Jump to content
Sign in to follow this  
Mr Brightside

My Log

Recommended Posts

Hello.

 

I ran into something bad about a week ago.

From the instructions in the Spyware/Virus section of the forum I should tell you that I have run these full system scans:

 

AVG Anti Virus - nothing came up

Spybot Search and Destroy - nothing came up

Adaware - 2 main infections, one which could be removed, and the other wouldn't. I would select it, click remove, but it would just flicker and not go away :(

Malwarebytes' Anti Malware - lots of infections found, but when they were removed on restart, my internet didn't work.

 

I panicked and did a system restore to before my problems started (maybe I shoulda done that from the start). Google is now running fine, as well as family tree maker. What I want to make sure of though is that my system is still virus and spyware free.

 

 

Please could you have a look over my current HJT log:

 

 

AlLogfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:06:24, on 14/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\ehome\ehSched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Kontiki\KService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\ps2.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\COMODO\Firewall\cfp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/blueyonder/index.jsp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/blueyonder/index.jsp

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gb10.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'Default user')

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab

O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} (Bonusprint Image Uploader Version 4.5 Control) - http://webalbum.bonusprint.com/ukipc01/dow...geUploader4.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FF44030B-689E-4427-87CD-4AFF01B4D5AD}: NameServer = 62.30.112.39,194.117.134.19

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 8116 bytes

 

 

Thanks,

 

Mr Brightside.

Share this post


Link to post
Share on other sites

Hi Mr Brightside,

 

I sure would be interested in seeing what MBAM removed. Please see if it's still working after the system restore operation. If so, click the Logs tab and if there's a log present, select it then click View. Post it's contents here.

 

System Restore will roll back a number of things, but it generally will not remove rogue files that have been dropped, so lets run a scan tool that might show us if any are present. Please download DDS and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.
Please include the contents of the following in your next reply:

 

DDS.txt

 

I may ask for the Attach.txt log later, so keep it handy.

Share this post


Link to post
Share on other sites

I sure would be interested in seeing what MBAM removed. Please see if it's still working after the system restore operation. If so, click the Logs tab and if there's a log present, select it then click View. Post it's contents here.

Hi, thanks for helping me out!!

 

MBAM did stop working, however, I saved the log from the scan before I used system restore, and before I tried to get it to remove the infections. Here it is:

 

Malwarebytes' Anti-Malware 1.31

Database version: 1500

Windows 5.1.2600 Service Pack 3

 

14/12/2008 19:11:56

mbam-log-2008-12-14 (19-11-52).txt

 

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 221884

Time elapsed: 1 hour(s), 11 minute(s), 55 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 12

Folders Infected: 1

Files Infected: 4

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataDisp32 (Trojan.Vundo) -> No action taken.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.150;85.255.112.70 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.150;85.255.112.70 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ff44030b-689e-4427-87cd-4aff01b4d5ad}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.150;85.255.112.70 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ff44030b-689e-4427-87cd-4aff01b4d5ad}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.150;85.255.112.70 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.150;85.255.112.70 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.150;85.255.112.70 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ff44030b-689e-4427-87cd-4aff01b4d5ad}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.150;85.255.112.70 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ff44030b-689e-4427-87cd-4aff01b4d5ad}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.150;85.255.112.70 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.150;85.255.112.70 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.150;85.255.112.70 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ff44030b-689e-4427-87cd-4aff01b4d5ad}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.150;85.255.112.70 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ff44030b-689e-4427-87cd-4aff01b4d5ad}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.150;85.255.112.70 -> No action taken.

 

Folders Infected:

C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> No action taken.

 

Files Infected:

C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Spyware.Passwords) -> No action taken.

C:\WINDOWS\system32\msqpdxnvuasrvk.dll (Trojan.Agent) -> No action taken.

C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> No action taken.

C:\WINDOWS\system32\drivers\msqpdxcjjhpgar.sys (Trojan.Agent) -> No action taken.

 

 

Please include the contents of the following in your next reply:

 

DDS.txt

 

 

DDS (Version 1.0.1) - NTFSx86

Run by Administrator at 18:35:13.06 on 15/12/2008

Internet Explorer: 7.0.5730.11

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1263 [GMT 0:00]

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\ehome\ehSched.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Kontiki\KService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ps2.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\COMODO\Firewall\cfp.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Administrator\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.blueyonder.co.uk/blueyonder/index.jsp

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

uSearch Bar = hxxp://www.google.com/ie

mStart Page = hxxp://www.blueyonder.co.uk/blueyonder/index.jsp

mSearch Bar = hxxp://srch-gb10.hpwis.com/

uInternet Connection Wizard,ShellNext = hxxp://gb10.hpwis.com/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll

BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_09\bin\ssv.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll

TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Acme.PCHButton] c:\progra~1\hppavi~1\pavilion\xpewwbp4\plugin\bin\PCHButton.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [PS2] c:\windows\system32\ps2.exe

mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe

mRun: [CTHelper] CTHELPER.EXE

mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [COMODO Internet Security] "c:\program files\comodo\firewall\cfp.exe" -h

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

dRunOnce: [setDefaultMidi] MIDIDEF.EXE

StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_09\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

 

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

TCP: {FF44030B-689E-4427-87CD-4AFF01B4D5AD} = 62.30.112.39,194.117.134.19

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: igfxcui - igfxsrvc.dll

Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll

SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll

SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Authentication Packages = msv1_0 nwprovau

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\sqy84vg1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: network.proxy.type - 4

 

============= SERVICES / DRIVERS ===============

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-7 97928]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-7 26824]

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-1-12 101776]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-1-12 31504]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-7 231704]

R2 cmdAgent;COMODO Internet Security Helper Service;"c:\program files\comodo\firewall\cmdagent.exe" [2008-1-12 618232]

R3 hcwPVRP2;Hauppauge WinTV-PVR PCI II (Encoder-16);c:\windows\system32\drivers\hcwPVRP2.sys [2005-5-13 793376]

S3 COH_Mon;COH_Mon;\??\c:\windows\system32\drivers\COH_Mon.sys []

S3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20080202.003\NAVENG.SYS []

S3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20080202.003\NAVEX15.SYS []

S3 SSDefrag;SSDefrag;\??\c:\windows\system32\drivers\SSDefrag.sys [2007-11-14 34560]

S4 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon []

S4 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon []

S4 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon []

S4 MioNet;MioNet Service;"c:\program files\mionet\mionetmanager.exe" -s "c:\program files\mionet\wrapper.conf" []

S4 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" []

 

=============== Created Last 30 ================

 

2008-12-14 20:42 54,156 a---h--- c:\windows\QTFont.qfn

2008-12-14 20:42 1,409 a------- c:\windows\QTFont.for

2008-12-14 19:12 61,440 a------- c:\windows\system32\drivers\xsqatwof.sys

2008-12-14 17:35 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes

2008-12-14 17:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2008-12-13 23:32 <DIR> --d----- c:\program files\SpeedFan

2008-12-13 23:32 45 a------- c:\windows\system32\initdebug.nfo

2008-12-11 18:40 <DIR> --d----- c:\program files\Lavasoft

2008-12-11 18:39 <DIR> --d----- c:\program files\common files\Wise Installation Wizard

2008-12-11 18:20 <DIR> --d----- c:\program files\Trend Micro

2008-12-07 23:35 21 a------- c:\windows\Picasa.ini

2008-12-05 20:35 41,984 a------- c:\windows\system32\msqpdxnvuasrvk.dll

2008-12-05 20:35 27,904 a------- c:\windows\system32\drivers\Ndisprot.sys

2008-11-30 00:01 <DIR> --d----- c:\windows\system32\Adobe

2008-11-27 19:09 <DIR> --d----- c:\documents and settings\administrator\AppData

2008-11-27 18:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Stardock

2008-11-27 01:06 <DIR> --d----- c:\windows\system32\XPSViewer

2008-11-27 01:05 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2008-11-27 01:05 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll

2008-11-27 01:05 117,760 -------- c:\windows\system32\prntvpt.dll

2008-11-27 01:05 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll

2008-11-27 01:05 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll

2008-11-27 01:05 1,676,288 -------- c:\windows\system32\xpssvcs.dll

2008-11-27 01:05 575,488 -------- c:\windows\system32\xpsshhdr.dll

2008-11-27 01:05 <DIR> --d----- C:\fac462f81a38d19e36f46f

2008-11-27 00:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CenerTCPMessenger

2008-11-27 00:19 1,984,462 a------- c:\windows\setupapi.log.0.old

2008-11-27 00:19 <DIR> --d----- c:\program files\Alky for Applications

2008-11-27 00:18 16,384 a------- c:\windows\system32\lcid.exe

2008-11-24 21:09 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}

2008-11-23 20:33 <DIR> --d----- c:\windows\system32\IOSUBSYS

2008-11-23 13:42 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition

2008-11-23 12:50 <DIR> --d----- c:\documents and settings\administrator\Tracing

2008-11-23 12:49 3,426,072 a------- c:\windows\system32\d3dx9_32.dll

2008-11-23 12:44 <DIR> --d----- c:\program files\Microsoft

2008-11-23 12:40 <DIR> --d----- c:\program files\common files\Windows Live

2008-11-17 20:04 2,306,113 a------- c:\windows\system32\GPhotos.scr

2008-11-16 19:01 <DIR> --d----- C:\AllokVideoFolder

2008-11-16 18:51 <DIR> --d----- c:\program files\Haali

 

==================== Find3M ====================

 

2008-12-13 19:48 139,152 ac------ c:\windows\system32\drivers\PnkBstrK.sys

2008-12-13 19:48 111,928 ac------ c:\windows\system32\PnkBstrB.exe

2008-12-06 12:03 147,192 a------- c:\windows\system32\guard32.dll

2008-12-06 12:03 101,776 ac------ c:\windows\system32\drivers\cmdGuard.sys

2008-11-24 23:14 31,504 ac------ c:\windows\system32\drivers\cmdhlp.sys

2008-11-15 13:56 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS

2008-11-08 18:35 3,276 a------- c:\windows\system32\d3d8caps.dat

2008-10-25 21:13 326 a------- c:\windows\system32\drivers\hosts

2008-10-24 11:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll

2008-10-16 20:38 826,368 a------- c:\windows\system32\wininet.dll

2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

2008-10-03 10:02 247,326 a------- c:\windows\system32\strmdll.dll

2008-04-14 21:44 32 ac------ c:\docume~1\alluse~1\applic~1\ezsid.dat

2008-02-23 11:44 22,328 ac------ c:\docume~1\admini~1\applic~1\PnkBstrK.sys

2005-09-28 14:11 32 ac---r-- c:\documents and settings\all users\hash.dat

2008-07-11 16:26 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008071120080712\index.dat

 

============= FINISH: 18:36:43.04 ===============

 

 

Thanks,

 

Mr Brightside.

Edited by Mr Brightside

Share this post


Link to post
Share on other sites

You've definitely still got some nasties on board. Lets get them cleaned out. Please visit the following webpage for instructions for downloading and running ComboFix

 

How to use ComboFix

 

 

Download ComboFix by sUBs from here, saving the file to your desktop.

 

 

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

  • Close all open programs and windows
  • Double click ComboFix.exe and follow the prompts.
  • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

 

Should you internet for some reason not work again, a restart should fix it (I don't expect that to happen though). ;)

Share this post


Link to post
Share on other sites

Here's the ComboFix log:

 

ComboFix 08-12-15.08 - Administrator 2008-12-16 18:09:01.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1403 [GMT 0:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\msqpdxnvuasrvk.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-11-16 to 2008-12-16 )))))))))))))))))))))))))))))))

.

 

2008-12-14 19:12 . 2008-12-14 19:12 61,440 --a------ c:\windows\system32\drivers\xsqatwof.sys

2008-12-14 17:43 . 2008-12-14 17:43 <DIR> d-------- C:\rsit

2008-12-14 17:35 . 2008-12-14 17:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-14 17:35 . 2008-12-14 17:35 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes

2008-12-13 23:32 . 2008-12-13 23:34 <DIR> d-------- c:\program files\SpeedFan

2008-12-13 23:32 . 2008-12-13 23:32 45 --a------ c:\windows\system32\initdebug.nfo

2008-12-13 22:55 . 2008-12-13 23:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\vlc

2008-12-11 18:40 . 2008-12-11 18:40 <DIR> d-------- c:\program files\Lavasoft

2008-12-11 18:39 . 2008-12-11 18:39 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2008-12-11 18:20 . 2008-12-14 19:48 <DIR> d-------- c:\program files\Trend Micro

2008-12-07 23:35 . 2008-12-07 23:35 21 --a------ c:\windows\Picasa.ini

2008-12-05 20:35 . 2008-12-05 20:35 27,904 --a------ c:\windows\system32\drivers\Ndisprot.sys

2008-11-30 00:01 . 2008-11-30 00:01 <DIR> d-------- c:\windows\system32\Adobe

2008-11-27 19:09 . 2008-11-27 19:09 <DIR> d-------- c:\documents and settings\Administrator\AppData

2008-11-27 18:56 . 2008-11-27 18:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Stardock

2008-11-27 01:06 . 2008-11-27 01:06 <DIR> d-------- c:\windows\system32\XPSViewer

2008-11-27 01:06 . 2008-11-27 01:06 <DIR> d-------- c:\program files\Reference Assemblies

2008-11-27 01:05 . 2008-11-27 01:06 <DIR> d-------- C:\fac462f81a38d19e36f46f

2008-11-27 01:05 . 2008-07-06 12:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll

2008-11-27 01:05 . 2008-07-06 12:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll

2008-11-27 01:05 . 2008-07-06 10:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2008-11-27 01:05 . 2008-07-06 12:06 575,488 --------- c:\windows\system32\xpsshhdr.dll

2008-11-27 01:05 . 2008-07-06 12:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll

2008-11-27 01:05 . 2008-07-06 12:06 117,760 --------- c:\windows\system32\prntvpt.dll

2008-11-27 01:05 . 2008-07-06 12:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2008-11-27 00:37 . 2008-11-27 00:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\CenerTCPMessenger

2008-11-27 00:19 . 2008-11-27 00:19 <DIR> d-------- c:\program files\Alky for Applications

2008-11-27 00:19 . 2008-11-27 00:22 1,984,462 --a------ c:\windows\setupapi.log.0.old

2008-11-27 00:18 . 2007-07-28 17:00 16,384 --a------ c:\windows\system32\lcid.exe

2008-11-24 21:09 . 2008-11-24 22:58 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}

2008-11-23 20:33 . 2008-11-23 20:33 <DIR> d-------- c:\windows\system32\IOSUBSYS

2008-11-23 13:42 . 2008-11-23 13:42 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition

2008-11-23 13:31 . 2008-11-24 03:01 <DIR> d-------- c:\program files\Windows Live

2008-11-23 12:50 . 2008-11-23 13:18 <DIR> d-------- c:\documents and settings\Administrator\Tracing

2008-11-23 12:49 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll

2008-11-23 12:44 . 2008-11-23 12:44 <DIR> d-------- c:\program files\Microsoft

2008-11-23 12:40 . 2008-11-23 12:40 <DIR> d-------- c:\program files\Common Files\Windows Live

2008-11-17 20:04 . 2008-11-17 20:04 2,306,113 --a------ c:\windows\system32\GPhotos.scr

2008-11-16 19:01 . 2008-11-16 19:01 <DIR> d-------- C:\AllokVideoFolder

2008-11-16 18:51 . 2008-11-16 18:51 <DIR> d-------- c:\program files\Haali

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-16 18:33 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki

2008-12-16 17:58 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent

2008-12-15 23:57 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-15 18:58 139,152 -c--a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-12-14 20:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-12-07 12:10 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2008-12-06 12:03 101,776 -c--a-w c:\windows\system32\drivers\cmdGuard.sys

2008-11-30 18:49 --------- d-----w c:\documents and settings\Administrator\Application Data\dvdcss

2008-11-27 01:06 --------- d-----w c:\program files\MSBuild

2008-11-24 23:14 31,504 -c--a-w c:\windows\system32\drivers\cmdhlp.sys

2008-11-23 20:33 --------- d-----w c:\program files\Google

2008-11-23 13:40 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

2008-11-23 13:30 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller

2008-11-23 12:45 --------- d-----w c:\program files\MSN Messenger

2008-11-15 14:47 --------- d-----w c:\program files\PowerStrip

2008-11-15 13:56 23,600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS

2008-11-13 18:02 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-01 15:17 --------- d-----w c:\program files\Unlocker

2008-10-25 21:52 --------- d-----w c:\program files\Common Files\Adobe

2008-10-25 21:40 --------- d-----w c:\program files\Common Files\Macrovision Shared

2008-10-25 21:13 326 ----a-w c:\windows\system32\drivers\hosts

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-04-14 21:44 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat

2008-02-23 11:44 22,328 -c--a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys

2005-09-28 14:11 32 -c--a-r c:\documents and settings\All Users\hash.dat

2007-08-25 03:52 300,400 -c--a-w c:\program files\mozilla firefox\components\coFFPlgn.dll

2008-07-11 16:26 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071120080712\index.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-11-13_18.13.13.93 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-09-10 01:10:56 1,379,840 -c--a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll

+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll

+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe

+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll

+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe

+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll

+ 2008-09-04 17:12:27 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll

+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB955069\spmsg.dll

+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB955069\spuninst.exe

+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB955069\update\spcustom.dll

+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB955069\update\update.exe

+ 2008-07-09 13:08:38 382,840 ----a-w c:\windows\$hf_mig$\KB955069\update\updspapi.dll

+ 2008-10-24 11:41:11 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys

+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB957097\spmsg.dll

+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB957097\spuninst.exe

+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB957097\update\spcustom.dll

+ 2008-07-08 13:02:04 755,576 ----a-w c:\windows\$hf_mig$\KB957097\update\update.exe

+ 2008-07-08 13:02:12 382,840 ----a-w c:\windows\$hf_mig$\KB957097\update\updspapi.dll

+ 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\$NtUninstallKB954459$\msxml6.dll

+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB954459$\spuninst\spuninst.exe

+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB954459$\spuninst\updspapi.dll

+ 2008-04-14 00:12:01 1,104,896 -c----w c:\windows\$NtUninstallKB955069$\msxml3.dll

+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe

+ 2008-07-09 13:08:38 382,840 -c----w c:\windows\$NtUninstallKB955069$\spuninst\updspapi.dll

+ 2008-04-13 19:17:01 456,576 -c----w c:\windows\$NtUninstallKB957097$\mrxsmb.sys

+ 2008-07-08 13:02:02 231,288 -c----w c:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe

+ 2008-07-08 13:02:12 382,840 -c----w c:\windows\$NtUninstallKB957097$\spuninst\updspapi.dll

- 2008-02-20 17:02:11 69,120 -c--a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2008-11-27 01:02:37 69,120 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2008-02-20 17:02:17 72,192 -c--a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2008-11-27 01:02:42 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2008-11-27 01:06:14 163,840 ----a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

- 2008-02-20 17:01:58 4,444,160 -c--a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2008-11-27 01:02:53 4,546,560 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2008-11-27 01:06:19 4,210,688 ----a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

- 2008-02-20 17:02:19 483,840 -c--a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2008-11-27 01:02:53 486,400 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2008-02-20 17:02:04 3,036,160 -c--a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2008-11-27 01:02:55 2,933,248 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2008-02-20 17:02:22 258,048 -c--a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2008-11-27 01:02:51 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2008-02-20 17:02:22 113,664 -c--a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2008-11-27 01:02:51 113,664 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2008-11-27 01:06:20 368,640 ----a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll

- 2008-02-20 17:02:17 261,120 -c--a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2008-11-27 01:02:45 261,632 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2008-02-20 17:02:02 5,431,296 -c--a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2008-11-27 01:02:30 5,238,784 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2008-02-20 17:02:09 10,752 -c--a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2008-11-27 01:02:36 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2008-02-20 17:02:03 507,904 -c--a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2008-11-27 01:02:32 507,904 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2008-02-20 17:02:10 13,312 -c--a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2008-11-27 01:02:37 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2008-02-20 17:02:13 8,192 -c--a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2008-11-27 01:02:38 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2008-02-20 17:02:14 77,824 -c--a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2008-11-27 01:02:38 77,824 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2008-02-20 17:02:15 6,656 -c--a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2008-11-27 01:02:39 6,656 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2008-11-27 01:07:24 106,496 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll

- 2008-02-20 17:02:23 348,160 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2008-11-27 01:02:47 348,160 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2008-11-27 01:07:25 733,184 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2008-02-20 17:02:24 36,864 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2008-11-27 01:02:48 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2008-11-27 01:07:26 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2008-11-27 01:07:26 802,816 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll

- 2008-02-20 17:02:25 655,360 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2008-11-27 01:02:49 655,360 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2008-11-27 01:07:26 94,208 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll

- 2008-02-20 17:02:26 77,824 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2008-11-27 01:02:50 77,824 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2008-02-20 17:02:15 749,568 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2008-11-27 01:02:42 749,568 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2008-11-27 01:06:14 397,312 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

- 2008-02-20 17:02:14 110,592 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2008-11-27 01:02:41 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2008-02-20 17:02:13 372,736 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2008-11-27 01:02:41 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2008-02-20 17:02:19 28,672 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2008-11-27 01:02:44 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2008-02-20 17:02:12 671,744 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2008-11-27 01:02:40 659,456 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2008-11-27 01:07:25 41,984 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll

- 2008-02-20 17:01:59 5,632 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2008-11-27 01:02:54 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2008-02-20 17:02:21 12,800 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2008-11-27 01:02:44 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2008-02-20 17:02:12 32,768 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2008-11-27 01:02:40 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2008-02-20 17:02:11 7,168 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2008-11-27 01:02:39 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2008-11-27 01:06:23 598,016 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll

+ 2008-11-27 01:06:19 32,768 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll

+ 2008-11-27 01:06:24 46,104 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe

+ 2008-11-27 01:06:25 196,608 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

+ 2008-11-27 01:06:25 139,264 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2008-11-27 01:06:25 397,312 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

+ 2008-11-27 01:06:25 163,840 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

+ 2008-11-27 01:06:26 5,283,840 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

+ 2008-11-27 01:06:26 864,256 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll

+ 2008-11-27 01:06:20 528,384 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll

+ 2008-11-27 01:07:27 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll

+ 2008-11-27 01:06:15 110,592 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll

- 2008-02-20 17:02:16 110,592 -c--a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2008-11-27 01:02:52 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2008-03-27 15:26:10 47,832 -c--a-w c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

+ 2008-11-27 01:07:27 45,056 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

+ 2008-11-27 01:07:28 163,840 ----a-w c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll

+ 2008-11-27 01:07:33 57,344 ----a-w c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

- 2008-02-20 17:02:16 81,920 -c--a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2008-11-27 01:02:52 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2008-02-20 17:02:03 425,984 -c--a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2008-11-27 01:02:54 425,984 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2008-11-27 01:07:29 667,648 ----a-w c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll

+ 2008-11-27 01:07:29 53,248 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

+ 2008-11-27 01:07:29 229,376 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll

+ 2008-11-27 01:07:30 2,879,488 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll

+ 2008-11-27 01:07:23 684,032 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll

+ 2008-11-27 01:07:22 294,912 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll

+ 2008-11-27 01:07:22 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll

+ 2008-11-27 01:07:22 442,368 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll

+ 2008-11-23 13:42:39 236,392 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlServerCe\9.0.242.0__89845dcd8080cc91\System.Data.SqlServerCe.dll

- 2008-02-20 17:02:05 741,376 -c--a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2008-11-27 01:02:49 745,472 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2008-02-20 17:02:06 933,888 -c--a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2008-11-27 01:02:46 970,752 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2008-02-20 17:02:26 5,070,848 -c--a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2008-11-27 01:02:36 5,062,656 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2008-11-27 01:07:23 286,720 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

- 2008-02-20 17:02:24 188,416 -c--a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2008-11-27 01:02:43 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2008-02-20 17:02:09 401,408 -c--a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2008-11-27 01:02:45 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2008-02-20 17:02:20 81,920 -c--a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2008-11-27 01:02:35 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2008-02-20 17:02:00 630,784 -c--a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2008-11-27 01:02:56 626,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2008-11-27 01:06:27 126,976 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

+ 2008-11-27 01:06:15 430,080 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll

+ 2008-11-27 01:06:15 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

+ 2008-11-27 01:07:31 143,360 ----a-w c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

- 2008-02-20 17:02:22 372,736 -c--a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2008-11-27 01:02:50 372,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2008-02-20 17:02:20 258,048 -c--a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2008-11-27 01:02:48 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2008-11-27 01:07:33 233,472 ----a-w c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll

- 2008-02-20 17:02:18 299,008 -c--a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2008-11-27 01:02:47 303,104 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2008-02-20 17:02:18 131,072 -c--a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2008-11-27 01:02:46 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2008-11-27 01:06:15 966,656 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

- 2008-02-20 17:02:00 258,048 -c--a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2008-11-27 01:02:57 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2008-11-27 01:06:18 73,728 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll

+ 2008-11-27 01:06:18 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

+ 2008-11-27 01:07:21 569,344 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll

+ 2008-11-27 01:06:17 5,931,008 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

- 2008-02-20 17:02:01 114,688 -c--a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2008-11-27 01:02:57 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2008-11-27 01:06:24 688,128 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll

+ 2008-11-27 01:07:34 77,824 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll

+ 2008-11-27 01:07:34 32,768 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll

+ 2008-11-27 01:07:35 225,280 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll

+ 2008-11-27 01:07:31 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll

+ 2008-11-27 01:07:31 139,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll

+ 2008-11-27 01:07:35 335,872 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll

+ 2008-11-27 01:07:35 1,277,952 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll

- 2008-02-20 17:02:07 884,736 -c--a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2008-11-27 01:02:34 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2008-02-20 17:02:08 90,112 -c--a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2008-11-27 01:02:33 77,824 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2008-11-27 01:07:36 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll

- 2008-02-20 17:02:07 839,680 -c--a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2008-11-27 01:02:33 839,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2008-02-20 17:02:10 5,013,504 -c--a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2008-11-27 01:02:35 5,025,792 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2008-11-27 01:07:32 12,288 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll

+ 2008-11-27 01:06:22 1,138,688 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll

+ 2008-11-27 01:06:22 1,630,208 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll

+ 2008-11-27 01:06:23 540,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll

+ 2008-11-27 01:07:22 507,904 ----a-w c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll

+ 2008-11-27 01:07:32 139,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll

- 2008-02-20 17:02:01 2,068,480 -c--a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2008-11-27 01:02:56 2,048,000 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2008-02-20 17:02:06 3,076,096 -c--a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2008-11-27 01:02:43 3,149,824 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2008-11-27 01:06:24 167,936 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

+ 2008-11-27 01:06:24 385,024 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

+ 2008-11-27 01:06:20 40,960 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

+ 2008-11-27 01:06:21 98,304 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2008-11-27 01:06:21 1,245,184 ----a-w c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll

+ 2008-11-27 01:06:25 94,208 ----a-w c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

+ 2008-11-27 08:32:51 25,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll

+ 2008-11-27 08:32:53 842,240 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c7ffd8c23e8de4018a88185b3b60631e\AspNetMMCExt.ni.dll

+ 2008-11-27 08:32:39 409,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\19b50dd470540911fc5cc65331a769e4\ComSvcConfig.ni.exe

+ 2008-11-27 08:33:05 220,672 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e148983beeb0f30918b0564849a16456\CustomMarshalers.ni.dll

+ 2008-11-27 08:32:54 14,336 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a2865dcec9c5d3cc9c55f026cbad6fcc\dfsvc.ni.exe

+ 2008-11-27 08:33:06 222,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c5c4db4f9bc7a454e9cfc2548a9d45a5\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2008-11-27 08:32:58 1,886,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ce984d7bbd9a6d5d3cca28c4e5038020\Microsoft.Build.Engine.ni.dll

+ 2008-11-27 08:33:08 838,656 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\daf5ff5e06c80eefa80c6fcc79aec963\Microsoft.Build.Engine.ni.dll

+ 2008-11-27 08:33:09 65,024 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\36dbc4689f7c51e393504230004c9dec\Microsoft.Build.Framework.ni.dll

+ 2008-11-27 08:32:55 74,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\66359457e427c0d547750a79f754f9ba\Microsoft.Build.Framework.ni.dll

+ 2008-11-27 08:33:12 1,620,480 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\152cf75db013f0523933ac45177b4217\Microsoft.Build.Tasks.ni.dll

+ 2008-11-27 08:33:14 1,965,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cd6eeb3d7ea1f65c28a43e665db38644\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2008-11-27 08:33:16 175,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\28eede53267524df58362a75a668cf86\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2008-11-27 08:33:15 144,384 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\43dceeb2d0601d79af40752fb20283c2\Microsoft.Build.Utilities.ni.dll

+ 2008-11-27 08:34:36 2,332,160 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\7d61e63dea85f4f77ea4c13df7651ec7\Microsoft.JScript.ni.dll

+ 2008-11-27 08:32:41 1,092,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\21bb6244c91b6207fbcb038884a641ef\Microsoft.Transactions.Bridge.ni.dll

+ 2008-11-27 08:32:43 386,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\539e297cc9bc67fbf2fbdc9dc5fcd0f1\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2008-11-27 08:33:19 1,711,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5b3d048d8c003d743ea5e72caf07773a\Microsoft.VisualBasic.ni.dll

+ 2008-11-27 08:34:37 55,296 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\28ea74096df47800fe2c78bb2b9a4f2a\Microsoft.Vsa.ni.dll

+ 2008-11-27 08:32:55 133,632 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\87c84ffaaad81d8d106a9aa9d68b5926\MSBuild.ni.exe

+ 2008-11-27 08:16:43 11,485,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll

+ 2008-11-27 08:16:56 1,451,008 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b6bfb51dec7f8cc42c21c5928470c773\PresentationBuildTasks.ni.dll

+ 2008-11-27 08:16:56 39,424 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\487c1bc20f6e73e8e79503898d17d102\PresentationCFFRasterizer.ni.dll

+ 2008-11-27 08:17:22 12,213,248 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\12dcb10b76012416357bdbb010fdaa97\PresentationCore.ni.dll

+ 2008-11-27 08:17:24 47,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\9469981a17c01dd154c540127e678b35\PresentationFontCache.ni.exe

+ 2008-11-27 08:17:56 258,048 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\79c2fd29b1e46c943960278051b4e1b9\PresentationFramework.Royale.ni.dll

+ 2008-11-27 08:17:50 14,320,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9519494798a88867406b5755e1dbded6\PresentationFramework.ni.dll

+ 2008-11-27 08:17:52 368,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9e71fd0d299c5668c96a54e4a63479fa\PresentationFramework.Aero.ni.dll

+ 2008-11-27 08:17:55 539,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b4dc4bd8534d90fbb7430926ad990cd9\PresentationFramework.Luna.ni.dll

+ 2008-11-27 08:17:54 224,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ef1a93d10c3a91b728745dbfcc79c2c7\PresentationFramework.Classic.ni.dll

+ 2008-11-27 08:17:59 1,656,832 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\87fb973e4ab6a21fd00e45656fa7c115\PresentationUI.ni.dll

+ 2008-11-27 08:18:04 2,125,824 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\5c59991df60164cae10fd81b88a8e5b1\ReachFramework.ni.dll

+ 2008-11-27 08:32:44 319,488 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\6781b87c8d3b55e6120b1e86bea6e040\ServiceModelReg.ni.exe

+ 2008-11-27 08:32:45 255,488 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\2e19ccefc30d7b827bab3f7d8dcc0ab9\SMDiagnostics.ni.dll

+ 2008-11-27 08:32:47 365,056 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\b9c1a29e684bc02e49226ff1e9eec253\SMSvcHost.ni.exe

+ 2008-11-27 08:33:21 82,944 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f2b48eab657b4ef1d19dac11bdf0c913\System.AddIn.Contract.ni.dll

+ 2008-11-27 08:33:21 632,832 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\b01721205312c6c18df033cc47b60e5c\System.AddIn.ni.dll

+ 2008-11-27 08:33:22 94,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a8e047504bdad9ec14efd483574b0dd5\System.ComponentModel.DataAnnotations.ni.dll

+ 2008-11-27 08:34:31 140,800 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\22a1629a4dcdd493bbd8be40cc122e94\System.Configuration.Install.ni.dll

+ 2008-11-27 08:32:59 970,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll

+ 2008-11-27 08:18:10 2,294,784 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\6c69930d05c557da70144bcc0add7065\System.Core.ni.dll

+ 2008-11-27 08:33:23 135,680 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4f4ddae492a4a4ce4a2961f3d72d9399\System.Data.DataSetExtensions.ni.dll

+ 2008-11-27 08:34:13 755,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\9867484f25281882e61f61066fa651a3\System.Data.Entity.Design.ni.dll

+ 2008-11-27 08:34:10 9,903,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\8c050147d7031f912f6ca2b15550173f\System.Data.Entity.ni.dll

+ 2008-11-27 08:18:34 2,510,848 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\fa206c73f39721cd2c55829b9853de44\System.Data.Linq.ni.dll

+ 2008-11-27 08:34:21 354,816 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3cb9c5203e50cb6af99b163522e9357c\System.Data.Services.Design.ni.dll

+ 2008-11-27 08:34:19 939,520 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d3aed340a6562196ca40978556fb29d1\System.Data.Services.Client.ni.dll

+ 2008-11-27 08:34:17 1,326,080 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\6f298259c87cc6c7318d931f52f053c5\System.Data.Services.ni.dll

+ 2008-11-27 08:33:03 2,508,800 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0ec1b690c5ee057fa92ecff78de1457c\System.Data.SqlXml.ni.dll

+ 2008-11-27 08:18:23 6,614,016 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll

+ 2008-11-27 08:34:23 1,800,704 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\df1efcbac5973454c608890f72eb994d\System.Deployment.ni.dll

+ 2008-11-27 08:18:49 10,681,344 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\204db7071fb26343b0fd3f3d140c0bf8\System.Design.ni.dll

+ 2008-11-27 08:34:28 455,680 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\44de75caba2b9711b3d9030a30767f8b\System.DirectoryServices.Protocols.ni.dll

+ 2008-11-27 08:34:24 1,116,672 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6bcc481030a56c24d5990d199812c594\System.DirectoryServices.ni.dll

+ 2008-11-27 08:34:26 880,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c205bbbb88bfa4bd5e274f43ea0013cb\System.DirectoryServices.AccountManagement.ni.dll

+ 2008-11-27 08:18:56 208,384 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\5f5d64dd0e7991aaaad2d98ee52afe42\System.Drawing.Design.ni.dll

+ 2008-11-27 08:18:54 1,587,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll

+ 2008-11-27 08:34:29 627,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll

+ 2008-11-27 08:34:29 280,064 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.Wrapper.dll

+ 2008-11-27 08:31:58 212,992 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\be8c7482f1e78a3b4984af9082d455a7\System.IdentityModel.Selectors.ni.dll

+ 2008-11-27 08:31:57 1,056,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\94b2ca600c860c76e387f8bd317bd4c3\System.IdentityModel.ni.dll

+ 2008-11-27 08:32:00 381,440 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\bcfccfa22245d2223a764611c61a7cb9\System.IO.Log.ni.dll

+ 2008-11-27 08:34:31 330,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1db9deebde7c96b2874b4ffccac2f48e\System.Management.Instrumentation.ni.dll

+ 2008-11-27 08:34:33 997,888 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll

+ 2008-11-27 08:34:38 620,032 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\eabe1915c13467e1e66e2b073bcb842f\System.Net.ni.dll

+ 2008-11-27 08:19:00 1,035,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\db428f231a2ccaf490ae219efd2edc69\System.Printing.ni.dll

+ 2008-11-27 08:34:32 311,296 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\01dc643b54310ebc5ab7e4696df426bc\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2008-11-27 08:32:04 2,338,304 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bb748f8ef8c98eb5c7f79b8faee95397\System.Runtime.Serialization.ni.dll

+ 2008-11-27 08:33:04 676,352 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll

+ 2008-11-27 08:34:43 1,705,984 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\a3adabee8e63dc76f65710a9c32175fc\System.ServiceModel.Web.ni.dll

+ 2008-11-27 08:32:35 17,313,792 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d85d9535e91da842fded56869d57790a\System.ServiceModel.ni.dll

+ 2008-11-27 08:34:44 212,992 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll

+ 2008-11-27 08:19:03 1,912,832 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2e7a6c977ac9f8d46ebe2982697a0c8d\System.Speech.ni.dll

+ 2008-11-27 08:34:46 627,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll

+ 2008-11-27 08:35:00 141,312 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\fbe60d84b9f1ab74e396fb1507f69615\System.Web.Abstractions.ni.dll

+ 2008-11-27 08:35:06 36,864 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\17e2a7113434da494a846a8f4e4ac5e9\System.Web.DynamicData.Design.ni.dll

+ 2008-11-27 08:35:05 542,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aff5e0fa23e49ee75e458408c1f66da2\System.Web.DynamicData.ni.dll

+ 2008-11-27 08:35:09 301,056 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ca1ce755bb49324c7d275c426188a28f\System.Web.Entity.Design.ni.dll

+ 2008-11-27 08:35:08 328,192 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bbdc5cb2f2f92fd610de7331d748193a\System.Web.Entity.ni.dll

+ 2008-11-27 08:35:04 2,400,256 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6a20b64ad8e2aaa2f40d67ff01fcc708\System.Web.Extensions.ni.dll

+ 2008-11-27 08:35:12 858,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f288f2cb75465c0f45154079365af9e8\System.Web.Extensions.Design.ni.dll

+ 2008-11-27 08:35:15 2,209,280 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\e5995a34d44ad5af7d9f335075bded4d\System.Web.Mobile.ni.dll

+ 2008-11-27 08:35:16 202,240 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\70764208219715962d310336b5959dfa\System.Web.RegularExpressions.ni.dll

+ 2008-11-27 08:35:01 129,536 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\18e1acd6761195389db42bab83169fd2\System.Web.Routing.ni.dll

+ 2008-11-27 08:35:19 1,840,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1dad08772eb89d48a8a0cfe9b0467eb0\System.Web.Services.ni.dll

+ 2008-11-27 08:34:58 11,791,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll

+ 2008-11-27 08:19:18 12,428,800 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll

+ 2008-11-27 08:35:20 37,888 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\b5a285233229bb4f9d9831ebf27fe9ac\System.Windows.Presentation.ni.dll

+ 2008-11-27 08:35:25 2,989,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\d6cc33db5d526553ffbbfd1d372a8493\System.Workflow.Activities.ni.dll

+ 2008-11-27 08:35:32 4,510,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9de33f5786cd15e220f47b916c5a15e9\System.Workflow.ComponentModel.ni.dll

+ 2008-11-27 08:35:36 1,904,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6d0966370023925610756f368140b947\System.Workflow.Runtime.ni.dll

+ 2008-11-27 08:35:40 1,355,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\43911ac4e29949c57560eee5cb7b76c2\System.WorkflowServices.ni.dll

+ 2008-11-27 08:35:41 400,896 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\8c0d96269480bdd3de8a825f0215308d\System.Xml.Linq.ni.dll

+ 2008-11-27 08:19:29 5,449,728 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll

+ 2008-11-27 08:16:53 7,867,392 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll

+ 2008-11-27 08:19:31 447,488 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\d255ab525d10d8fefe5df9ba092b2df8\UIAutomationClient.ni.dll

+ 2008-11-27 08:19:34 1,049,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\8698f073a59ef0db10a3258b1f1deaee\UIAutomationClientsideProviders.ni.dll

+ 2008-11-27 08:19:35 60,928 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\8f5c0e1b77c840d99a68897898317b79\UIAutomationProvider.ni.dll

+ 2008-11-27 08:19:36 187,904 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\dbb2fcd246efaf3df823410597cd1677\UIAutomationTypes.ni.dll

+ 2008-11-27 08:17:02 3,311,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\df20e56b59b1b1a595af305ddc0777ba\WindowsBase.ni.dll

+ 2008-11-27 08:19:39 239,616 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a18dff8832712a0f6cccaaefbcc45861\WindowsFormsIntegration.ni.dll

+ 2008-11-27 08:32:48 321,024 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\7d2a3adbdcb675f872eb2dbf21f73596\WsatConfig.ni.exe

+ 2008-07-06 12:06:10 89,088 ------w c:\windows\Driver Cache\i386\filterpipelineprintproc.dll

+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys

+ 2008-07-06 12:06:10 765,440 ------w c:\windows\Driver Cache\i386\mxdwdrv.dll

+ 2008-07-06 12:06:10 198,656 ------w c:\windows\Driver Cache\i386\mxdwdui.dll

+ 2008-07-06 12:06:10 373,248 ------w c:\windows\Driver Cache\i386\unidrv.dll

+ 2008-07-06 12:06:10 744,960 ------w c:\windows\Driver Cache\i386\unidrvui.dll

+ 2008-03-13 04:52:36 761,344 ------w c:\windows\Driver Cache\i386\unires.dll

+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll

+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll

+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll

+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll

+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll

+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe

+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll

+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll

+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll

+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll

+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll

+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll

+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll

+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll

+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe

+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe

+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll

+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll

+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll

+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll

+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll

+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll

+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll

+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll

+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll

+ 200

Edited by Mr Brightside

Share this post


Link to post
Share on other sites

+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll

+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll

+ 2008-11-23 13:41:50 86,746 ----a-r c:\windows\Installer\{184E7118-0295-43C4-B72C-1D54AA75AAF7}\wlmail.exe

+ 2008-11-24 03:01:43 123,008 ----a-r c:\windows\Installer\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}\WLXPhotoGalleryIcon.exe

+ 2008-11-23 23:15:21 29,926 ----a-r c:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe

- 2008-10-17 02:01:59 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-12-14 20:54:25 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

- 2008-10-17 02:02:00 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-12-14 20:54:26 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

- 2008-10-17 02:01:59 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2008-12-14 20:54:25 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

- 2008-10-17 02:01:59 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2008-12-14 20:54:25 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2008-10-17 02:02:00 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

+ 2008-12-14 20:54:26 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2008-10-17 02:02:00 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

+ 2008-12-14 20:54:26 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-10-17 02:02:00 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-12-14 20:54:26 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2008-10-17 02:01:59 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-12-14 20:54:25 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

- 2008-10-17 02:02:00 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-12-14 20:54:26 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2008-10-17 02:02:00 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-12-14 20:54:26 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2008-10-17 02:02:00 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-12-14 20:54:26 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2008-10-17 02:01:59 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-12-14 20:54:25 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-11-23 12:46:51 86,746 ----a-r c:\windows\Installer\{DFD6935E-D94A-4DBE-AD8F-E37CBC6B577F}\wlmail.exe

- 2007-10-24 01:47:38 82,944 -c--a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe

+ 2008-07-25 11:16:58 82,944 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe

- 2007-10-24 01:47:38 16,896 -c--a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll

+ 2008-07-25 11:16:58 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll

- 2007-10-24 01:47:40 16,896 -c--a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll

+ 2008-07-25 11:17:02 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll

- 2007-10-24 01:47:42 16,896 -c--a-w c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll

+ 2008-07-25 11:17:02 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll

- 2007-10-24 01:47:40 16,896 -c--a-w c:\windows\Microsoft.NET\Framework\SharedReg12.dll

+ 2008-07-25 11:17:02 16,896 ----a-w c:\windows\Microsoft.NET\Framework\SharedReg12.dll

- 2007-10-24 01:47:38 97,280 -c--a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll

+ 2008-07-25 11:16:58 96,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll

- 2007-10-24 01:47:26 28,672 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll

+ 2008-07-25 11:16:42 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll

- 2007-10-24 01:47:30 145,408 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll

+ 2008-07-25 11:16:48 145,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll

- 2007-10-24 01:47:32 13,824 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll

+ 2008-07-25 11:16:50 13,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll

- 2007-10-24 01:47:48 193,016 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll

+ 2008-07-25 11:17:10 193,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll

- 2007-10-24 01:47:20 218,112 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll

+ 2008-07-25 11:16:36 218,112 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll

- 2007-10-24 01:47:40 10,752 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll

+ 2008-07-25 11:17:00 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll

- 2007-10-24 01:47:42 147,968 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll

+ 2008-07-25 11:17:02 147,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll

- 2007-10-24 01:47:26 99,320 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll

+ 2008-07-25 11:16:44 98,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll

- 2007-10-24 01:47:42 59,392 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

+ 2008-07-25 11:17:02 58,880 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

- 2007-10-24 01:47:22 36,864 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe

+ 2008-07-25 11:16:40 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe

- 2007-10-24 01:47:22 22,024 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll

+ 2008-07-25 11:16:40 22,024 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll

- 2007-10-24 01:47:22 17,928 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

+ 2008-07-25 11:16:40 17,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

- 2007-10-24 01:47:22 33,288 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll

+ 2008-07-25 11:16:40 33,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll

- 2007-10-24 01:47:22 84,480 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

+ 2008-07-25 11:16:38 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

- 2007-10-24 01:47:22 24,576 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe

+ 2008-07-25 11:16:40 24,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe

- 2007-10-24 01:47:22 32,776 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe

+ 2008-07-25 11:16:40 33,288 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe

- 2007-10-24 01:47:22 106,496 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe

+ 2008-07-25 11:16:40 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe

- 2007-10-24 01:47:22 33,800 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

+ 2008-07-25 11:16:40 34,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

- 2007-10-24 01:47:22 33,280 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2008-07-25 11:16:40 33,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

- 2007-10-24 01:47:22 507,904 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll

+ 2008-07-25 11:16:40 507,904 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll

- 2007-10-24 01:47:40 106,496 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

+ 2008-07-25 11:17:00 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

- 2007-10-24 01:47:40 101,896 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll

+ 2008-07-25 11:17:00 89,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll

- 2007-10-24 01:47:30 80,376 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe

+ 2008-07-25 11:16:50 80,376 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe

- 2007-10-24 01:47:30 1,162,744 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll

+ 2008-07-25 11:16:50 1,163,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll

- 2007-10-24 01:47:30 13,312 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll

+ 2008-07-25 11:16:50 13,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll

- 2007-10-24 01:47:42 27,136 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll

+ 2008-07-25 11:17:02 27,136 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll

- 2007-10-24 01:47:40 69,120 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll

+ 2008-07-25 11:17:00 69,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll

- 2007-10-24 01:47:30 35,320 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

+ 2008-07-25 11:16:50 35,320 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

- 2007-10-24 01:47:28 66,552 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll

+ 2008-07-25 11:16:46 62,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll

- 2007-10-24 01:47:28 5,120 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

+ 2008-07-25 11:16:46 5,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

- 2007-10-24 01:47:54 572,936 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll

+ 2008-07-25 11:17:16 575,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll

- 2007-10-24 01:47:40 798,224 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

+ 2008-07-25 11:17:00 798,224 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

- 2007-10-24 01:47:36 18,936 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll

+ 2008-07-25 11:16:58 18,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll

- 2007-10-24 01:47:40 9,728 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

+ 2008-07-25 11:17:00 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

- 2007-10-24 01:47:40 8,192 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll

+ 2008-07-25 11:17:02 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll

- 2007-10-24 01:47:40 77,824 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll

+ 2008-07-25 11:17:00 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll

- 2007-10-24 01:47:40 6,656 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll

+ 2008-07-25 11:17:00 6,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll

- 2007-10-24 01:47:40 230,904 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe

+ 2008-07-25 11:17:00 230,904 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe

- 2007-10-24 01:47:40 28,672 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

+ 2008-07-25 11:17:00 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

- 2007-10-24 01:47:40 65,032 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll

+ 2008-07-25 11:17:00 65,032 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll

- 2007-10-24 01:47:40 72,192 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll

+ 2008-07-25 11:17:00 72,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll

- 2007-10-24 01:47:34 40,960 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe

+ 2008-07-25 11:16:54 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe

- 2007-10-24 01:47:36 348,160 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll

+ 2008-07-25 11:16:56 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll

- 2007-10-24 01:47:36 36,864 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll

+ 2008-07-25 11:16:56 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll

- 2007-10-24 01:47:36 655,360 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll

+ 2008-07-25 11:16:56 655,360 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll

- 2007-10-24 01:47:36 77,824 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll

+ 2008-07-25 11:16:56 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll

- 2007-10-24 01:47:34 749,568 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll

+ 2008-07-25 11:16:54 749,568 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll

- 2007-10-24 01:47:52 110,592 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2008-07-25 11:17:14 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll

- 2007-10-24 01:47:52 372,736 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll

+ 2008-07-25 11:17:14 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll

- 2007-10-24 01:47:50 671,744 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll

+ 2008-07-25 11:17:12 659,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll

- 2007-10-24 01:47:20 28,672 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll

+ 2008-07-25 11:16:38 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll

- 2007-10-24 01:47:52 5,632 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll

+ 2008-07-25 11:17:16 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll

- 2007-10-24 01:47:20 32,768 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll

+ 2008-07-25 11:16:38 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll

- 2007-10-24 01:47:20 12,800 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2008-07-25 11:16:38 12,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2007-10-24 01:47:20 7,168 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll

+ 2008-07-25 11:16:38 7,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll

- 2007-10-24 01:47:22 97,792 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll

+ 2008-07-25 11:16:40 97,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll

- 2007-10-24 01:47:36 69,632 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

+ 2008-07-25 11:16:56 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

- 2007-10-24 01:47:40 822,280 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2008-07-25 11:17:02 998,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

- 2007-10-24 01:47:40 83,456 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll

+ 2008-07-25 11:17:00 83,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll

- 2007-10-24 01:47:40 308,224 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll

+ 2008-07-25 11:17:00 308,224 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll

- 2007-10-24 01:47:40 47,104 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll

+ 2008-07-25 11:17:00 46,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll

- 2007-10-24 01:47:40 348,672 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

+ 2008-07-25 11:17:00 367,104 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

- 2007-10-24 01:47:40 94,208 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll

+ 2008-07-25 11:17:00 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll

- 2007-10-24 01:47:40 4,444,160 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2008-07-25 11:17:00 4,546,560 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

- 2007-10-24 01:47:40 114,688 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll

+ 2008-07-25 11:17:00 114,176 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll

- 2007-10-24 01:47:44 340,992 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

+ 2008-07-25 11:17:04 345,600 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

- 2007-10-24 01:47:40 77,312 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll

+ 2008-07-25 11:17:00 77,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll

- 2007-10-24 01:47:36 18,944 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll

+ 2008-07-25 11:16:58 18,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll

- 2007-10-24 01:47:40 242,688 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll

+ 2008-07-25 11:17:02 230,912 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll

- 2007-10-24 01:47:40 70,144 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

+ 2008-07-25 11:17:02 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

- 2007-10-24 01:47:40 19,456 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll

+ 2008-07-25 11:17:02 19,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll

- 2007-10-24 01:47:36 5,814,784 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2008-07-25 11:16:58 5,815,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

- 2007-10-24 01:47:44 31,744 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll

+ 2008-07-25 11:17:04 31,744 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll

- 2007-10-24 01:47:40 101,880 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe

+ 2008-07-25 11:17:02 100,856 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe

- 2007-10-24 01:47:40 24,584 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll

+ 2008-07-25 11:17:02 24,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll

- 2007-10-24 01:47:40 89,096 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll

+ 2008-07-25 11:17:02 88,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll

- 2007-10-24 01:47:36 144,896 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll

+ 2008-07-25 11:16:58 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll

- 2007-10-24 01:47:40 53,248 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

+ 2008-07-25 11:17:00 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

- 2007-10-24 01:47:40 32,768 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

+ 2008-07-25 11:17:00 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

- 2007-10-24 01:47:46 61,952 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe

+ 2008-07-25 11:17:06 61,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe

- 2007-10-24 01:47:42 16,896 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll

+ 2008-07-25 11:17:02 16,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll

- 2007-10-24 01:47:40 119,296 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll

+ 2008-07-25 11:17:00 118,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll

- 2007-10-24 01:47:44 95,232 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll

+ 2008-07-25 11:17:04 95,232 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll

- 2007-10-24 01:47:40 392,696 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2008-07-25 11:17:02 392,184 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

- 2007-10-24 01:47:40 110,592 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll

+ 2008-07-25 11:17:02 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll

- 2007-10-24 01:47:42 425,984 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll

+ 2008-07-25 11:17:02 425,984 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll

- 2007-10-24 01:47:40 81,920 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll

+ 2008-07-25 11:17:00 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll

- 2007-10-24 01:47:40 3,036,160 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll

+ 2008-07-25 11:17:00 2,933,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll

- 2007-10-24 01:47:40 483,840 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll

+ 2008-07-25 11:17:02 486,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll

- 2007-10-24 01:47:40 741,376 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll

+ 2008-07-25 11:17:02 745,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll

- 2007-10-24 01:47:28 933,888 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll

+ 2008-07-25 11:16:46 970,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll

- 2007-10-24 01:47:40 5,070,848 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll

+ 2008-07-25 11:17:00 5,062,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll

- 2007-10-24 01:47:40 401,408 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll

+ 2008-07-25 11:17:00 401,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll

- 2007-10-24 01:47:40 188,416 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll

+ 2008-07-25 11:17:02 188,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll

- 2007-10-24 01:47:40 3,076,096 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2008-07-25 11:17:00 3,149,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

- 2007-10-24 01:47:40 81,920 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll

+ 2008-07-25 11:17:00 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll

- 2007-10-24 01:47:40 630,784 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

+ 2008-07-25 11:17:00 626,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

- 2007-10-24 01:47:40 258,048 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll

+ 2008-07-25 11:17:02 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll

- 2007-10-24 01:47:40 57,392 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll

+ 2008-07-25 11:17:02 57,392 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll

- 2007-10-24 01:47:40 113,664 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll

+ 2008-07-25 11:17:02 113,664 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll

- 2007-10-24 01:47:40 372,736 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll

+ 2008-07-25 11:17:00 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll

- 2007-10-24 01:47:40 258,048 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll

+ 2008-07-25 11:17:00 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll

- 2007-10-24 01:47:40 299,008 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll

+ 2008-07-25 11:17:00 303,104 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll

- 2007-10-24 01:47:40 131,072 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll

+ 2008-07-25 11:17:00 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll

- 2007-10-24 01:47:40 258,048 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll

+ 2008-07-25 11:17:00 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll

- 2007-10-24 01:47:40 114,688 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll

+ 2008-07-25 11:17:00 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll

- 2007-10-24 01:47:40 261,120 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll

+ 2008-07-25 11:17:02 261,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll

- 2007-10-24 01:47:40 5,431,296 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2008-07-25 11:17:00 5,238,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

- 2007-10-24 01:47:40 884,736 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll

+ 2008-07-25 11:17:02 835,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll

- 2007-10-24 01:47:40 90,112 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll

+ 2008-07-25 11:17:02 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll

- 2007-10-24 01:47:40 839,680 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll

+ 2008-07-25 11:17:00 839,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll

- 2007-10-24 01:47:40 5,013,504 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

+ 2008-07-25 11:17:00 5,025,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

- 2007-10-24 01:47:40 2,068,480 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll

+ 2008-07-25 11:17:00 2,048,000 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll

- 2007-10-24 01:47:40 81,400 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL

+ 2008-07-25 11:17:02 81,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL

- 2007-10-24 01:47:48 1,172,472 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

+ 2008-07-25 11:17:10 1,172,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

- 2007-10-24 01:47:20 1,344,000 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll

+ 2008-07-25 11:16:38 1,344,000 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll

- 2007-10-24 01:47:22 434,688 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2008-07-25 11:16:40 438,272 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll

- 2007-10-24 01:47:40 37,896 -c--a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll

+ 2008-07-25 11:17:02 37,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll

+ 2008-07-29 19:16:38 168,968 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe

+ 2008-07-29 19:24:50 881,664 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

+ 2008-07-29 19:16:38 397,312 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll

+ 2008-07-29 19:16:38 163,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll

+ 2008-07-29 19:16:38 11,280 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

+ 2008-07-29 19:16:38 156,688 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe

+ 2008-07-29 19:16:38 20,504 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll

+ 2008-07-29 19:16:38 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll

+ 2008-07-29 19:16:38 132,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

+ 2008-07-29 19:16:38 966,656 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll

+ 2008-07-29 19:16:38 5,931,008 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll

+ 2008-07-29 19:16:38 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll

+ 2008-07-29 19:16:38 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll

+ 2008-07-29 19:16:38 152,576 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe

+ 2008-07-29 19:32:52 17,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe

+ 2008-07-29 21:10:04 806,928 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll

+ 2008-07-29 21:10:04 4,883,464 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll

+ 2008-07-29 21:10:04 2,637,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll

+ 2008-07-29 21:10:04 71,160 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll

+ 2008-07-29 19:59:58 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll

+ 2008-07-29 21:10:04 46,104 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

+ 2008-07-29 19:59:58 132,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll

+ 2008-07-29 20:35:46 864,256 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll

+ 2008-07-29 19:59:58 1,738,760 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll

+ 2008-07-29 23:40:48 168,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll

+ 2008-07-29 23:40:48 233,976 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll

+ 2008-07-29 23:40:48 41,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe

+ 2008-07-29 23:40:48 41,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe

+ 2008-07-29 23:40:48 41,984 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe

+ 2008-07-29 23:40:48 1,548,280 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\csc.exe

+ 2008-07-29 23:40:48 78,856 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe

+ 2008-07-29 23:40:48 95,224 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe

+ 2008-07-29 23:15:24 225,490 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat

+ 2008-07-29 18:47:34 97,280 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe

+ 2008-07-29 18:47:34 276,984 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll

+ 2008-07-29 18:47:34 1,064,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll

+ 2008-07-29 18:47:34 177,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll

+ 2008-07-29 18:47:34 269,304 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

+ 2008-07-29 18:47:34 113,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll

+ 2008-07-29 18:47:34 84,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll

+ 2008-07-29 18:47:34 125,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll

+ 2008-07-29 18:47:34 126,464 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll

+ 2008-07-29 18:47:34 130,048 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll

+ 2008-07-29 18:47:34 137,728 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll

+ 2008-07-29 18:47:34 122,368 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll

+ 2008-07-29 18:47:34 133,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll

+ 2008-07-29 18:47:34 111,104 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll

+ 2008-07-29 18:47:34 132,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll

+ 2008-07-29 18:47:34 128,512 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll

+ 2008-07-29 18:47:34 97,792 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll

+ 2008-07-29 18:47:34 94,720 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll

+ 2008-07-29 18:47:34 129,024 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll

+ 2008-07-29 18:47:34 121,856 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll

+ 2008-07-29 18:47:34 128,512 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll

+ 2008-07-29 18:47:34 122,880 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll

+ 2008-07-29 18:47:34 123,904 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll

+ 2008-07-29 18:47:34 121,344 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll

+ 2008-07-29 18:47:34 121,344 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll

+ 2008-07-29 18:47:34 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll

+ 2008-07-29 18:47:34 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll

+ 2008-07-29 18:47:34 131,584 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll

+ 2008-07-29 18:47:34 110,080 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll

+ 2008-07-29 18:47:34 1,364,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll

+ 2008-07-29 18:47:34 1,054,208 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll

+ 2008-07-29 18:47:34 632,320 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll

+ 2008-07-29 18:47:34 413,184 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll

+ 2008-07-29 18:47:34 689,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll

+ 2008-07-29 18:47:34 102,904 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll

+ 2008-07-29 18:47:34 89,592 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll

+ 2008-07-29 18:47:34 108,536 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll

+ 2008-07-29 18:47:34 108,536 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll

+ 2008-07-29 18:47:34 111,608 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll

+ 2008-07-29 18:47:34 113,656 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll

+ 2008-07-29 18:47:34 106,488 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll

+ 2008-07-29 18:47:34 112,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll

+ 2008-07-29 18:47:34 101,368 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll

+ 2008-07-29 18:47:34 111,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll

+ 2008-07-29 18:47:34 110,072 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll

+ 2008-07-29 18:47:34 95,224 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll

+ 2008-07-29 18:47:34 92,664 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll

+ 2008-07-29 18:47:34 108,536 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll

+ 2008-07-29 18:47:34 106,488 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll

+ 2008-07-29 18:47:34 109,048 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll

+ 2008-07-29 18:47:34 107,512 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll

+ 2008-07-29 18:47:34 107,000 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll

+ 2008-07-29 18:47:34 105,976 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll

+ 2008-07-29 18:47:34 106,488 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll

+ 2008-07-29 18:47:34 89,080 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll

+ 2008-07-29 18:47:34 110,072 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll

+ 2008-07-29 18:47:34 111,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll

+ 2008-07-29 18:47:34 107,512 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll

+ 2008-07-29 18:47:34 984,056 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll

+ 2008-07-29 23:40:48 802,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll

+ 2008-07-29 23:40:48 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll

+ 2008-07-29 23:40:48 41,984 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll

+ 2008-07-29 23:40:48 91,136 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe

+ 2008-07-29 23:40:48 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll

+ 2008-07-29 23:40:48 1,720,824 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe

+ 2008-07-29 23:40:48 196,104 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe

+ 2008-07-29 23:40:48 70,648 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

+ 2007-08-09 18:51:36 1,410,560 ----a-w c:\windows\Resources\Themes\Windows XP Vista Home Basic\Shell\Alternat\Shellstyle.dll

+ 2007-08-09 18:51:36 1,410,560 ----a-w c:\windows\Resources\Themes\Windows XP Vista Home Basic\Shell\NormalColor\Shellstyle.dll

+ 2008-11-04 10:15:38 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll

+ 2008-11-04 10:24:12 202,168 ----a-w c:\windows\system32\Adobe\Director\SwDir.dll

+ 2008-11-04 10:16:16 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll

+ 2008-11-04 09:56:40 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll

+ 2008-11-04 10:16:20 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll

+ 2008-11-04 09:41:22 710,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll

+ 2008-11-04 09:41:24 1,145,896 ----a-w c:\windows\system32\Adobe\Shockwave 11\gt.exe

+ 2008-11-04 09:41:22 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll

+ 2008-11-04 09:52:10 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll

+ 2008-11-04 09:41:22 54,656 ----a-w c:\windows\system32\Adobe\Shockwave 11\pccuapi.dll

+ 2008-11-04 10:14:58 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll

+ 2008-11-04 10:16:52 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll

+ 2008-11-04 10:23:52 460,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwHelper_1100470.exe

+ 2008-11-04 10:14:42 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe

+ 2008-11-04 10:14:40 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll

+ 2008-11-04 09:41:22 58,736 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL

+ 1999-06-25 10:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE

- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll

+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll

- 2008-07-18 21:10:48 94,920 ----a-w c:\windows\system32\cdm.dll

+ 2008-10-16 14:09:44 92,696 ----a-w c:\windows\system32\cdm.dll

- 2008-07-11 16:26:51 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-12-07 00:46:26 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2008-07-11 16:26:51 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-12-07 00:46:26 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2008-07-11 16:26:51 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-12-07 00:46:26 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2007-10-24 01:47:28 96,760 -c--a-w c:\windows\system32\dfshim.dll

+ 2008-07-25 11:16:46 96,760 ----a-w c:\windows\system32\dfshim.dll

- 2008-08-26 07:24:28 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll

+ 2008-10-16 20:38:34 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll

+ 2008-04-14 00:11:50 84,992 -c--a-w c:\windows\system32\dllcache\avifil32.dll

+ 2008-04-13 17:03:24 63,488 -c--a-w c:\windows\system32\dllcache\browselc.dll

- 2008-07-18 21:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll

+ 2008-10-16 14:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll

+ 2008-04-14 00:11:51 59,904 -c--a-w c:\windows\system32\dllcache\devenum.dll

+ 2008-04-14 00:11:52 60,928 -c--a-w c:\windows\system32\dllcache\dpnhupnp.dll

- 2008-08-26 07:24:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

+ 2008-10-16 20:38:34 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

- 2008-08-26 07:24:28 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

+ 2008-10-16 20:38:34 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

- 2008-08-26 07:24:28 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll

+ 2008-10-16 20:38:35 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll

+ 2008-04-14 00:11:53 80,384 -c--a-w c:\windows\system32\dllcache\faultrep.dll

+ 2008-10-23 12:36:14 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll

- 2008-08-26 07:24:28 63,488 -c--a-w c:\windows\system32\dllcache\icardie.dll

+ 2008-10-16 20:38:35 63,488 -c--a-w c:\windows\system32\dllcache\icardie.dll

- 2008-08-25 08:37:59 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe

+ 2008-10-16 13:11:09 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe

- 2008-08-26 07:24:28 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll

+ 2008-10-16 20:38:35 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll

- 2008-08-26 07:24:28 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll

+ 2008-10-16 20:38:35 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll

- 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll

+ 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll

- 2008-08-26 07:24:28 383,488 -c--a-w c:\windows\system32\dllcache\ieapfltr.dll

+ 2008-10-16 20:38:35 383,488 -c--a-w c:\windows\system32\dllcache\ieapfltr.dll

- 2008-08-26 07:24:29 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll

+ 2008-10-16 20:38:35 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll

- 2008-10-03 17:41:15 6,066,176 -c--a-w c:\windows\system32\dllcache\ieframe.dll

+ 2008-10-16 20:38:37 6,066,176 -c--a-w c:\windows\system32\dllcache\ieframe.dll

- 2008-08-26 07:24:29 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll

+ 2008-10-16 20:38:37 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll

- 2008-08-26 07:24:29 267,776 -c--a-w c:\windows\system32\dllcache\iertutil.dll

+ 2008-10-16 20:38:37 267,776 -c--a-w c:\windows\system32\dllcache\iertutil.dll

- 2008-08-25 08:38:00 13,824 -c--a-w c:\windows\system32\dllcache\ieudinit.exe

+ 2008-10-16 13:11:09 13,824 -c--a-w c:\windows\system32\dllcache\ieudinit.exe

- 2008-08-23 05:56:15 635,848 -c--a-w c:\windows\system32\dllcache\iexplore.exe

+ 2008-10-15 07:06:26 633,632 -c--a-w c:\windows\system32\dllcache\iexplore.exe

+ 2008-04-13 16:22:12 48,128 -c--a-w c:\windows\system32\dllcache\inetres.dll

- 2008-08-26 07:24:30 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

+ 2008-10-16 20:38:37 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

- 2005-01-28 12:44:28 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe

+ 2008-06-10 05:52:04 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe

- 2008-04-13 19:17:01 456,576 -c--a-w c:\windows\system32\dllcache\mrxsmb.sys

+ 2008-10-24 11:21:09 455,296 -c--a-w c:\windows\system32\dllcache\mrxsmb.sys

- 2008-08-26 07:24:30 459,264 -c--a-w c:\windows\system32\dllcache\msfeeds.dll

+ 2008-10-16 20:38:37 459,264 -c--a-w c:\windows\system32\dllcache\msfeeds.dll

- 2008-08-26 07:24:30 52,224 -c--a-w c:\windows\system32\dllcache\msfeedsbs.dll

+ 2008-10-16 20:38:37 52,224 -c--a-w c:\windows\system32\dllcache\msfeedsbs.dll

+ 2008-04-14 00:11:59 539,136 -c--a-w c:\windows\system32\dllcache\msftedit.dll

- 2008-08-27 08:24:32 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll

+ 2008-10-17 02:08:40 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll

- 2008-08-26 07:24:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

+ 2008-10-16 20:38:38 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

+ 2008-04-14 00:12:00 105,984 -c--a-w c:\windows\system32\dllcache\msoert2.dll

- 2008-08-26 07:24:30 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll

+ 2008-10-16 20:38:38 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll

- 2008-08-26 07:24:30 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll

+ 2008-10-16 20:38:39 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll

+ 2008-09-04 17:15:04 1,106,944 -c----w c:\windows\system32\dllcache\msxml3.dll

- 2008-04-14 00:12:01 1,306,624 -c--a-w c:\windows\system32\dllcache\msxml6.dll

+ 2008-09-10 01:14:56 1,307,648 -c--a-w c:\windows\system32\dllcache\msxml6.dll

- 2008-05-02 21:46:00 6,554,496 -c--a-w c:\windows\system32\dllcache\nv4_mini.sys

+ 2008-05-16 14:01:00 6,557,408 -c--a-w c:\windows\system32\dllcache\nv4_mini.sys

- 2008-08-26 07:24:30 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll

+ 2008-10-16 20:38:39 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll

+ 2008-04-14 00:12:02 84,992 -c--a-w c:\windows\system32\dllcache\olepro32.dll

- 2008-08-26 07:24:30 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

+ 2008-10-16 20:38:39 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

+ 2008-04-14 00:12:03 386,048 -c--a-w c:\windows\system32\dllcache\qdvd.dll

+ 2008-04-14 00:12:03 562,176 -c--a-w c:\windows\system32\dllcache\qedit.dll

+ 2008-04-13 17:03:19 549,376 -c--a-w c:\windows\system32\dllcache\shdoclc.dll

- 2008-04-14 00:12:07 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll

+ 2008-10-03 10:02:42 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll

- 2008-08-26 07:24:30 105,984 -c--a-w c:\windows\system32\dllcache\url.dll

+ 2008-10-16 20:38:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll

- 2008-08-26 07:24:31 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll

+ 2008-10-16 20:38:39 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll

- 2008-08-26 07:24:31 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll

+ 2008-10-16 20:38:39 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll

+ 2008-04-14 00:12:08 589,312 -c--a-w c:\windows\system32\dllcache\wiashext.dll

- 2008-08-26 07:24:31 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll

+ 2008-10-16 20:38:40 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll

- 2005-01-28 12:44:28 1,027,072 -c--a-w c:\windows

Edited by Mr Brightside

Share this post


Link to post
Share on other sites

+ 2008-10-16 14:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll

- 2008-07-18 21:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe

+ 2008-10-16 14:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe

- 2008-07-18 21:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll

+ 2008-10-16 14:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll

- 2008-07-18 21:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll

+ 2008-10-16 14:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll

- 2008-07-18 21:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll

+ 2008-10-16 14:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll

- 2008-07-18 21:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll

+ 2008-10-16 14:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll

+ 2008-04-14 00:12:11 383,488 -c--a-w c:\windows\system32\dllcache\wzcdlg.dll

+ 2008-04-14 00:12:11 338,432 -c--a-w c:\windows\system32\dllcache\zipfldr.dll

+ 2008-04-29 10:19:50 12,960 ----a-w c:\windows\system32\drivers\Awrtpd.sys

+ 2008-04-29 10:19:54 15,648 ----a-w c:\windows\system32\drivers\Awrtrd.sys

- 2008-11-01 19:11:51 79,504 -c--a-w c:\windows\system32\drivers\inspect.sys

+ 2008-11-24 23:14:35 79,504 -c--a-w c:\windows\system32\drivers\inspect.sys

+ 2008-04-29 10:20:00 15,648 ----a-w c:\windows\system32\drivers\NSDriver.sys

- 2008-05-02 21:46:00 6,554,496 -c--a-w c:\windows\system32\drivers\nv4_mini.sys

+ 2008-05-16 14:01:00 6,557,408 ----a-w c:\windows\system32\drivers\nv4_mini.sys

- 2007-03-07 23:51:00 43,528 -c--a-w c:\windows\system32\drivers\pxhelp20.sys

+ 2008-04-07 23:16:45 43,872 ----a-w c:\windows\system32\drivers\pxhelp20.sys

- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll

+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll

- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll

+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll

+ 2008-07-29 21:10:04 73,720 ----a-w c:\windows\system32\dxva2.dll

+ 2008-07-29 21:10:04 493,048 ----a-w c:\windows\system32\evr.dll

- 2008-08-26 07:24:28 133,120 -c--a-w c:\windows\system32\extmgr.dll

+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll

- 2008-10-31 07:11:42 2,509,128 -c--a-w c:\windows\system32\FNTCACHE.DAT

+ 2008-11-29 09:00:24 2,508,920 -c--a-w c:\windows\system32\FNTCACHE.DAT

- 2008-04-14 00:11:54 285,184 ----a-w c:\windows\system32\gdi32.dll

+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\system32\gdi32.dll

+ 1996-04-03 19:33:26 5,248 ----a-w c:\windows\system32\giveio.sys

- 2008-11-01 19:11:49 143,096 ----a-w c:\windows\system32\guard32.dll

+ 2008-12-06 12:03:48 147,192 ----a-w c:\windows\system32\guard32.dll

+ 2008-07-29 19:24:50 622,080 ----a-w c:\windows\system32\icardagt.exe

- 2008-08-26 07:24:28 63,488 -c--a-w c:\windows\system32\icardie.dll

+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll

+ 2008-07-29 19:24:50 11,264 ----a-w c:\windows\system32\icardres.dll

- 2008-08-25 08:37:59 70,656 -c--a-w c:\windows\system32\ie4uinit.exe

+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe

- 2008-08-26 07:24:28 153,088 -c--a-w c:\windows\system32\ieakeng.dll

+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll

- 2008-08-26 07:24:28 230,400 -c--a-w c:\windows\system32\ieaksie.dll

+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll

- 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\ieakui.dll

+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll

- 2008-08-26 07:24:28 383,488 -c--a-w c:\windows\system32\ieapfltr.dll

+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll

- 2008-08-26 07:24:29 384,512 -c--a-w c:\windows\system32\iedkcs32.dll

+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll

- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll

+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll

- 2008-08-26 07:24:29 44,544 -c--a-w c:\windows\system32\iernonce.dll

+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll

- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll

+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll

- 2008-08-25 08:38:00 13,824 -c--a-w c:\windows\system32\ieudinit.exe

+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe

+ 2008-07-29 19:24:50 97,800 ----a-w c:\windows\system32\infocardapi.dll

- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll

+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll

- 2008-05-02 21:46:00 425,984 -c--a-w c:\windows\system32\keystone.exe

+ 2008-05-16 14:01:00 425,984 ----a-w c:\windows\system32\keystone.exe

- 2005-01-28 12:44:28 96,768 -c--a-w c:\windows\system32\logagent.exe

+ 2008-06-10 05:52:04 96,768 ----a-w c:\windows\system32\logagent.exe

+ 2008-05-16 10:58:04 12,632 ----a-w c:\windows\system32\lsdelete.exe

- 2008-10-07 19:19:40 16,721,856 -c--a-w c:\windows\system32\MRT.exe

+ 2008-12-09 23:24:37 17,593,280 -c--a-w c:\windows\system32\MRT.exe

- 2007-10-24 01:47:38 282,112 -c--a-w c:\windows\system32\mscoree.dll

+ 2008-07-25 11:16:58 282,112 ----a-w c:\windows\system32\mscoree.dll

- 2007-10-24 01:47:38 158,720 -c--a-w c:\windows\system32\mscorier.dll

+ 2008-07-25 11:16:58 158,720 ----a-w c:\windows\system32\mscorier.dll

- 2007-10-24 01:47:38 84,480 -c--a-w c:\windows\system32\mscories.dll

+ 2008-07-25 11:16:58 83,968 ----a-w c:\windows\system32\mscories.dll

- 2008-08-26 07:24:30 459,264 -c--a-w c:\windows\system32\msfeeds.dll

+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll

- 2008-08-26 07:24:30 52,224 -c--a-w c:\windows\system32\msfeedsbs.dll

+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll

+ 2008-10-17 02:08:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll

- 2008-08-26 07:24:30 477,696 -c--a-w c:\windows\system32\mshtmled.dll

+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll

- 2008-08-26 07:24:30 193,024 -c--a-w c:\windows\system32\msrating.dll

+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll

- 2008-08-26 07:24:30 671,232 -c--a-w c:\windows\system32\mstime.dll

+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll

- 2008-04-14 00:12:01 1,104,896 ----a-w c:\windows\system32\msxml3.dll

+ 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\system32\msxml3.dll

- 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\system32\msxml6.dll

+ 2008-09-10 01:14:56 1,307,648 -c----w c:\windows\system32\msxml6.dll

- 2008-07-18 21:07:34 270,880 ----a-w c:\windows\system32\mucltui.dll

+ 2008-10-16 14:06:48 268,648 ----a-w c:\windows\system32\mucltui.dll

- 2007-10-24 01:47:44 15,360 -c--a-w c:\windows\system32\mui\0409\mscorees.dll

+ 2008-07-25 11:17:04 15,360 ----a-w c:\windows\system32\mui\0409\mscorees.dll

- 2008-07-18 21:07:32 210,976 ----a-w c:\windows\system32\muweb.dll

+ 2008-10-16 14:06:48 208,744 ----a-w c:\windows\system32\muweb.dll

- 2008-05-02 21:46:00 6,108,160 ----a-w c:\windows\system32\nv4_disp.dll

+ 2008-05-16 14:01:00 6,108,928 ----a-w c:\windows\system32\nv4_disp.dll

- 2008-05-02 21:46:00 425,984 ----a-w c:\windows\system32\nvapi.dll

+ 2008-05-16 14:01:00 425,984 ----a-w c:\windows\system32\nvapi.dll

- 2008-05-02 21:46:00 442,368 -c--a-w c:\windows\system32\nvappbar.exe

+ 2008-05-16 14:01:00 442,368 ----a-w c:\windows\system32\nvappbar.exe

- 2008-05-02 21:46:00 41,984 -c--a-w c:\windows\system32\nvcod.dll

+ 2008-05-16 14:01:00 114,688 ----a-w c:\windows\system32\nvcod.dll

- 2008-05-02 21:46:00 41,984 -c--a-w c:\windows\system32\nvcodins.dll

+ 2008-05-16 14:01:00 114,688 ----a-w c:\windows\system32\nvcodins.dll

- 2008-05-02 21:46:00 147,456 -c--a-w c:\windows\system32\nvcolor.exe

+ 2008-05-16 14:01:00 147,456 ----a-w c:\windows\system32\nvcolor.exe

- 2008-05-02 21:46:00 13,529,088 ----a-w c:\windows\system32\nvcpl.dll

+ 2008-05-16 14:01:00 13,529,088 ----a-w c:\windows\system32\nvcpl.dll

- 2008-05-02 21:46:00 768,544 -c--a-w c:\windows\system32\nvcplui.exe

+ 2008-05-16 14:01:00 768,544 ----a-w c:\windows\system32\nvcplui.exe

- 2008-05-02 21:46:00 1,241,088 -c--a-w c:\windows\system32\nvcuda.dll

+ 2008-05-16 14:01:00 1,241,088 ----a-w c:\windows\system32\nvcuda.dll

- 2008-05-02 21:46:00 6,582,272 -c--a-w c:\windows\system32\nvdisps.dll

+ 2008-05-16 14:01:00 6,582,272 ----a-w c:\windows\system32\nvdisps.dll

- 2008-05-02 21:46:00 1,339,392 -c--a-w c:\windows\system32\nvdspsch.exe

+ 2008-05-16 14:01:00 1,339,392 ----a-w c:\windows\system32\nvdspsch.exe

- 2008-05-02 21:46:00 313,888 -c--a-w c:\windows\system32\nvexpbar.dll

+ 2008-05-16 14:01:00 313,888 ----a-w c:\windows\system32\nvexpbar.dll

- 2008-05-02 21:46:00 3,391,488 -c--a-w c:\windows\system32\nvgames.dll

+ 2008-05-16 14:01:00 3,391,488 ----a-w c:\windows\system32\nvgames.dll

- 2008-05-02 21:46:00 1,486,848 -c--a-w c:\windows\system32\nview.dll

+ 2008-05-16 14:01:00 1,486,848 ----a-w c:\windows\system32\nview.dll

- 2008-05-02 21:46:00 229,376 -c--a-w c:\windows\system32\nvmccs.dll

+ 2008-05-16 14:01:00 229,376 ----a-w c:\windows\system32\nvmccs.dll

- 2008-05-02 21:46:00 45,056 -c--a-w c:\windows\system32\nvmccsrs.dll

+ 2008-05-16 14:01:00 45,056 ----a-w c:\windows\system32\nvmccsrs.dll

- 2008-05-02 21:46:00 188,416 -c--a-w c:\windows\system32\nvmccss.dll

+ 2008-05-16 14:01:00 188,416 ----a-w c:\windows\system32\nvmccss.dll

- 2008-05-02 21:46:00 86,016 -c--a-w c:\windows\system32\nvmctray.dll

+ 2008-05-16 14:01:00 86,016 ----a-w c:\windows\system32\nvmctray.dll

- 2008-05-02 21:46:00 1,257,472 -c--a-w c:\windows\system32\nvmobls.dll

+ 2008-05-16 14:01:00 1,257,472 ----a-w c:\windows\system32\nvmobls.dll

- 2008-05-02 21:46:00 286,720 -c--a-w c:\windows\system32\nvnt4cpl.dll

+ 2008-05-16 14:01:00 286,720 ----a-w c:\windows\system32\nvnt4cpl.dll

- 2008-05-02 21:46:00 8,769,536 -c--a-w c:\windows\system32\nvoglnt.dll

+ 2008-05-16 14:01:00 8,769,536 ----a-w c:\windows\system32\nvoglnt.dll

- 2008-05-02 21:46:00 466,944 ----a-w c:\windows\system32\nvshell.dll

+ 2008-05-16 14:01:00 466,944 ----a-w c:\windows\system32\nvshell.dll

- 2008-05-02 21:46:00 159,812 ----a-w c:\windows\system32\nvsvc32.exe

+ 2008-05-16 14:01:00 159,812 ----a-w c:\windows\system32\nvsvc32.exe

- 2008-05-02 21:46:00 442,368 -c--a-w c:\windows\system32\nvudisp.exe

+ 2008-05-16 14:01:00 446,464 -c--a-w c:\windows\system32\nvudisp.exe

- 2008-04-30 16:27:42 442,368 -c--a-w c:\windows\system32\NVUNINST.EXE

+ 2008-05-16 11:48:14 446,464 -c--a-w c:\windows\system32\NVUNINST.EXE

- 2008-05-02 21:46:00 3,776,512 -c--a-w c:\windows\system32\nvvitvs.dll

+ 2008-05-16 14:01:00 3,776,512 ----a-w c:\windows\system32\nvvitvs.dll

- 2008-05-02 21:46:00 81,920 -c--a-w c:\windows\system32\nvwddi.dll

+ 2008-05-16 14:01:00 81,920 ----a-w c:\windows\system32\nvwddi.dll

- 2008-05-02 21:46:00 1,703,936 -c--a-w c:\windows\system32\nvwdmcpl.dll

+ 2008-05-16 14:01:00 1,703,936 ----a-w c:\windows\system32\nvwdmcpl.dll

- 2008-05-02 21:46:00 1,019,904 -c--a-w c:\windows\system32\nvwimg.dll

+ 2008-05-16 14:01:00 1,019,904 ----a-w c:\windows\system32\nvwimg.dll

- 2008-05-02 21:46:00 2,629,632 -c--a-w c:\windows\system32\nvwss.dll

+ 2008-05-16 14:01:00 2,629,632 ----a-w c:\windows\system32\nvwss.dll

- 2008-05-02 21:46:00 1,630,208 -c--a-w c:\windows\system32\nwiz.exe

+ 2008-05-16 14:01:00 1,630,208 ----a-w c:\windows\system32\nwiz.exe

- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll

+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll

- 2008-10-31 07:15:45 65,160 ----a-w c:\windows\system32\perfc009.dat

+ 2008-11-27 01:07:09 72,576 -c--a-w c:\windows\system32\perfc009.dat

- 2008-10-31 07:15:45 410,882 ----a-w c:\windows\system32\perfh009.dat

+ 2008-11-27 01:07:09 445,370 -c--a-w c:\windows\system32\perfh009.dat

- 2008-08-26 07:24:30 44,544 -c--a-w c:\windows\system32\pngfilt.dll

+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll

- 2008-11-09 15:57:28 111,928 -c--a-w c:\windows\system32\PnkBstrB.exe

+ 2008-12-15 18:58:18 111,928 -c--a-w c:\windows\system32\PnkBstrB.exe

+ 2008-07-29 19:59:58 105,016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

+ 2008-07-29 20:35:46 326,160 ----a-w c:\windows\system32\PresentationHost.exe

+ 2008-07-29 19:59:58 43,544 ----a-w c:\windows\system32\PresentationHostProxy.dll

+ 2008-07-29 19:59:58 781,344 ----a-w c:\windows\system32\PresentationNative_v0300.dll

- 2007-10-20 00:56:10 551,672 -c--a-w c:\windows\system32\px.dll

+ 2008-04-07 23:16:45 588,272 -c----w c:\windows\system32\px.dll

- 2007-10-20 00:56:10 518,904 -c--a-w c:\windows\system32\pxdrv.dll

+ 2008-04-07 23:16:45 543,216 -c----w c:\windows\system32\pxdrv.dll

- 2007-10-20 00:56:12 72,440 -c--a-w c:\windows\system32\pxhpinst.exe

+ 2008-04-07 23:16:45 72,176 -c----w c:\windows\system32\pxhpinst.exe

- 2007-10-20 00:56:12 187,128 -c--a-w c:\windows\system32\pxmas.dll

+ 2008-04-07 23:16:45 186,864 -c----w c:\windows\system32\pxmas.dll

- 2007-10-20 00:56:12 379,640 -c--a-w c:\windows\system32\pxwave.dll

+ 2008-04-07 23:16:45 379,376 -c----w c:\windows\system32\pxwave.dll

+ 2008-05-02 21:46:00 6,108,160 ----a-w c:\windows\system32\ReinstallBackups\0022\DriverFiles\nv4_disp.dll

+ 2008-05-02 21:46:00 6,554,496 ----a-w c:\windows\system32\ReinstallBackups\0022\DriverFiles\nv4_mini.sys

+ 2008-05-02 21:46:00 425,984 ----a-w c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvapi.dll

+ 2008-05-02 21:46:00 41,984 ----a-w c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvcod.dll

+ 2008-05-02 21:46:00 13,529,088 ----a-w c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvcpl.dll

+ 2008-05-02 21:46:00 1,241,088 ----a-w c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvcuda.dll

+ 2008-05-02 21:46:00 6,582,272 ----a-w c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvdisps.dll

+ 2008-05-02 21:46:00 3,391,488 ----a-w c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvgames.dll

+ 2008-05-02 21:46:00 229,376 ----a-w c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvmccs.dll

+ 2008-05-02 21:46:00 188,416 ----a-w c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvmccss.dll

+ 2008-05-02 21:46:00 86,016 ----a-w c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvmctray.dll

+ 2008-05-02 21:46:00 1,257,472 ----a-w c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvmobls.dll

+ 2008-05-02 21:46:00 286,720 ----a-w c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvnt4cpl.dll

+ 2008-05-02 21:46:00 8,769,536 ----a-w c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvoglnt.dll

+ 2008-05-02 21:46:00 159,812 ----a-w c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvsvc32.exe

+ 2008-05-02 21:46:00 3,776,512 ----a-w c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvvitvs.dll

+ 2008-05-02 21:46:00 81,920 ----a-w c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvwddi.dll

+ 2008-05-02 21:46:00 2,629,632 ----a-w c:\windows\system32\ReinstallBackups\0022\DriverFiles\nvwss.dll

- 2008-07-25 18:20:17 1,860,488 -c--a-w c:\windows\system32\Restore\rstrlog.dat

+ 2008-12-14 19:30:12 683,472 -c--a-w c:\windows\system32\Restore\rstrlog.dat

+ 2006-08-24 16:15:06 150,808 ----a-w c:\windows\system32\rgb9rast_2.dll

- 2007-01-19 12:53:04 51,056 -c--a-w c:\windows\system32\sirenacm.dll

+ 2007-10-18 11:31:46 51,224 ----a-w c:\windows\system32\sirenacm.dll

+ 2008-10-16 14:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll

+ 2008-10-16 14:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll

+ 2006-09-24 13:28:46 5,248 ----a-w c:\windows\system32\speedfan.sys

- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll

+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll

+ 2008-07-06 12:06:10 765,440 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll

+ 2008-07-06 12:06:10 198,656 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll

+ 2008-07-06 12:06:10 373,248 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll

+ 2008-07-06 12:06:10 744,960 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll

+ 2008-03-13 04:52:36 761,344 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unires.dll

+ 2008-07-06 12:06:10 1,676,288 ----a-w c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll

+ 2008-07-06 12:06:10 89,088 ----a-w c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

+ 2008-07-06 10:50:03 597,504 ------w c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

+ 2008-07-06 12:06:10 147,456 ----a-w c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll

+ 2008-07-06 12:06:10 748,032 ----a-w c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll

+ 2008-07-06 17:36:12 2,936,832 ----a-w c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll

+ 2008-07-06 12:06:10 748,032 ----a-w c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll

+ 2008-07-06 17:36:12 2,936,832 ----a-w c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll

+ 2008-07-06 12:06:10 765,440 ----a-w c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll

+ 2008-07-06 12:06:10 1,676,288 ----a-w c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll

+ 2008-07-06 12:06:10 765,440 ----a-w c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll

+ 2008-07-06 12:06:10 1,676,288 ----a-w c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll

- 2007-08-10 19:46:18 26,488 -c--a-w c:\windows\system32\spupdsvc.exe

+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\system32\spupdsvc.exe

- 2008-04-14 00:12:07 246,814 -c--a-w c:\windows\system32\strmdll.dll

+ 2008-10-03 10:02:42 247,326 ----a-w c:\windows\system32\strmdll.dll

+ 2008-07-29 21:10:04 26,112 ----a-w c:\windows\system32\TsWpfWrp.exe

- 2008-07-11 12:42:28 62,976 -c--a-w c:\windows\system32\tzchange.exe

+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\system32\tzchange.exe

+ 2008-07-29 19:59:58 161,296 ----a-w c:\windows\system32\UIAutomationCore.dll

- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll

+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll

- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll

+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll

- 2007-10-20 00:56:10 88,824 -c--a-w c:\windows\system32\VXBLOCK.dll

+ 2008-04-07 23:16:45 88,560 -c----w c:\windows\system32\VXBLOCK.dll

- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll

+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll

- 2008-04-14 00:12:08 712,704 -c----w c:\windows\system32\windowscodecs.dll

+ 2008-07-11 08:55:42 712,704 ------w c:\windows\system32\windowscodecs.dll

- 2008-04-14 00:12:08 346,112 -c----w c:\windows\system32\windowscodecsext.dll

+ 2008-07-11 08:55:42 347,648 ------w c:\windows\system32\windowscodecsext.dll

- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll

+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll

- 2005-01-28 12:44:28 1,027,072 -c--a-w c:\windows\system32\wmnetmgr.dll

+ 2008-06-10 06:28:36 1,028,096 ----a-w c:\windows\system32\WMNetmgr.dll

- 2006-12-07 05:29:34 2,374,472 -c--a-w c:\windows\system32\wmvcore.dll

+ 2008-06-10 07:07:24 2,376,760 ----a-w c:\windows\system32\WMVCore.dll

- 2008-07-18 21:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll

+ 2008-10-16 14:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll

- 2008-07-18 21:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe

+ 2008-10-16 14:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe

- 2008-07-18 21:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll

+ 2008-10-16 14:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

- 2008-07-18 21:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll

+ 2008-10-16 14:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll

- 2008-07-18 21:10:20 36,552 -c--a-w c:\windows\system32\wups.dll

+ 2008-10-16 14:08:58 34,328 -c--a-w c:\windows\system32\wups.dll

- 2008-07-18 21:10:40 45,768 -c--a-w c:\windows\system32\wups2.dll

+ 2008-10-16 14:09:44 43,544 -c--a-w c:\windows\system32\wups2.dll

- 2008-07-18 21:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll

+ 2008-10-16 14:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll

+ 2008-07-29 21:26:06 301,568 ----a-w c:\windows\system32\XPSViewer\XPSViewer.exe

+ 2008-12-16 18:17:54 16,384 ----atw c:\windows\temp\Perflib_Perfdata_16c.dat

- 2008-02-20 17:02:13 8,192 -c--a-w c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2008-11-27 01:02:38 8,192 ----a-w c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2006-06-05 13:14:28 479,232 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll

+ 2006-06-05 14:14:28 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll

- 2006-06-05 13:14:28 548,864 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll

+ 2006-06-05 14:14:28 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll

- 2006-06-05 13:14:28 626,688 -c--a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll

+ 2006-06-05 14:14:28 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll

+ 2008-07-25 11:17:20 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll

+ 2008-07-25 11:17:20 558,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll

+ 2008-07-25 11:17:20 635,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll

+ 2007-11-06 21:23:56 224,768 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll

+ 2007-11-07 02:19:32 568,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll

+ 2007-11-07 02:19:32 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll

- 2008-02-20 17:02:22 258,048 -c--a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2008-11-27 01:02:51 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2008-02-20 17:02:22 113,664 -c--a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2008-11-27 01:02:51 113,664 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2008-02-01 11:11:10 586,240 ----a-w c:\windows\WLXPGSS.SCR

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Acme.PCHButton"="c:\progra~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe" [2003-10-21 155648]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-12-06 1797880]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]

"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2008-12-06 1797880]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"CTHelper"="CTHELPER.EXE" [2003-05-28 c:\windows\system32\cthelper.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SetDefaultMidi"="MIDIDEF.EXE" [2002-12-03 c:\windows\mididef.exe]

 

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-04-20 2746104]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2007-06-11 16:42 176128 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.MJPG"= pvmjpg21.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]

backup=c:\windows\pss\Adobe Gamma.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin200.exe.lnk]

backup=c:\windows\pss\TrayMin200.exe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

--a------ 2008-08-14 06:58 611712 c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a--c--- 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a--c--- 2006-10-30 08:36 256576 c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]

--a--c--- 2008-02-27 16:56 1032376 c:\program files\Kontiki\KHost.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2008-05-16 14:01 13529088 c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2008-05-16 14:01 86016 c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a--c--- 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a--c--- 2007-11-30 17:03 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

--a--c--- 2008-05-02 04:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-05-16 14:01 1630208 c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"CTHelper"=CTHELPER.EXE

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kontiki\\KService.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-07 97928]

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-01-12 101776]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-01-12 31504]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-07 231704]

S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys []

S3 SSDefrag;SSDefrag;\??\c:\windows\system32\drivers\SSDefrag.sys [2007-11-14 34560]

S4 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []

S4 MioNet;MioNet Service;"c:\program files\MioNet\MioNetManager.exe" -s "c:\program files\MioNet\wrapper.conf" []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a989412-8707-11db-ad69-000ea65e656a}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com k:

\Shell\Open\command - k:\resycled\boot.com k:

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f17fef25-fbdc-11dc-ae83-000ea65e656a}]

\Shell\AutoRun\command - K:\SETUP.EXE

\Shell\configure\command - K:\SETUP.EXE

\Shell\install\command - K:\SETUP.EXE

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

 

2008-12-13 c:\windows\Tasks\Uniblue SpyEraser Nag.job

- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

 

2007-12-19 c:\windows\Tasks\Uniblue SpyEraser.job

- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

 

2008-12-16 c:\windows\Tasks\User_Feed_Synchronization-{DB997C11-DFCE-4FE5-A391-59F852E4FD68}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.blueyonder.co.uk/blueyonder/index.jsp

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.blueyonder.co.uk/blueyonder/index.jsp

mSearch Bar = hxxp://srch-gb10.hpwis.com/

uInternet Connection Wizard,ShellNext = hxxp://gb10.hpwis.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {FF44030B-689E-4427-87CD-4AFF01B4D5AD} = 62.30.112.39,194.117.134.19

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sqy84vg1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll

FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll

FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-16 18:33:14

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(964)

c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\COMODO\Firewall\cmdagent.exe

c:\windows\eHome\ehsched.exe

c:\program files\Kontiki\KService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Windows Media Connect 2\wmccds.exe

c:\program files\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Completion time: 2008-12-16 18:37:55 - machine was rebooted

ComboFix-quarantined-files.txt 2008-12-16 18:37:50

ComboFix2.txt 2008-11-13 18:14:36

ComboFix3.txt 2008-02-06 17:28:30

 

Pre-Run: 24,067,055,616 bytes free

Post-Run: 24,041,046,016 bytes free

 

1388 --- E O F --- 2008-12-14 20:54:30

 

 

Sorry, for some reason it made me do it in 3 posts, even though I was under the word limit for only two

 

Thanks,

 

~Mr Brightside

Edited by Mr Brightside

Share this post


Link to post
Share on other sites

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

 

Filename: CFScript.txt

Save As Type: All Files (*.*)

 


http://forums.pcpitstop.com/index.php?s=&showtopic=163356&view=findpost&p=1552177

Collect::[22]
c:\windows\system32\drivers\xsqatwof.sys
File::
c:\windows\system32\drivers\Ndisprot.sys
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a989412-8707-11db-ad69-000ea65e656a}]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

 

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

 

 

Please note that I have instructed CFScript to collect some files ofr analysis. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send. This will assist the author in adding the files for removal in future updates.

 

Thanks!

Share this post


Link to post
Share on other sites

Here's the new ComboFix log:

ComboFix 08-12-15.08 - Administrator 2008-12-17 22:58:32.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1391 [GMT 0:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

* Created a new restore point

 

FILE ::

c:\windows\system32\drivers\Ndisprot.sys

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\drivers\Ndisprot.sys

c:\windows\system32\drivers\xsqatwof.sys

 

.

((((((((((((((((((((((((( Files Created from 2008-11-17 to 2008-12-17 )))))))))))))))))))))))))))))))

.

 

2008-12-16 21:36 . 2008-12-16 21:36 <DIR> d-------- c:\program files\Webteh

2008-12-16 21:36 . 2008-12-16 21:37 <DIR> d-------- c:\program files\BS.Player ControlBar

2008-12-16 21:36 . 2008-12-16 21:36 <DIR> d-------- c:\documents and settings\Administrator\Application Data\BSplayer Pro

2008-12-16 21:36 . 2008-12-16 21:40 <DIR> d-------- c:\documents and settings\Administrator\Application Data\BSplayer

2008-12-14 17:43 . 2008-12-14 17:43 <DIR> d-------- C:\rsit

2008-12-14 17:35 . 2008-12-14 17:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-14 17:35 . 2008-12-14 17:35 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes

2008-12-13 23:32 . 2008-12-13 23:34 <DIR> d-------- c:\program files\SpeedFan

2008-12-13 23:32 . 2008-12-13 23:32 45 --a------ c:\windows\system32\initdebug.nfo

2008-12-13 22:55 . 2008-12-13 23:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\vlc

2008-12-11 18:40 . 2008-12-11 18:40 <DIR> d-------- c:\program files\Lavasoft

2008-12-11 18:39 . 2008-12-11 18:39 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2008-12-11 18:20 . 2008-12-14 19:48 <DIR> d-------- c:\program files\Trend Micro

2008-12-07 23:35 . 2008-12-07 23:35 21 --a------ c:\windows\Picasa.ini

2008-11-30 00:01 . 2008-11-30 00:01 <DIR> d-------- c:\windows\system32\Adobe

2008-11-27 19:09 . 2008-11-27 19:09 <DIR> d-------- c:\documents and settings\Administrator\AppData

2008-11-27 18:56 . 2008-11-27 18:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Stardock

2008-11-27 01:06 . 2008-11-27 01:06 <DIR> d-------- c:\windows\system32\XPSViewer

2008-11-27 01:06 . 2008-11-27 01:06 <DIR> d-------- c:\program files\Reference Assemblies

2008-11-27 01:05 . 2008-11-27 01:06 <DIR> d-------- C:\fac462f81a38d19e36f46f

2008-11-27 01:05 . 2008-07-06 12:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll

2008-11-27 01:05 . 2008-07-06 12:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll

2008-11-27 01:05 . 2008-07-06 10:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2008-11-27 01:05 . 2008-07-06 12:06 575,488 --------- c:\windows\system32\xpsshhdr.dll

2008-11-27 01:05 . 2008-07-06 12:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll

2008-11-27 01:05 . 2008-07-06 12:06 117,760 --------- c:\windows\system32\prntvpt.dll

2008-11-27 01:05 . 2008-07-06 12:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2008-11-27 00:37 . 2008-11-27 00:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\CenerTCPMessenger

2008-11-27 00:19 . 2008-11-27 00:19 <DIR> d-------- c:\program files\Alky for Applications

2008-11-27 00:19 . 2008-11-27 00:22 1,984,462 --a------ c:\windows\setupapi.log.0.old

2008-11-27 00:18 . 2007-07-28 17:00 16,384 --a------ c:\windows\system32\lcid.exe

2008-11-24 21:09 . 2008-11-24 22:58 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}

2008-11-23 20:33 . 2008-11-23 20:33 <DIR> d-------- c:\windows\system32\IOSUBSYS

2008-11-23 13:42 . 2008-11-23 13:42 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition

2008-11-23 13:31 . 2008-11-24 03:01 <DIR> d-------- c:\program files\Windows Live

2008-11-23 12:50 . 2008-11-23 13:18 <DIR> d-------- c:\documents and settings\Administrator\Tracing

2008-11-23 12:49 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll

2008-11-23 12:44 . 2008-11-23 12:44 <DIR> d-------- c:\program files\Microsoft

2008-11-23 12:40 . 2008-11-23 12:40 <DIR> d-------- c:\program files\Common Files\Windows Live

2008-11-17 20:04 . 2008-11-17 20:04 2,306,113 --a------ c:\windows\system32\GPhotos.scr

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-17 23:02 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki

2008-12-17 07:33 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent

2008-12-16 20:23 139,152 -c--a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-12-15 23:57 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-14 20:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-12-07 12:10 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2008-12-06 12:03 101,776 -c--a-w c:\windows\system32\drivers\cmdGuard.sys

2008-11-30 18:49 --------- d-----w c:\documents and settings\Administrator\Application Data\dvdcss

2008-11-27 01:06 --------- d-----w c:\program files\MSBuild

2008-11-24 23:14 31,504 -c--a-w c:\windows\system32\drivers\cmdhlp.sys

2008-11-23 20:33 --------- d-----w c:\program files\Google

2008-11-23 13:40 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

2008-11-23 13:30 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller

2008-11-23 12:45 --------- d-----w c:\program files\MSN Messenger

2008-11-16 18:51 --------- d-----w c:\program files\Haali

2008-11-15 14:47 --------- d-----w c:\program files\PowerStrip

2008-11-15 13:56 23,600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS

2008-11-13 18:02 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-01 15:17 --------- d-----w c:\program files\Unlocker

2008-10-25 21:52 --------- d-----w c:\program files\Common Files\Adobe

2008-10-25 21:40 --------- d-----w c:\program files\Common Files\Macrovision Shared

2008-10-25 21:13 326 ----a-w c:\windows\system32\drivers\hosts

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-04-14 21:44 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat

2008-02-23 11:44 22,328 -c--a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys

2005-09-28 14:11 32 -c--a-r c:\documents and settings\All Users\hash.dat

2007-08-25 03:52 300,400 -c--a-w c:\program files\mozilla firefox\components\coFFPlgn.dll

2008-07-11 16:26 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071120080712\index.dat

.

 

((((((((((((((((((((((((((((( snapshot_2008-12-16_18.36.44.04 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-12-15 18:58:18 111,928 -c--a-w c:\windows\system32\PnkBstrB.exe

+ 2008-12-16 20:23:13 111,928 -c--a-w c:\windows\system32\PnkBstrB.exe

+ 2008-12-17 23:06:46 16,384 ----atw c:\windows\temp\Perflib_Perfdata_330.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Acme.PCHButton"="c:\progra~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe" [2003-10-21 155648]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-12-06 1797880]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]

"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2008-12-06 1797880]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"CTHelper"="CTHELPER.EXE" [2003-05-28 c:\windows\system32\cthelper.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SetDefaultMidi"="MIDIDEF.EXE" [2002-12-03 c:\windows\mididef.exe]

 

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-04-20 2746104]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2007-06-11 16:42 176128 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.MJPG"= pvmjpg21.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]

backup=c:\windows\pss\Adobe Gamma.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin200.exe.lnk]

backup=c:\windows\pss\TrayMin200.exe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

--a------ 2008-08-14 06:58 611712 c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a--c--- 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a--c--- 2006-10-30 08:36 256576 c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]

--a--c--- 2008-02-27 16:56 1032376 c:\program files\Kontiki\KHost.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2008-05-16 14:01 13529088 c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2008-05-16 14:01 86016 c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a--c--- 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a--c--- 2007-11-30 17:03 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

--a--c--- 2008-05-02 04:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-05-16 14:01 1630208 c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"CTHelper"=CTHELPER.EXE

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kontiki\\KService.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-07-07 97928]

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-01-12 101776]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-01-12 31504]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-07 231704]

S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys []

S3 SSDefrag;SSDefrag;\??\c:\windows\system32\drivers\SSDefrag.sys [2007-11-14 34560]

S4 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []

S4 MioNet;MioNet Service;"c:\program files\MioNet\MioNetManager.exe" -s "c:\program files\MioNet\wrapper.conf" []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f17fef25-fbdc-11dc-ae83-000ea65e656a}]

\Shell\AutoRun\command - K:\SETUP.EXE

\Shell\configure\command - K:\SETUP.EXE

\Shell\install\command - K:\SETUP.EXE

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

 

2008-12-13 c:\windows\Tasks\Uniblue SpyEraser Nag.job

- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

 

2007-12-19 c:\windows\Tasks\Uniblue SpyEraser.job

- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

 

2008-12-17 c:\windows\Tasks\User_Feed_Synchronization-{DB997C11-DFCE-4FE5-A391-59F852E4FD68}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bsplayer-search.com/startpage

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.blueyonder.co.uk/blueyonder/index.jsp

mSearch Bar = hxxp://srch-gb10.hpwis.com/

uInternet Connection Wizard,ShellNext = hxxp://gb10.hpwis.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {FF44030B-689E-4427-87CD-4AFF01B4D5AD} = 62.30.112.39,194.117.134.19

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sqy84vg1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=

FF - prefs.js: browser.search.selectedEngine - BS.Player Search

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll

FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll

FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-17 23:04:53

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(968)

c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\COMODO\Firewall\cmdagent.exe

c:\windows\eHome\ehsched.exe

c:\program files\Kontiki\KService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Windows Media Connect 2\wmccds.exe

c:\program files\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Completion time: 2008-12-17 23:12:51 - machine was rebooted

ComboFix-quarantined-files.txt 2008-12-17 23:12:45

ComboFix2.txt 2008-12-16 18:37:58

ComboFix3.txt 2008-11-13 18:14:36

ComboFix4.txt 2008-02-06 17:28:30

 

Pre-Run: 23,922,503,680 bytes free

Post-Run: 23,904,907,264 bytes free

 

270 --- E O F --- 2008-12-14 20:54:30

 

and here's the new HJT log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:30:30, on 17/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\ehome\ehSched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Kontiki\KService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\ps2.exe

C:\windows\system\hpsysdrv.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/blueyonder/index.jsp

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gb10.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMidi] MIDIDEF.EXE (User 'Default user')

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab

O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} (Bonusprint Image Uploader Version 4.5 Control) - http://webalbum.bonusprint.com/ukipc01/dow...geUploader4.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FF44030B-689E-4427-87CD-4AFF01B4D5AD}: NameServer = 62.30.112.39,194.117.134.19

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 7859 bytes

 

Please note that I have instructed CFScript to collect some files ofr analysis. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send. This will assist the author in adding the files for removal in future updates.

 

Thanks!

 

Sorry, but I didn't see anything about this =( I ran ComboFix like you said, waited until it rebooted and asked me to log in, but then I went and had a shower whilst it "finished up". When I came back down the command prompt had gone and only the log was displayed.

 

~Mr Brightside

Edited by Mr Brightside

Share this post


Link to post
Share on other sites

2006-05-20 14:36:38 AC------ 0 C:\Qoobox\Quarantine\C\WINDOWS\Fonts\Setup.exe.vir

2007-06-16 15:43:29 AC------ 582,144 C:\Qoobox\Quarantine\C\WINDOWS\system32\DAO350.DLL.vir

2008-02-06 22:20:13 AC------ 388,608 C:\Qoobox\Quarantine\C\kmd.exe.vir

2008-11-13 17:54:39 A------- 216 C:\Qoobox\Quarantine\catchme.log

2008-11-13 17:59:52 A------- 8,009 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2008-11-13 18:13:14 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat

2008-11-13 18:13:14 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat

2008-11-13 18:13:14 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat

2008-11-13 18:13:24 A------- 222 C:\Qoobox\Quarantine\Registry_backups\HKU-Default-RunOnce-CMSRegOW.exe.reg.dat

2008-11-13 18:13:42 A------- 584 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Steam.reg.dat

2008-11-13 18:13:42 A------- 648 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SUPERAntiSpyware.reg.dat

2008-12-05 20:35:46 A------- 27,904 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\Ndisprot.sys.vir

2008-12-05 20:35:46 A------- 41,984 C:\Qoobox\Quarantine\C\WINDOWS\system32\msqpdxnvuasrvk.dll.vir

2008-12-14 19:12:38 A------- 61,440 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\xsqatwof.sys.vir

2008-12-17 22:58:24 A------- 21,078 C:\Qoobox\Quarantine\[22]-Submit_2008-12-17@22.58.zip

 

Share this post


Link to post
Share on other sites

Please upload the following file to my submission channel for analysis. Leave a link back to this topic.

 

C:\Qoobox\Quarantine\[22]-Submit_2008-12-17@22.58.zip

 

Thanks!

 

 

Log looks good. Lets get an online scan to see if we've missed anything. Please do an online scan with Kaspersky Online Scanner

 

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

 

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Post the Kaspersky log here.

Share this post


Link to post
Share on other sites

Wow, took a long time lol =) Especially as I had to restart it 3 times because some stupid members of my family don't know what a new tab is.

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Saturday, December 20, 2008

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Friday, December 19, 2008 19:49:21

Records in database: 1488544

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

I:\

J:\

 

Scan statistics:

Files scanned: 168895

Threat name: 1

Infected objects: 1

Suspicious objects: 0

Duration of the scan: 08:53:44

 

 

File name / Threat name / Threats count

D:\System Volume Information\_restore{105D96DC-DFBE-451E-BC78-25868B219AF7}\RP309\A0118190.com Infected: Packed.Win32.Krap.d 1

 

The selected area was scanned.

 

Share this post


Link to post
Share on other sites

The submitted file is fine. Thank you!

 

Lets cleanup now. Now open MBAM and remove any items quarantined. Do the same with your resident antivirus.

 

Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.

Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.

You can delete any other logs that were created/saved too.

Share this post


Link to post
Share on other sites

Okay, I've done all that now, however some time after that I got a warning message from AVG :yucky: with this threat message:

 

File Name: F:\resycled\boot.com

 

Threat Name: Virus Found on Win32/Cryptor

Detected on Open

 

Moved to Vault.

 

I then proceeded to delete the item. Now when I try to access my external hard drive, I obviously get this error message:

 

Windows cannot find 'resycled\boot.com'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

 

(I can still access it by typing 'F:\' or right clicking the f-drive and selecting 'Explore', but it would be nice to sort it properly)

 

Grr.

 

Thanks,

 

Mr Brightside.

Share this post


Link to post
Share on other sites

Highlight and copy the contents of the code box below.

reg delete HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2 /f
exit
cls
Click Start>Run and type cmd then hit enter to open a command window. Right click in the command window and select paste. The command window will close on it's own.

 

Reboot then see if F:\ can be accessed normally.

Share this post


Link to post
Share on other sites

I tried doing that a couple of days after you posted it, with no luck, then New Years got in the way, so sorry for the late reply. Luckily, I tried it again today, and my problem is now fixed! :)

 

Thank you very much Noah, for fixing all my problems. It is mucho appreciated!!

 

:b33r: on me

Edited by Mr Brightside

Share this post


Link to post
Share on other sites

I'm happy to hear that resolved the problem. You're very welcome for the help. :)

 

Happy New Year to you too! Surf safe!!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...