.dll
+ 2008-07-30 14:32 . 2010-01-29 15:08 683520 c:\windows\system32\dllcache\inetcomm.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 251392 c:\windows\system32\dllcache\iepeers.dll
- 2008-07-30 14:33 . 2006-02-28 12:00 743936 c:\windows\system32\dllcache\helpsvc.exe
+ 2008-07-30 14:33 . 2010-06-14 14:30 743936 c:\windows\system32\dllcache\helpsvc.exe
+ 2006-02-28 12:00 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2008-07-30 14:31 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2006-02-28 12:00 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\es.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-02-28 12:00 . 2008-06-20 17:41 148992 c:\windows\system32\dllcache\dnsapi.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2006-02-28 12:00 . 2010-04-20 05:51 285696 c:\windows\system32\dllcache\atmfd.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2006-02-28 12:00 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys
+ 2006-02-28 12:00 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2006-02-28 12:00 . 2009-11-21 16:36 470528 c:\windows\system32\dllcache\aclayers.dll
+ 2006-02-28 12:00 . 2010-02-12 04:47 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 151040 c:\windows\system32\cdfview.dll
+ 2006-02-28 12:00 . 2010-04-20 05:51 285696 c:\windows\system32\atmfd.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 285696 c:\windows\system32\atmfd.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 616960 c:\windows\system32\advapi32.dll
+ 2006-02-28 12:00 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll
+ 2006-02-28 12:00 . 2010-02-12 04:47 100864 c:\windows\system32\6to4svc.dll
 
c:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2008-07-30 14:33 . 2006-02-28 12:00 743936 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2010-03-31 05:16 . 2010-03-31 05:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2010-04-08 04:48 . 2010-04-08 04:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
- 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 10:31 . 2010-03-23 10:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-02-09 17:22 . 2010-02-09 17:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-11-25 09:59 . 2008-11-25 09:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-11-25 09:59 . 2008-11-25 09:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2009-08-08 04:51 . 2009-08-08 04:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 05:33 . 2004-07-15 05:33 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 05:25 . 2004-07-15 05:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 19:49 . 2010-03-31 19:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-15 06:49 . 2004-07-15 06:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-03-31 20:32 . 2010-03-31 20:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-10-06 21:20 . 2010-10-06 21:20 969728 c:\windows\Installer\4f3ee1.msi
+ 2008-12-13 14:58 . 2008-12-13 14:58 754688 c:\windows\Installer\4f3ebf.msp
+ 2009-03-20 16:48 . 2009-03-20 16:48 183808 c:\windows\Installer\4f3e64.msp
+ 2010-02-25 05:14 . 2010-02-25 05:14 543232 c:\windows\Installer\4f3e3a.msp
+ 2010-10-06 21:00 . 2010-10-06 21:00 432640 c:\windows\Installer\4f3e32.msi
+ 2010-10-06 21:00 . 2010-10-06 21:00 429568 c:\windows\Installer\4f3e29.msi
+ 2010-10-06 17:12 . 2010-02-24 12:31 454016 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-10-06 17:03 . 2008-06-13 13:10 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2010-10-06 21:26 . 2010-10-06 21:26 155648 c:\windows\assembly\NativeImages1_v1.1.4322\VJSharpCodeProvider\7.0.5000.0__b03f5f7f11d50a3a_3613590a\VJSharpCodeProvider.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_86951836\System.Drawing.dll
+ 2010-10-06 21:24 . 2010-10-06 21:24 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f51ad700\System.Drawing.Design.dll
+ 2010-10-06 21:24 . 2010-10-06 21:24 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_388eb3e3\CustomMarshalers.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe
+ 2010-10-06 21:28 . 2010-10-06 21:28 197632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\e72943c68854beba3c33c844850fe079\WindowsFormsIntegration.Design.ni.dll
+ 2010-10-06 21:26 . 2010-10-06 21:26 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 638464 c:\windows\assembly\NativeImages_v2.0.50727_32\WcfTestClient\bcce5c2ff373b641e30c2c276d5ea537\WcfTestClient.ni.exe
+ 2010-10-06 21:28 . 2010-10-06 21:28 280576 c:\windows\assembly\NativeImages_v2.0.50727_32\WcfSvcHost\5d6881e3cf6146311a9c856c8c866c2e\WcfSvcHost.ni.exe
+ 2010-10-06 21:26 . 2010-10-06 21:26 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2010-10-06 21:26 . 2010-10-06 21:26 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll
+ 2010-10-06 21:32 . 2010-10-06 21:32 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll
+ 2010-10-06 21:27 . 2010-10-06 21:27 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll
+ 2010-10-06 21:25 . 2010-10-06 21:25 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll
+ 2010-10-06 21:30 . 2010-10-06 21:30 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
+ 2010-10-06 21:31 . 2010-10-06 21:31 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll
+ 2010-10-06 21:30 . 2010-10-06 21:30 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe
+ 2010-10-06 21:28 . 2010-10-06 21:28 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe
+ 2010-10-06 21:25 . 2010-10-06 21:25 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll
+ 2010-10-06 21:25 . 2010-10-06 21:25 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll
+ 2010-10-06 21:25 . 2010-10-06 21:25 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll
+ 2010-10-06 21:25 . 2010-10-06 21:25 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe
+ 2010-10-06 21:30 . 2010-10-06 21:30 438272 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\890da3a61bb0b94a659fea1ce2a91cc4\Microsoft.Windows.Design.Extensibility.ni.dll
+ 2010-10-06 21:30 . 2010-10-06 21:30 353792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\7903ae6515183d06929d52a1f468435f\Microsoft.Windows.Design.ni.dll
+ 2010-10-06 21:30 . 2010-10-06 21:30 503296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\5d520d0a989d68a2b4c6cf77881e4ef8\Microsoft.Windows.Design.Interaction.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e246fd7c76d25520069c046a5810bae4\Microsoft.VisualStudio.ni.dll
+ 2010-10-06 21:30 . 2010-10-06 21:30 159744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b26c02b4294d6bd7c221f1604802d299\Microsoft.VisualStudio.WizardFramework.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 306176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a7fc3142c4b71fdaa58206694e77c675\Microsoft.VisualStudio.OLE.Interop.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 822272 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\98e0876955e01ef57be8b160be258d05\Microsoft.VisualStudio.Shell.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\989f1edad09af797a0ccd3877b3f6d87\Microsoft.VisualStudio.TextTemplating.VSHost.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 790528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9804c3592ad9937f8fabf63e89d89253\Microsoft.VisualStudio.Modeling.ArtifactMapper.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 179712 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8114545c3858c82ffeea133ea91b0cb9\Microsoft.VisualStudio.EnterpriseTools.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 403456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\7dba0d92fb3dad7ff10c68832200dffa\Microsoft.VisualStudio.ServiceModel.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 373248 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5f8124d5eeea00ba7d7cd67c1dfe46ea\Microsoft.VisualStudio.Shell.Interop.8.0.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 861696 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5f34f7fdaf0cc012daa265b88cad9730\Microsoft.VisualStudio.Modeling.Sdk.Shell.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 876032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\581ac91acfcde1f88d95f3376ecf79ea\Microsoft.VisualStudio.Shell.9.0.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 173056 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\389465e18f4a8b4c01bda4debd7539ac\Microsoft.VisualStudio.TextTemplating.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\1e17f627947016761f1f0070005327ae\Microsoft.VisualStudio.Configuration.ni.dll
 
+ 2010-10-06 21:30 . 2010-10-06 21:30 640512 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\15818e24d6cac65db4571b92f4127d1f\Microsoft.VisualStudio.Xaml.LanguageService.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 511488 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0e07ad72c56970b73951ce1531cac38c\Microsoft.VisualStudio.Shell.Design.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fa33960fffc1eaa9c77205e4258b0cbc\Microsoft.SqlServer.GridControl.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 137216 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e4d91cecee9bcc24b01a46f7cb06630e\Microsoft.SqlServer.ConnectionInfoExtended.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 355840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\bcdb8060826879e3123f7df2194f6452\Microsoft.SqlServer.Setup.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 251904 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ac27ad5e0c3d87248026c4e9a5a17938\Microsoft.SqlServer.SqlWmiManagement.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 530432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7659454b0f797bb406ca3850c131dcaf\Microsoft.SqlServer.GridControl.ni.dll
+ 2010-10-06 21:29 . 2010-10-06 21:29 989184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6fe30b7de8bf98c31aa1375fa735f733\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\67a8327ae3a2b2fb63024e5f9b1bc98c\Microsoft.SqlServer.SmoExtended.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 632320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\38f88136e02135fa08313e32d33c0291\Microsoft.SqlServer.BatchParser.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 999424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\33872b5cfab8cc1897de6fe7a4b9f825\Microsoft.SqlServer.WizardFramework.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 128000 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\32f98890704f14f64d30ef1f30821063\Microsoft.SqlServer.RegSvrEnum.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 244736 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0cf91292d053afc56e4ec2a059594707\Microsoft.SqlServer.ConnectionInfo.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 232960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\1907be67dea25e82686d86d3a72f4133\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 231936 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\0fd805dd8c2b51d8cce4edf50e439ccf\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 276480 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE80\c26c0846413c825d98d1cc826bb8dc34\EnvDTE80.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 573440 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE\1efbdc01fd7106ed540209b5912f4d4a\EnvDTE.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2010-10-06 21:28 . 2010-10-06 21:28 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe
+ 2010-10-06 21:28 . 2010-10-06 21:28 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-10-06 21:17 . 2010-10-06 21:17 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
- 2008-11-24 15:58 . 2008-11-24 15:58 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2010-10-06 21:17 . 2010-10-06 21:17 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-10-06 21:06 . 2010-10-06 21:06 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-10-06 21:06 . 2010-10-06 21:06 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-10-06 21:23 . 2010-10-06 21:23 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-10-06 21:23 . 2010-10-06 21:23 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-10-06 21:17 . 2010-10-06 21:17 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
- 2008-11-24 15:58 . 2008-11-24 15:58 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
- 2008-11-24 15:58 . 2008-11-24 15:58 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2010-10-06 21:17 . 2010-10-06 21:17 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-10-06 21:23 . 2010-10-06 21:23 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-10-06 21:23 . 2010-10-06 21:23 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-10-06 21:06 . 2010-10-06 21:06 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2008-11-24 15:57 . 2008-11-24 15:57 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-10-06 21:22 . 2010-10-06 21:22 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-11-24 15:55 . 2008-11-24 15:55 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-10-06 21:23 . 2010-10-06 21:23 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2006-02-28 12:00 . 2009-11-21 16:36 470528 c:\windows\AppPatch\aclayers.dll
+ 2010-10-06 17:13 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-21 05:03 . 2009-07-21 05:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2008-09-30 21:42 . 2008-09-30 21:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2006-02-28 12:00 . 2010-04-08 18:53 2113536 c:\windows\system32\WMVCore.dll
+ 2006-02-28 12:00 . 2010-02-16 12:27 4734976 c:\windows\system32\wmp.dll
+ 2006-02-28 12:00 . 2008-06-10 23:18 1053696 c:\windows\system32\WMNetmgr.dll
+ 2006-02-28 12:00 . 2010-05-02 05:56 1850880 c:\windows\system32\win32k.sys
+ 2006-02-28 12:00 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
+ 2006-02-28 12:00 . 2010-04-16 15:36 1506304 c:\windows\system32\shdocvw.dll
+ 2006-02-28 12:00 . 2009-07-17 16:27 1435648 c:\windows\system32\query.dll
- 2006-02-28 12:00 . 2006-02-28 12:00 1435648 c:\windows\system32\query.dll
+ 2006-02-28 12:00 . 2010-02-05 18:40 1291264 c:\windows\system32\quartz.dll
 
Status
Not open for further replies.

Similar threads

C
Windows Activation Blocking Login on Win XP and Vista PCs
Replies
3
Views
1K
Macho
Macho
T
Solved I'm having issues with a Rootkit
2
Replies
34
Views
7K
Broni
Broni
N
Solved Win32 malware gen
2 3
Replies
52
Views
12K
Broni
Broni

Latest posts

Back