Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Posting a Hijackthis log. Looking for my problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Posting a Hijackthis log. Looking for my problem

Unread postby maypo » April 16th, 2008, 11:59 am

Here are the logs.

ComboFix 08-04-11.1 - Frank May 2008-04-16 10:41:06.3 - NTFSx86
Running from: C:\Documents and Settings\Frank May\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Frank May\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Frank May\Desktop\MyFunCardsSetup2.1.60.1.exe
C:\MyFunCardsSetup2.0.4.21-2.exe
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
C:\Program Files\MSN Messenger\msimg32.dll
C:\Program Files\MSN Messenger\riched20.dll
C:\Program Files\Netscape\Netscape Browser\plugins\NPMyWebS.dll
C:\update.exe
C:\WINDOWS\system32\camoc.6
C:\WINDOWS\system32\drivers\nuipcsnm.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\MyFunCardsSetup2.0.4.21-2.exe
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
C:\Program Files\MSN Messenger\msimg32.dll
C:\Program Files\MSN Messenger\riched20.dll
C:\Program Files\Netscape\Netscape Browser\plugins\NPMyWebS.dll
C:\update.exe
C:\WINDOWS\system32\camoc.6
C:\WINDOWS\system32\drivers\nuipcsnm.dat

.
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.

2008-04-16 10:31 . 2008-04-16 10:31 <DIR> d-------- C:\Documents and Settings\Frank May\Application Data\Sammsoft
2008-04-16 10:30 . 2008-04-16 10:30 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
2008-04-16 10:30 . 2008-04-16 10:30 2,218,368 --a------ C:\AROTrial.exe
2008-04-16 10:23 . 2008-04-16 10:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-16 10:16 . 2008-04-16 10:21 35,960,792 --a------ C:\avg75free_519a1276.exe
2008-04-14 14:57 . 2008-04-14 14:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-14 14:57 . 2008-04-14 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-13 13:41 . 2008-04-13 13:41 61,900 --a------ C:\rockingCat.gif
2008-04-09 19:04 . 2008-04-16 10:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-09 19:04 . 2008-04-09 19:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-09 19:03 . 2008-04-09 19:03 <DIR> d-------- C:\Program Files\iPod
2008-04-09 19:02 . 2008-04-09 19:03 <DIR> d-------- C:\Program Files\iTunes
2008-04-09 18:58 . 2008-04-09 18:58 <DIR> d-------- C:\Program Files\QuickTime
2008-03-29 10:28 . 2008-03-29 10:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-29 10:28 . 2008-03-29 10:28 812,344 --a------ C:\HJTInstall.exe
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 14:14 . 2008-03-28 14:14 51,246 --a------ C:\l_4eb33a4e5d9dc6db4dd5def12b4a68cc.jpg
2008-03-28 14:10 . 2008-03-28 14:10 9,526 --a------ C:\m_fbf6f61602a2fbb73bc48c14b998c278.jpg
2008-03-28 14:00 . 2008-03-28 14:00 23,037 --a------ C:\shaniatwain23_v_e.jpg
2008-03-28 13:55 . 2008-03-28 13:55 24,833 --a------ C:\shaniatwain24_v_e.jpg
2008-03-25 10:11 . 2008-03-25 10:12 1,480,293 --a------ C:\angel189a1.exe
2008-03-24 16:38 . 2008-03-24 16:38 48,644 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-03-19 18:47 . 2008-03-19 18:47 <DIR> d-------- C:\Program Files\Safari
2008-03-17 12:44 . 2008-03-17 12:48 <DIR> d-------- C:\WINDOWS\$regcmp$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 15:41 --------- d-----w C:\Program Files\MSN Messenger
2008-04-16 15:29 --------- d-----w C:\Documents and Settings\Frank May\Application Data\AVG7
2008-04-16 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-16 14:12 --------- d-----w C:\Documents and Settings\Frank May\Application Data\OpenOffice.org2
2008-04-15 20:03 --------- d-----w C:\Program Files\mIRC
2008-04-14 20:32 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-14 19:26 --------- d-----w C:\Program Files\AWS
2008-04-14 19:24 --------- d-----w C:\Program Files\Java
2008-04-11 19:00 --------- d-----w C:\Program Files\BearFlix
2008-04-11 18:54 --------- d-----w C:\Program Files\VS Revo Group
2008-04-11 18:53 1,567,713 ----a-w C:\revosetup.exe
2008-04-01 16:38 --------- d-----w C:\Program Files\BitTorrent
2008-04-01 16:37 --------- d-----w C:\Program Files\BitComet
2008-03-19 23:48 --------- d-----w C:\Documents and Settings\Frank May\Application Data\Apple Computer
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 21:26 --------- d-----w C:\Program Files\RegistryFix
2008-03-12 21:15 1,361,448 ----a-w C:\registryfix.exe
2008-03-12 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-12 21:02 --------- d-----w C:\Program Files\Security Task Manager
2008-03-12 21:01 1,570,920 ----a-w C:\taskmanager17.exe
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-26 16:13 1,479,554 ----a-w C:\angel188b.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-19 22:04 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-18 19:34 --------- d-----w C:\Program Files\DivX
2008-02-18 19:33 6,222,376 ----a-w C:\DivXWebPlayerInstaller.exe
2008-02-13 21:54 7,799,416 ----a-w C:\Windows-KB890830-V1.38.exe
2008-02-10 01:11 59,196,712 ----a-w C:\iTunesSetup.exe
2008-02-09 22:51 1,808,548 ----a-w C:\Docx2Rtf.zip
2008-02-01 01:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-29 17:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2008-01-28 00:09 325,168 ----a-w C:\RealPlayer11GOLD.exe
2006-06-07 13:25 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((( snapshot_2008-04-11_14.21.27.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-07 08:06:27 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-04-12 23:28:33 69,120 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2007-10-07 08:06:36 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-04-12 23:28:39 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2007-10-07 08:06:37 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-04-12 23:28:17 4,444,160 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-10-07 08:06:37 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-04-12 23:28:41 483,840 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-10-07 08:06:32 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-04-12 23:28:25 3,036,160 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2007-10-07 08:06:23 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-04-12 23:28:43 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-10-07 08:06:23 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-04-12 23:28:43 113,664 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2007-10-07 08:06:43 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-04-12 23:28:39 261,120 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2007-10-07 08:06:29 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-04-12 23:28:23 5,431,296 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-10-07 08:06:26 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-04-12 23:28:30 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2007-10-07 08:06:23 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-04-12 23:28:24 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2007-10-07 08:06:24 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-04-12 23:28:32 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2007-10-07 08:06:34 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-04-12 23:28:35 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-10-07 08:06:35 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-04-12 23:28:36 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-10-07 08:06:35 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-04-12 23:28:37 6,656 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2007-10-07 08:06:25 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-04-12 23:28:44 348,160 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2007-10-07 08:06:25 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-04-12 23:28:45 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2007-10-07 08:06:25 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-04-12 23:28:46 655,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2007-10-07 08:06:26 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-04-12 23:28:46 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2007-10-07 08:06:24 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-04-12 23:28:37 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-10-07 08:06:45 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-04-12 23:28:36 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-10-07 08:06:44 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-04-12 23:28:35 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2007-10-07 08:06:21 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-04-12 23:28:41 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2007-10-07 08:06:44 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-04-12 23:28:34 671,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-10-07 08:06:45 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-04-12 23:28:20 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2007-10-07 08:06:22 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-04-12 23:28:43 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-10-07 08:06:21 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-04-12 23:28:34 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2007-10-07 08:06:22 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-04-12 23:28:33 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2007-10-07 08:06:40 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-04-12 23:28:38 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2007-10-07 08:06:27 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-04-12 23:28:38 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2007-10-07 08:06:41 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-04-12 23:28:24 425,984 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2007-10-07 08:06:38 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-04-12 23:28:26 741,376 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2007-10-07 08:06:24 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-04-12 23:28:27 933,888 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2007-10-07 08:06:33 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-04-12 23:28:47 5,070,848 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-10-07 08:06:28 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-04-12 23:28:45 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2007-10-07 08:06:27 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-04-12 23:28:31 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-10-07 08:06:28 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-04-12 23:28:42 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2007-10-07 08:06:42 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-04-12 23:28:21 630,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-10-07 08:06:38 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-04-12 23:28:43 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-10-07 08:06:42 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-04-12 23:28:41 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-10-07 08:06:39 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-04-12 23:28:40 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-10-07 08:06:40 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-04-12 23:28:40 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-10-07 08:06:26 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-04-12 23:28:21 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-10-07 08:06:29 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-04-12 23:28:22 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-10-07 08:06:43 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-04-12 23:28:29 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-10-07 08:06:29 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-04-12 23:28:30 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-10-07 08:06:30 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-04-12 23:28:28 839,680 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-10-07 08:06:30 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-04-12 23:28:31 5,013,504 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-10-07 08:06:31 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-04-12 23:28:22 2,068,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2007-10-07 08:06:42 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-04-12 23:28:27 3,076,096 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-04-13 14:54:15 27,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
+ 2008-04-13 14:54:19 884,736 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
+ 2008-04-13 14:54:20 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
+ 2008-04-13 14:54:19 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
+ 2008-04-13 14:54:22 876,544 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
+ 2008-04-13 14:54:23 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2008-04-13 14:54:27 1,695,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
+ 2008-04-13 14:54:28 167,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
+ 2008-04-13 14:54:31 1,740,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
+ 2008-04-13 14:49:38 11,722,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
+ 2008-04-13 14:54:33 1,011,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
+ 2008-04-13 14:50:55 7,049,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
+ 2008-04-13 14:54:35 1,798,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
+ 2008-04-13 14:51:22 10,969,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll
+ 2008-04-13 14:54:38 1,224,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
+ 2008-04-13 14:54:39 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
+ 2008-04-13 14:51:26 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll
+ 2008-04-13 14:51:26 1,667,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
+ 2008-04-13 14:54:40 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
+ 2008-04-13 14:54:40 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2008-04-13 14:54:42 733,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
+ 2008-04-13 14:54:43 233,472 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
+ 2008-04-13 14:54:44 679,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
+ 2008-04-13 14:55:09 2,342,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2008-04-13 14:55:10 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
+ 2008-04-13 14:55:14 1,986,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
+ 2008-04-13 14:55:05 12,509,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
+ 2008-04-13 14:51:46 13,193,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
+ 2008-04-13 14:51:56 5,771,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
+ 2008-04-13 14:50:18 8,265,728 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
- 2005-09-23 12:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2007-10-24 06:47:38 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
- 2005-09-23 12:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2007-10-24 06:47:38 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
- 2005-09-23 12:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2007-10-24 06:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2005-09-23 12:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2007-10-24 06:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
- 2005-09-23 12:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
+ 2007-10-24 06:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
- 2005-09-23 12:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2007-10-24 06:47:38 97,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
- 2005-09-23 12:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2007-10-24 06:47:26 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
- 2005-09-23 12:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2007-10-24 06:47:30 145,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
- 2005-09-23 12:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2007-10-24 06:47:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2005-09-23 12:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2007-10-24 06:47:48 193,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
- 2005-09-23 12:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2007-10-24 06:47:20 218,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2005-09-23 12:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2007-10-24 06:47:40 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2005-09-23 12:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2007-10-24 06:47:42 147,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
- 2005-09-23 12:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2007-10-24 06:47:26 99,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2007-04-13 08:21:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2007-10-24 06:47:42 59,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- 2005-09-23 12:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2007-10-24 06:47:22 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2007-04-13 08:20:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-10-24 06:47:22 22,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2007-04-13 08:20:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-10-24 06:47:22 17,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2007-04-13 08:20:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-10-24 06:47:22 33,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
- 2007-04-13 08:20:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-10-24 06:47:22 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2005-09-23 12:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2007-10-24 06:47:22 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- 2007-04-13 08:20:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-10-24 06:47:22 32,776 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2005-09-23 12:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2007-10-24 06:47:22 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2007-04-13 08:20:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-10-24 06:47:22 33,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- 2007-04-13 08:20:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-10-24 06:47:22 33,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2007-04-13 08:20:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-10-24 06:47:22 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 12:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2007-10-24 06:47:40 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2007-04-13 08:21:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2007-10-24 06:47:40 101,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
- 2005-09-23 12:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2007-10-24 06:47:30 80,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
- 2005-09-23 12:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2007-10-24 06:47:30 1,162,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
- 2005-09-23 12:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2007-10-24 06:47:30 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2005-09-23 12:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2007-10-24 06:47:42 27,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 12:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2007-10-24 06:47:40 69,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
- 2005-09-23 12:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2007-10-24 06:47:30 35,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- 2005-09-23 12:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2007-10-24 06:47:28 66,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
- 2007-04-13 08:20:58 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2007-10-24 06:47:28 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2005-09-23 12:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2007-10-24 06:47:54 572,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2005-09-23 12:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2007-10-24 06:47:40 798,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
- 2005-09-23 12:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2007-10-24 06:47:36 18,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
- 2007-04-13 08:21:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2007-10-24 06:47:40 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 12:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2007-10-24 06:47:40 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 12:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2007-10-24 06:47:40 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2005-09-23 12:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2007-10-24 06:47:40 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2007-04-13 08:21:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-10-24 06:47:40 230,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2007-04-13 08:21:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2007-10-24 06:47:40 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 12:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2007-10-24 06:47:40 65,032 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 12:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2007-10-24 06:47:40 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2005-09-23 12:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2007-10-24 06:47:34 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2007-04-13 08:21:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2007-10-24 06:47:36 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2005-09-23 12:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2007-10-24 06:47:36 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2007-04-13 08:21:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2007-10-24 06:47:36 655,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2005-09-23 12:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2007-10-24 06:47:36 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2007-04-13 08:21:08 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2007-10-24 06:47:34 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2005-09-23 12:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2007-10-24 06:47:52 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2005-09-23 12:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2007-10-24 06:47:52 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 12:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2007-10-24 06:47:50 671,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2005-09-23 12:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2007-10-24 06:47:20 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2005-09-23 12:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2007-10-24 06:47:52 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2005-09-23 12:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2007-10-24 06:47:20 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 12:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-10-24 06:47:20 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 12:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2007-10-24 06:47:20 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2007-04-13 08:20:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2007-10-24 06:47:22 97,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 12:28:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2007-10-24 06:47:36 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2007-04-13 08:21:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2007-10-24 06:47:40 822,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2005-09-23 12:28:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2007-10-24 06:47:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2005-09-23 12:28:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2007-10-24 06:47:40 308,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
- 2007-04-13 08:21:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2007-10-24 06:47:40 47,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
- 2007-04-13 08:21:16 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2007-10-24 06:47:40 348,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2005-09-23 12:28:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2007-10-24 06:47:40 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
- 2007-04-13 08:21:16 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-10-24 06:47:40 4,444,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2007-04-13 08:21:16 102,912 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2007-10-24 06:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
- 2005-09-23 12:29:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2007-10-24 06:47:44 340,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
- 2005-09-23 12:28:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2007-10-24 06:47:40 77,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
- 2005-09-23 12:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2007-10-24 06:47:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
- 2007-04-13 08:21:18 227,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-10-24 06:47:40 242,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
- 2007-04-13 08:21:18 68,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2007-10-24 06:47:40 70,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2005-09-23 12:28:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2007-10-24 06:47:40 19,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
- 2007-04-13 08:21:12 5,634,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2007-10-24 06:47:36 5,814,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2005-09-23 12:29:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2007-10-24 06:47:44 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
- 2007-04-13 08:21:16 99,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-10-24 06:47:40 101,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- 2007-04-13 08:21:18 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2007-10-24 06:47:40 24,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2005-09-23 12:28:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2007-10-24 06:47:40 89,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
- 2007-04-13 08:21:12 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2007-10-24 06:47:36 144,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
- 2005-09-23 12:28:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2007-10-24 06:47:40 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 12:28:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2007-10-24 06:47:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 12:29:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2007-10-24 06:47:46 61,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 12:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2007-10-24 06:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2005-09-23 12:28:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2007-10-24 06:47:40 119,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
- 2005-09-23 12:29:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2007-10-24 06:47:44 95,232 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
- 2007-04-13 08:21:18 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2007-10-24 06:47:40 392,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2007-04-13 08:21:18 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2007-10-24 06:47:40 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2007-04-13 08:21:18 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2007-10-24 06:47:42 425,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 12:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2007-10-24 06:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2007-04-13 08:21:16 2,902,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-10-24 06:47:40 3,036,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
- 2007-04-13 08:21:18 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-10-24 06:47:40 483,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
- 2007-04-13 08:21:18 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-10-24 06:47:40 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
- 2007-04-13 08:20:58 888,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2007-10-24 06:47:28 933,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
- 2007-04-13 08:21:16 5,001,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2007-10-24 06:47:40 5,070,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2005-09-23 12:28:56 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2007-10-24 06:47:40 401,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
- 2007-04-13 08:21:18 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-10-24 06:47:40 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2007-04-13 08:21:16 2,940,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2007-10-24 06:47:40 3,076,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2005-09-23 12:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2007-10-24 06:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2007-04-13 08:21:16 577,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2007-10-24 06:47:40 630,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2007-04-13 08:21:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-10-24 06:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2007-04-13 08:21:18 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2007-10-24 06:47:40 57,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2007-04-13 08:21:18 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2007-10-24 06:47:40 113,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2007-04-13 08:21:16 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2007-10-24 06:47:40 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
- 2005-09-23 12:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2007-10-24 06:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
- 2007-04-13 08:21:16 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2007-10-24 06:47:40 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 12:28:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-10-24 06:47:40 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
- 2005-09-23 12:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2007-10-24 06:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2005-09-23 12:28:56 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2007-10-24 06:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2007-04-13 08:21:18 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2007-10-24 06:47:40 261,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2007-04-13 08:21:16 5,156,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2007-10-24 06:47:40 5,431,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2005-09-23 12:28:56 835,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2007-10-24 06:47:40 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
- 2005-09-23 12:28:56 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2007-10-24 06:47:40 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
- 2005-09-23 12:28:56 823,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2007-10-24 06:47:40 839,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
- 2007-04-13 08:21:16 5,152,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2007-10-24 06:47:40 5,013,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2007-04-13 08:21:16 2,027,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2007-10-24 06:47:40 2,068,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
- 2005-09-23 12:28:56 71,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2007-10-24 06:47:40 81,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
- 2007-04-13 08:21:28 1,166,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2007-10-24 06:47:48 1,172,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- 2007-04-13 08:20:50 1,330,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2007-10-24 06:47:20 1,344,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
- 2007-04-13 08:20:52 406,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2007-10-24 06:47:22 434,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2005-09-23 12:28:56 28,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2007-10-24 06:47:40 37,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
- 2005-09-23 12:28:38 83,456 ----a-w C:\WINDOWS\system32\dfshim.dll
+ 2007-10-24 06:47:28 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
- 2007-10-25 08:12:11 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2008-04-16 15:23:18 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
- 2006-12-27 18:46:06 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
+ 2008-04-16 15:23:23 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
- 2007-02-26 09:27:48 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
+ 2008-04-16 15:23:24 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
- 2007-12-21 16:40:30 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2008-04-16 15:23:26 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
- 2007-12-21 16:40:24 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-04-16 15:23:26 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2006-12-27 18:46:06 4,960 ----a-w C:\WINDOWS\system32\drivers\avgtdi.sys
+ 2008-04-16 15:23:26 4,960 ----a-w C:\WINDOWS\system32\drivers\avgtdi.sys
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2007-04-13 08:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2007-10-24 06:47:38 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
- 2005-09-23 12:28:52 150,016 ----a-w C:\WINDOWS\system32\mscorier.dll
+ 2007-10-24 06:47:38 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
- 2005-09-23 12:28:52 74,240 ----a-w C:\WINDOWS\system32\mscories.dll
+ 2007-10-24 06:47:38 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
- 2005-09-23 12:29:00 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
+ 2007-10-24 06:47:44 15,360 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
- 2008-03-09 15:46:58 59,436 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-12 23:28:54 60,620 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-09 15:46:59 393,730 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-12 23:28:54 398,994 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-12 23:28:35 8,192 ----a-w C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2007-10-24 06:47:56 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll
+ 2007-10-24 06:47:56 558,080 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll
+ 2007-10-24 06:47:56 635,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll
- 2007-10-07 08:06:23 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-04-12 23:28:43 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2007-10-07 08:06:23 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2008-04-12 23:28:43 113,664 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 18:11 4670968]
"Utopia Angel"="C:\Utopia\Angel\Angel.exe" [2008-03-24 07:14 3549184]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2008-04-09 14:22 2135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA"="C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [2003-03-31 07:00 77891]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2003-08-13 14:48 147456]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 05:50 155648]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 15:16 5058560]
"nwiz"="nwiz.exe" [2003-10-06 15:16 741376 C:\WINDOWS\system32\nwiz.exe]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [2003-02-25 23:27 77887]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-21 23:41 94208]
"POINTER"="point32.exe" []
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19 129536]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 01:52 380928]
"IPInSightMonitor 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 01:52 122880]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2006-12-10 12:44 380928]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-20 09:41 1836544]
"BearFlix"="C:\Program Files\BearFlix\BearFlix.exe" [ ]
"BurnQuick Queue"="C:\Program Files\BurnQuick\BQTray.exe" [2006-06-15 09:49 49152]
"RAM Idle Professional"="C:\Program Files\RAM Idle LE\RAM_XP.exe" [2006-01-17 06:38 135168]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2008-01-27 19:20 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-27 19:20 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 10:23 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 15:16 49152]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-16 10:23 219136]

C:\Documents and Settings\Frank May\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
Rag£ Recipe Widget.lnk - C:\Program Files\Ragu Recipe Widget\RaguWidgetLoader.exe [2007-09-23 23:00:00 32768]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2006-04-02 21:46:42 217088]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2003-12-08 20:41:18 106560]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-10-03 13:56:10 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Netscape\\Netscape Browser\\netscape.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13715:TCP"= 13715:TCP:BitComet 13715 TCP
"13715:UDP"= 13715:UDP:BitComet 13715 UDP

R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2003-01-07 13:16]
S2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2002-06-24 14:57]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2002-06-24 14:57]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2002-06-24 14:57]
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 16:28]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-09 21:56:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 10:49:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-16 10:54:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-16 15:53:55
ComboFix2.txt 2008-04-11 19:22:53
ComboFix3.txt 2008-04-08 18:04:05
Pre-Run: 8,132,202,496 bytes free
Post-Run: 8,125,243,392 bytes free
.
2008-04-12 23:29:52 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:10 AM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BurnQuick\BQTray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\RAM Idle LE\RAM_XP.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Utopia\Angel\Angel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [BurnQuick Queue] C:\Program Files\BurnQuick\BQTray.exe
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Ragú Recipe Widget.lnk = C:\Program Files\Ragu Recipe Widget\RaguWidgetLoader.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mci ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 4430371281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4430361734
O16 - DPF: {885BB46A-3F1E-44C3-A01B-A7D9260CC98B} (InstallShield Update Service Setup Player) - http://updates.installshield.com/CAB/dwusplay.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?312
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\DOCUME~1\FRANKM~1\LOCALS~1\Temp\500064-PMLPatch\HPZipm12.exe (file missing)

--
End of file - 12347 bytes
maypo
Active Member
 
Posts: 10
Joined: March 29th, 2008, 11:48 am
Location: Wisconsin, USA
Advertisement
Register to Remove

Re: Posting a Hijackthis log. Looking for my problem

Unread postby Rodav » April 17th, 2008, 4:39 am

Hi maypo,

Step 1:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Image
You can also delete any logs we have produced, and empty your Recycle bin.


Step 2: Update Java
As I mentioned earlier older versions Sun's Java have vulnerabilites, a new version has just been released so you will need to remove your current version and download JRE 6 Update 6 by doing the following:
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    Java(TM) 6 Update 5
  • Reboot your computer

  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Go to Java Runtime Environment (JRE) 6 Update 6 and click on Download button.
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Online Installation, click on the link under it which says "jre-6u6-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Delete the folder C:\Program Files\Java if present
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer


I notice you have a number of Automated Registry Cleaners installed including:
Advanced Registry Optimizer
Free Registry Defrag
RegistryFix v6.2


While these programs are clean the companies that make them seem to have a dubious history:
http://www.siteadvisor.com/sites/registryoptimizer.com
http://www.siteadvisor.com/sites/registry-clean.net
http://www.siteadvisor.com/sites/registryfix.com
Personally I recommend you remove them via Add/Remove Programs however it is up to you.

Rarely do these type of programs offer any real benefit and in some cases can even end up causing damage. Windows' registry is a lot more sturdy than people give it credit for and unless you have a great understanding on how it works, it's best to just leave it well alone.


Your logs are now clean. :D :D
If you still feel you are having any issues please let me know now, otherwise read through and proceed with the following:


Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
  • Install and use a firewall with outbound protection
    While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
    I therefore strongly recommend that you install one of the following free firewalls: Comodo Firewallor Online armor
    See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
    Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  • Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster from here
  • Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly
  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
    • Run Spybot Search & Destroy
    • Click on Mode, and then place a tick next to Advanced mode
    • Click Yes
    • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
    • Click on Add Spybot-S&D hosts list
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  • Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date

Please reply to this topic one more time so I know you have read through it or with any questions you may have.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Posting a Hijackthis log. Looking for my problem

Unread postby maypo » April 21st, 2008, 4:28 pm

Whew, doing all that took up my weekend. :) The computer is purring along nicely now.
It strikes me that what you do is a good skill to have. I retire in about a year and would have time to get involved. Is learning the methods a time consuming process? Do you have to spend a certain amount of time each day or can you proceed at your own pace? What does it entail? I have bookmarked this site. Don't want to lose track. :)
maypo
Active Member
 
Posts: 10
Joined: March 29th, 2008, 11:48 am
Location: Wisconsin, USA

Re: Posting a Hijackthis log. Looking for my problem

Unread postby Rodav » April 22nd, 2008, 10:15 am

Hi maypo,

Great to hear your computer is back to full health. :D

Is learning the methods a time consuming process?
It can vary between people, on average it takes between 6-12 months from starting training to actually posting to victims although some are considerably quicker. I have only recently started posting to victims in fact you are the first I have actually cleaned. :)

Do you have to spend a certain amount of time each day or can you proceed at your own pace?
It's completely self paced, as long as you are willing to learn there is no real time restrictions.

What does it entail?
A lot of reading and searching for information, but there is one on one training with a teacher and a community who will try answer any question you may have. Even now I have a teacher still checking over my posts to make sure they are OK.


I have learned so much about computers in general, not just malware removal but since I joined here. There is such an incredible wealth of knowledge throughout the community and the fact that some of it has managed to get into my thick head is testament to it. :lol:

I hope you do join up, it's a great pastime to have and one which I'm sure you will excel at. :)

You can fill in the enrollment form here after which you should hear from an Admin within a couple of days.

I hope to see you in there, we need all the helpers we can get. :cheers:
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Posting a Hijackthis log. Looking for my problem

Unread postby Shaba » April 26th, 2008, 4:55 am

maypo this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware