Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser acting strangely - please advise

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Browser acting strangely - please advise

Unread postby john_m_nash » November 30th, 2010, 4:25 pm

I can now access my friends hotmail account and mcafee appears to be working.

The new combofix log is here

ComboFix 10-11-27.01 - dave 30/11/2010 20:06:26.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3071.2634 [GMT 0:00]
Running from: c:\documents and settings\dave\Desktop\Nash.exe
Command switches used :: c:\documents and settings\dave\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BearShare Applications
c:\program files\BearShare Applications\BearShare\MNInetModule.log
c:\program files\BearShare Applications\BearShare\MNWMRM.log
c:\program files\BearShare Applications\BearShare\UNWISE.EXE
c:\program files\BearShare Applications\Common\InstallHelper.dll

.
--------------- FCopy ---------------

c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll --> c:\windows\system32\mspmsnsv.dll
c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll --> c:\windows\system32\dllcache\mspmsnsv.dll
c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll --> c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll --> c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
.
((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-30 )))))))))))))))))))))))))))))))
.

2019-03-07 17:56 . 2010-09-09 13:38 832512 -c--a-w- c:\windows\system32\dllcache\wininet.dll
2019-03-07 17:53 . 2019-03-07 17:53 -------- d-----w- C:\cmpnents
2010-11-27 15:27 . 2010-11-27 15:27 -------- d-----w- c:\program files\trend micro
2010-11-27 15:27 . 2010-11-27 15:28 -------- d-----w- C:\rsit
2010-11-22 17:28 . 2010-11-22 17:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-22 17:28 . 2010-11-22 17:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-22 17:23 . 2010-11-22 17:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-22 17:20 . 2010-11-22 17:20 -------- d-----w- c:\documents and settings\dave\Application Data\Malwarebytes
2010-11-22 17:20 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-22 17:20 . 2010-11-22 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-22 17:20 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-22 17:20 . 2010-11-22 17:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-08 12:18 . 2010-11-08 12:18 -------- d-----w- c:\program files\CCleaner
2010-11-08 12:17 . 2010-11-08 12:18 -------- d-----w- c:\documents and settings\dave\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-13 22:28 . 2010-10-05 13:45 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-13 22:28 . 2010-10-05 13:45 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-10-13 22:28 . 2010-10-05 13:45 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-10-13 22:28 . 2010-10-05 13:45 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-10-13 22:28 . 2010-10-05 13:45 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-10-13 22:28 . 2010-10-05 13:45 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-10-13 22:28 . 2010-10-05 13:45 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-10-13 22:28 . 2010-10-05 13:45 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-13 22:28 . 2010-10-05 13:45 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-10-13 22:28 . 2010-10-05 13:45 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-10-13 22:28 . 2010-10-05 13:45 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2006-12-13 03:12 . 2007-05-20 13:35 66648 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-12-13 03:12 . 2007-05-20 13:35 54352 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-13 03:12 . 2007-05-20 13:35 34928 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-12-13 03:12 . 2007-05-20 13:35 46696 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-12-13 03:12 . 2007-05-20 13:35 172120 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-11-30_07.35.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-30 19:52 . 2010-11-30 19:52 16384 c:\windows\Temp\Perflib_Perfdata_274.dat
+ 2005-12-02 09:13 . 2004-08-10 19:00 25088 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
- 2005-12-02 09:13 . 2005-08-03 18:29 25088 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
+ 2007-05-03 16:40 . 2004-08-10 19:00 25088 c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
- 2007-05-03 16:40 . 2005-08-03 18:29 25088 c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
+ 2010-05-19 14:46 . 2010-11-30 19:52 222433 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-22 10:04 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG111v3 Smart Wizard.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WPN111 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 17:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 14:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 02:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2010-09-10 20:59 1193848 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCguardadvisor.exe]
2006-04-28 15:27 1888256 ----a-w- c:\program files\blueyonder\PCguard advisor\PCguardadvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-01-14 18:21 110744 -c--a-w- c:\program files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 21:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-04 22:32 53248 -c----w- c:\program files\REGSHAVE\REGSHAVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-11-18 12:47 2001648 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-27 18:50 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-12-02 09:26 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Steam\\steamapps\\twister625\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\0wn3dpl0z\\condition zero\\hl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\0wn3dpl0z\\counter-strike\\hl.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [05/10/2010 13:45 84072]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 11:53 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 10:39 74480]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [15/03/2010 16:17 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [05/10/2010 13:45 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [05/10/2010 13:45 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [05/10/2010 13:45 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [05/10/2010 13:45 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [05/10/2010 13:45 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [05/10/2010 13:45 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [05/10/2010 13:45 88544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04/02/2010 09:34 135664]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [15/03/2009 11:13 17149]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [05/10/2010 13:45 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [05/10/2010 13:45 84264]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys --> c:\windows\system32\DRIVERS\wg111v3.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 15:51 4096]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [02/12/2005 17:08 85888]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [02/12/2005 17:08 51840]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34]

2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 09:34]

2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 09:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = \blank.htm
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://uk.yahoo.com
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\gemma\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-BearShare - c:\progra~1\BEARSH~1\BEARSH~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-30 20:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-11-30 20:15:20
ComboFix-quarantined-files.txt 2010-11-30 20:15
ComboFix2.txt 2010-11-30 07:37

Pre-Run: 208,474,124,288 bytes free
Post-Run: 208,455,360,512 bytes free

- - End Of File - - 932BFDDEAF4517C69390D4C988BBB774


and the new hijacthis log is here

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:18:28, on 30/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\dave\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101103135822.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\gemma\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 12105 bytes
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am
Advertisement
Register to Remove

Re: Browser acting strangely - please advise

Unread postby muppy03 » December 1st, 2010, 4:57 am

I can now access my friends hotmail account and mcafee appears to be working.


Excellent, are you noticing any other problems?

Let’s run ESET to make sure nothing is hiding.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Please reply with:-
  • ESET log
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Browser acting strangely - please advise

Unread postby john_m_nash » December 1st, 2010, 6:43 pm

Hi

I had a few problems running the eset scanner within internet explorer as it would not start, so I downloaded firefox and here are the results

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=13ceddc5e5b196459e640b677d78ae98
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-12-01 10:29:53
# local_time=2010-12-01 10:29:53 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 368621 368621 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777189 100 75 86942 19915586 0 0
# compatibility_mode=8192 67108863 100 0 4939 4939 0 0
# compatibility_mode=9217 16777214 0 4 87363702 87363702 0 0
# scanned=100119
# found=3
# cleaned=0
# scan_time=5898
C:\System Volume Information\_restore{7159C566-B27D-45B5-9001-47F14422CFC9}\RP483\A1200853.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{7159C566-B27D-45B5-9001-47F14422CFC9}\RP483\A1200857.DLL a variant of Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{7159C566-B27D-45B5-9001-47F14422CFC9}\RP483\A1200862.dll Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I


The new hijackthis log is here

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:37:43, on 01/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Documents and Settings\dave\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101130214123.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\gemma\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 11232 bytes


Thank you for your help so far
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Browser acting strangely - please advise

Unread postby muppy03 » December 2nd, 2010, 7:20 am

That is good, what ESET found will be removed when we clean up and reset System restore. Any other problems before we do that?

Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)


Once selected close all windows except HJT an click on Fix Checked
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Browser acting strangely - please advise

Unread postby john_m_nash » December 2nd, 2010, 3:41 pm

Hi

I have done that - what's next please.

You didn't say what logs to post or give me any further instructions.lol

thanks for your help
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Browser acting strangely - please advise

Unread postby muppy03 » December 2nd, 2010, 4:13 pm

Any other problems before we do that?


Would like an update on problems :) before we continue.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Browser acting strangely - please advise

Unread postby john_m_nash » December 2nd, 2010, 4:29 pm

The pc seems to be acting ok, although I did have a problem installing internet explorer 8 which was downloaded by automatic updates.

I installed it directly from my flash drive instead, but the pc appears ok as mcAfee appears to be working and I can access hotmail, which was the main symptoms at the start of the problem.
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Browser acting strangely - please advise

Unread postby muppy03 » December 3rd, 2010, 8:56 am

pc appears ok as mcAfee appears to be working and I can access hotmail, which was the main symptoms at the start of the problem.

Excellent.

If you are not having any further problems, I would suggest you proceed as follows.


You can delete RSIT from your Desktop and it associated folder C:\RSIT
You can also delete TDSSKiller

Uninstall ComboFix:

  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Image

The above procedure will implement some cleanup procedures as well as reset System Restore points



Remember to update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here


Please reply if you have any problems or questions
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Browser acting strangely - please advise

Unread postby john_m_nash » December 3rd, 2010, 3:40 pm

Thank you for your help

It appears that internet explorer gives me this message when I try to install the recommended updates from secunia software updates

Internet Explorer has closed this webpage to help protect your computer

A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage.


Also combofix won't uninstall, but its no longer on my desktop? (it was renamed nash) but it still isn't there?


I turned off mcafee online protection but this made no difference.

I have installed winpatrol.

I was hoping that we were done - what do you think?
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Browser acting strangely - please advise

Unread postby muppy03 » December 3rd, 2010, 6:55 pm

My friends pc is acting strangly


Did your friend change any settings or play around with them prior to you helping?

One of the reasons I ask is in the initial RSIT log there was about 2 pages of files with the date showing as 2019.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Re –run MBAM, lets see if it finds anything, make sure you update first.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Browser acting strangely - please advise

Unread postby john_m_nash » December 4th, 2010, 3:04 pm

Something is not right.

MBAM scan took nearly 13 hours and found some new stuff. The log is just below.

I also downloaded hijackthis again and have posted an up to date log below as well.

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5240

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/12/2010 18:53:56
mbam-log-2010-12-04 (18-53-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 375344
Time elapsed: 12 hour(s), 54 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{7159c566-b27d-45b5-9001-47f14422cfc9}\RP483\A1200862.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\documents and settings\david\local settings\temporary internet files\Content.IE5\COTIF4NO\getdata[1].htm (Trojan.Zbot) -> Quarantined and deleted successfully.
c:\documents and settings\gemma\local settings\temporary internet files\Content.IE5\M7M7PUTO\no[1].htm (Trojan.Zbot) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:59:38, on 04/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101202204443.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\gemma\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 11607 bytes
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Browser acting strangely - please advise

Unread postby muppy03 » December 5th, 2010, 6:19 am

Did your friend change any settings or play around with them prior to you helping?

One of the reasons I ask is in the initial RSIT log there was about 2 pages of files with the date showing as 2019.

What about this?

Please see if you can re-download an updated version of Combofix direct to the infected machines desktop and run as explained earlier.

Post the log if it runs ok.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Browser acting strangely - please advise

Unread postby john_m_nash » December 5th, 2010, 10:17 am

Combofix downloaded ok this time and I also updated it.

The first part of the log file is here and the rest is in the next post

ComboFix 10-12-04.01 - dave 05/12/2010 14:02:18.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3071.2492 [GMT 0:00]
Running from: c:\documents and settings\dave\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\SET2D3.tmp
c:\program files\Internet Explorer\SET2D8.tmp
c:\program files\Internet Explorer\SET38D.tmp

.
((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 )))))))))))))))))))))))))))))))
.

2019-03-07 17:56 . 2010-09-10 05:58 916480 -c----w- c:\windows\system32\dllcache\wininet.dll
2019-03-07 17:53 . 2019-03-07 17:53 -------- d-----w- C:\cmpnents
2010-12-04 18:59 . 2010-12-04 18:59 388096 ----a-r- c:\documents and settings\dave\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-03 19:23 . 2010-12-03 19:23 -------- d-----w- c:\documents and settings\dave\Application Data\WinPatrol
2010-12-03 19:23 . 2010-12-03 19:23 -------- d-----w- c:\program files\BillP Studios
2010-12-03 19:23 . 2010-12-03 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2010-12-02 20:44 . 2010-10-13 22:28 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2010-12-01 20:29 . 2010-12-01 20:29 -------- d-----w- c:\program files\ESET
2010-12-01 20:22 . 2010-10-27 06:13 553696 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2010-12-01 20:22 . 2010-10-27 06:13 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2010-12-01 20:22 . 2010-10-27 06:13 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2010-12-01 20:22 . 2010-10-27 06:13 912344 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
2010-12-01 20:22 . 2010-10-27 06:13 89048 ----a-w- c:\program files\Mozilla Firefox\nssutil3.dll
2010-12-01 20:22 . 2010-10-27 06:13 719832 ----a-w- c:\program files\Mozilla Firefox\mozcrt19.dll
2010-12-01 20:22 . 2010-10-27 06:13 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2010-12-01 20:22 . 2010-10-27 06:13 492504 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2010-12-01 20:22 . 2010-10-27 06:13 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-12-01 20:22 . 2010-10-27 06:13 11744216 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2010-12-01 20:22 . 2010-10-27 06:13 107480 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2010-12-01 20:22 . 2010-10-27 04:49 98304 ----a-w- c:\program files\Mozilla Firefox\nssdbm3.dll
2010-12-01 08:33 . 2010-12-01 08:33 -------- d-sh--w- c:\documents and settings\dave\IECompatCache
2010-12-01 08:33 . 2010-12-01 08:33 -------- d-sh--w- c:\documents and settings\dave\PrivacIE
2010-12-01 08:30 . 2010-12-01 08:30 -------- d-sh--w- c:\documents and settings\dave\IETldCache
2010-12-01 08:29 . 2010-12-01 08:29 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-30 22:40 . 2010-11-30 22:40 -------- d-----w- c:\program files\Microsoft.NET
2010-11-30 22:37 . 2010-11-30 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-11-30 22:37 . 2010-11-30 22:37 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-11-30 22:36 . 2010-11-30 22:37 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-11-30 22:36 . 2010-11-30 22:36 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-11-30 22:36 . 2010-11-30 22:39 -------- d-----w- c:\program files\NVIDIA Corporation
2010-11-30 22:34 . 2010-11-30 22:34 -------- d-----w- c:\windows\system32\winrm
2010-11-30 22:34 . 2010-11-30 22:35 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-11-30 22:34 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-11-30 22:32 . 2010-09-10 05:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-30 22:32 . 2010-09-10 05:58 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-30 22:32 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-30 22:29 . 2010-12-01 07:26 -------- dc-h--w- c:\windows\ie8
2010-11-30 22:18 . 2010-11-30 23:05 -------- d-----w- c:\program files\Windows Desktop Search
2010-11-30 22:18 . 2010-11-30 22:18 -------- d-----w- c:\windows\system32\GroupPolicy
2010-11-27 15:27 . 2010-12-04 18:59 -------- d-----w- c:\program files\trend micro
2010-11-22 17:28 . 2010-11-22 17:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-22 17:28 . 2010-11-22 17:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-22 17:23 . 2010-11-22 17:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-22 17:20 . 2010-11-22 17:20 -------- d-----w- c:\documents and settings\dave\Application Data\Malwarebytes
2010-11-22 17:20 . 2010-11-29 17:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-22 17:20 . 2010-11-29 17:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-22 17:20 . 2010-11-22 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-22 17:20 . 2010-12-04 05:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-08 12:18 . 2010-11-08 12:18 -------- d-----w- c:\program files\CCleaner
2010-11-08 12:17 . 2010-11-08 12:18 -------- d-----w- c:\documents and settings\dave\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-13 22:28 . 2010-10-05 13:45 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-13 22:28 . 2010-10-05 13:45 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-10-13 22:28 . 2010-10-05 13:45 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-10-13 22:28 . 2010-10-05 13:45 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-10-13 22:28 . 2010-10-05 13:45 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-10-13 22:28 . 2010-10-05 13:45 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-10-13 22:28 . 2010-10-05 13:45 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-10-13 22:28 . 2010-10-05 13:45 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-13 22:28 . 2010-10-05 13:45 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-10-13 22:28 . 2010-10-05 13:45 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-10-13 22:28 . 2010-10-05 13:45 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-09-08 11:17 . 2010-09-08 11:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 11:17 . 2010-09-08 11:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2006-12-13 03:12 . 2007-05-20 13:35 66648 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-12-13 03:12 . 2007-05-20 13:35 54352 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-13 03:12 . 2007-05-20 13:35 34928 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2010-10-13 22:28 . 2010-12-02 20:44 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2006-12-13 03:12 . 2007-05-20 13:35 46696 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-12-13 03:12 . 2007-05-20 13:35 172120 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-11-30_07.35.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-05 13:46 . 2010-12-05 13:46 16384 c:\windows\Temp\Perflib_Perfdata_2b8.dat
+ 2009-10-09 14:56 . 2009-10-09 14:56 14848 c:\windows\system32\wsmprovhost.exe
+ 2009-10-09 14:56 . 2009-10-09 14:56 12288 c:\windows\system32\wsmplpxy.dll
+ 2009-10-09 14:56 . 2009-10-09 14:56 12288 c:\windows\system32\winrssrv.dll
+ 2009-10-09 14:56 . 2009-10-09 14:56 22528 c:\windows\system32\winrshost.exe
+ 2009-10-09 16:22 . 2009-10-09 16:22 69632 c:\windows\system32\winrs.exe
+ 2009-10-09 14:56 . 2009-10-09 14:56 25088 c:\windows\system32\winrmprov.dll
+ 2009-10-09 14:56 . 2009-10-09 14:56 24064 c:\windows\system32\WindowsPowerShell\v1.0\pwrshsip.dll
+ 2005-12-02 09:10 . 2009-01-07 18:21 26144 c:\windows\system32\spupdsvc.exe
+ 2007-05-03 16:42 . 2009-01-07 18:20 16928 c:\windows\system32\spmsg.dll
+ 2008-11-27 11:47 . 2008-11-27 11:47 10240 c:\windows\system32\RtNicProp32.dll
+ 2009-10-09 16:22 . 2009-10-09 16:22 42496 c:\windows\system32\pwrshplugin.dll
+ 2019-03-07 17:56 . 2009-03-08 04:31 46592 c:\windows\system32\pngfilt.dll
+ 2010-07-10 05:38 . 2010-07-10 05:38 61440 c:\windows\system32\OpenCL.dll
+ 2019-03-07 17:56 . 2009-10-08 14:56 20480 c:\windows\system32\oleaccrc.dll
+ 2010-07-09 16:24 . 2006-08-11 21:43 81920 c:\windows\system32\nvwddi.dll
- 2006-08-11 21:43 . 2006-08-11 21:43 81920 c:\windows\system32\nvwddi.dll
+ 2010-07-09 16:24 . 2006-08-11 21:43 86016 c:\windows\system32\nvmctray.dll
- 2006-08-11 21:43 . 2006-08-11 21:43 86016 c:\windows\system32\nvmctray.dll
- 2006-06-29 08:05 . 2006-06-29 08:05 23552 c:\windows\system32\normaliz.dll
+ 2006-06-29 08:05 . 2009-01-07 18:20 23552 c:\windows\system32\normaliz.dll
- 2006-06-28 17:59 . 2006-06-28 17:59 24576 c:\windows\system32\nlsdl.dll
+ 2006-06-28 17:59 . 2009-01-07 18:20 24576 c:\windows\system32\nlsdl.dll
- 2019-03-07 17:56 . 2008-04-14 00:12 98304 c:\windows\system32\nlhtml.dll
+ 2019-03-07 17:56 . 2008-03-07 17:02 98304 c:\windows\system32\nlhtml.dll
+ 2019-03-07 17:57 . 2004-08-10 19:00 25088 c:\windows\system32\mspmsnsv.dll
+ 2019-03-07 17:56 . 2009-03-08 04:31 48128 c:\windows\system32\mshtmler.dll
- 2019-03-07 17:56 . 2006-10-17 12:28 48128 c:\windows\system32\mshtmler.dll
+ 2019-03-07 17:56 . 2010-09-10 05:58 66560 c:\windows\system32\mshtmled.dll
+ 2019-03-07 17:56 . 2009-03-08 04:31 45568 c:\windows\system32\mshta.exe
- 2019-03-07 17:56 . 2006-10-17 12:56 45568 c:\windows\system32\mshta.exe
+ 2006-10-17 12:58 . 2009-03-08 04:31 13312 c:\windows\system32\msfeedssync.exe
+ 2006-10-27 15:09 . 2010-09-10 05:58 55296 c:\windows\system32\msfeedsbs.dll
+ 2019-03-07 17:56 . 2008-03-07 17:02 29696 c:\windows\system32\mimefilt.dll
- 2019-03-07 17:56 . 2008-04-14 00:11 29696 c:\windows\system32\mimefilt.dll
+ 2019-03-07 17:56 . 2010-09-10 05:58 43520 c:\windows\system32\licmgr10.dll
+ 2019-03-07 17:56 . 2010-09-10 05:58 25600 c:\windows\system32\jsproxy.dll
+ 2019-03-07 17:56 . 2009-03-08 04:32 94720 c:\windows\system32\inseng.dll
+ 2019-03-07 17:56 . 2009-03-08 04:31 34816 c:\windows\system32\imgutil.dll
+ 2006-10-27 02:44 . 2009-03-08 04:32 36864 c:\windows\system32\ieudinit.exe
+ 2019-03-07 17:56 . 2009-03-08 04:32 71680 c:\windows\system32\iesetup.dll
+ 2019-03-07 17:56 . 2009-03-08 04:32 55808 c:\windows\system32\iernonce.dll
+ 2006-06-29 08:05 . 2009-01-07 18:20 26112 c:\windows\system32\idndl.dll
- 2006-06-29 08:05 . 2006-06-29 08:05 26112 c:\windows\system32\idndl.dll
+ 2006-10-17 12:58 . 2009-03-08 04:31 59904 c:\windows\system32\icardie.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 70472 c:\windows\system32\dxva2.dll
+ 2019-03-07 17:56 . 2009-03-08 04:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2019-03-07 17:56 . 2009-10-08 14:56 20480 c:\windows\system32\dllcache\oleaccrc.dll
- 2019-03-07 17:56 . 2008-04-14 00:12 98304 c:\windows\system32\dllcache\nlhtml.dll
+ 2019-03-07 17:56 . 2008-03-07 17:02 98304 c:\windows\system32\dllcache\nlhtml.dll
+ 2019-03-07 17:57 . 2004-08-10 19:00 25088 c:\windows\system32\dllcache\mspmsnsv.dll
+ 2019-03-07 17:56 . 2009-03-08 04:31 48128 c:\windows\system32\dllcache\mshtmler.dll
- 2019-03-07 17:56 . 2006-10-17 12:28 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2019-03-07 17:56 . 2010-09-10 05:58 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2019-03-07 17:56 . 2009-03-08 04:31 45568 c:\windows\system32\dllcache\mshta.exe
- 2019-03-07 17:56 . 2006-10-17 12:56 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-05-09 14:51 . 2010-09-10 05:58 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2019-03-07 17:56 . 2008-04-14 00:11 29696 c:\windows\system32\dllcache\mimefilt.dll
+ 2019-03-07 17:56 . 2008-03-07 17:02 29696 c:\windows\system32\dllcache\mimefilt.dll
+ 2019-03-07 17:56 . 2010-09-10 05:58 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2019-03-07 17:56 . 2010-09-10 05:58 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2019-03-07 17:56 . 2009-03-08 04:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2019-03-07 17:56 . 2009-03-08 04:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2019-03-07 17:56 . 2009-03-08 04:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2019-03-07 17:56 . 2009-03-08 04:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-20 10:04 . 2009-03-08 04:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2005-12-02 08:45 . 2009-03-08 04:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-06-29 16:12 . 2009-03-08 04:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2019-03-07 17:56 . 2009-03-08 04:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2019-03-07 17:56 . 2009-03-08 04:33 18944 c:\windows\system32\corpol.dll
+ 2005-12-02 08:49 . 2010-12-04 01:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-12-02 08:49 . 2010-11-29 12:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-12-02 08:49 . 2010-11-29 12:08 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-11-30 20:47 . 2010-12-04 01:32 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2019-03-07 17:56 . 2009-03-08 04:32 72704 c:\windows\system32\admparse.dll
+ 2005-12-02 09:13 . 2004-08-10 19:00 25088 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
- 2005-12-02 09:13 . 2005-08-03 18:29 25088 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 87408 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsFormsIntegration.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 93024 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 35688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 17784 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Presentation.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 58240 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 67912 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 31576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 44920 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 37240 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Channels.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 64352 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Numerics.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 45952 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Thunk.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 51032 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Device.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 50552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.DataSetExtensions.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 81784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.Install.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 81800 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.DataAnnotations.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 39784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.Contract.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 68952 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll
+ 2010-03-18 19:58 . 2010-03-18 19:58 96088 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUtility.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 78152 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3082\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3076\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2070\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2052\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1055\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1053\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1049\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1046\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1045\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1044\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1043\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15192 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1042\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15704 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1041\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1040\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1038\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 16728 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1037\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1036\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1035\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1033\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1032\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1031\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1030\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1029\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1028\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1025\SetupResources.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 13648 c:\windows\Microsoft.NET\Framework\v4.0.30319\SbsNclPerf.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 58192 c:\windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe
+ 2010-03-18 13:16 . 2010-03-18 13:16 32592 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
+ 2010-03-18 13:16 . 2010-03-18 13:16 52040 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
+ 2010-03-18 13:16 . 2010-03-18 13:16 21336 c:\windows\Microsoft.NET\Framework\v4.0.30319\normalization.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 27984 c:\windows\Microsoft.NET\Framework\v4.0.30319\MUI\0409\mscorsecr.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 40784 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpe.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 20816 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreeis.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 12128 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.Dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 97680 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 36168 c:\windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
+ 2010-03-18 13:16 . 2010-03-18 13:16 78168 c:\windows\Microsoft.NET\Framework\v4.0.30319\ISymWrapper.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 58200 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtilLib.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 27992 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
+ 2010-03-18 13:16 . 2010-03-18 13:16 42312 c:\windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 11592 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
+ 2010-03-18 13:16 . 2010-03-18 13:16 88904 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 31048 c:\windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
+ 2010-03-18 13:16 . 2010-03-18 13:16 81248 c:\windows\Microsoft.NET\Framework\v4.0.30319\CustomMarshalers.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 95048 c:\windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
+ 2010-03-18 13:16 . 2010-03-18 13:16 29008 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
+ 2010-03-18 13:16 . 2010-03-18 13:16 29528 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
+ 2010-03-18 13:16 . 2010-03-18 13:16 29016 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe
+ 2010-03-18 13:16 . 2010-03-18 13:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\Accessibility.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 10064 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\CvtResUI.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 24400 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\alinkui.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorlib.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 13648 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 13648 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 13648 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-11-30 22:33 . 2009-03-08 04:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-11-30 22:33 . 2009-03-08 04:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-11-30 22:33 . 2009-03-08 04:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-11-30 22:33 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2360131-IE8\xpshims.dll
+ 2010-11-30 22:33 . 2009-03-08 04:31 66560 c:\windows\ie8updates\KB2360131-IE8\mshtmled.dll
+ 2010-11-30 22:33 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2360131-IE8\msfeedsbs.dll
+ 2010-11-30 22:33 . 2009-03-08 04:34 43008 c:\windows\ie8updates\KB2360131-IE8\licmgr10.dll
+ 2010-11-30 22:33 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2360131-IE8\jsproxy.dll
+ 2010-11-30 22:31 . 2009-03-08 14:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2010-12-01 07:24 . 2010-09-09 13:38 44544 c:\windows\ie8\pngfilt.dll
+ 2010-12-01 07:24 . 2006-10-17 12:28 48128 c:\windows\ie8\mshtmler.dll
+ 2010-12-01 07:24 . 2006-10-17 12:56 45568 c:\windows\ie8\mshta.exe
+ 2010-12-01 07:24 . 2006-10-17 12:58 12288 c:\windows\ie8\msfeedssync.exe
+ 2010-12-01 07:24 . 2010-09-09 13:38 52224 c:\windows\ie8\msfeedsbs.dll
+ 2010-12-01 07:24 . 2006-10-27 02:44 92672 c:\windows\ie8\inseng.dll
+ 2010-12-01 07:24 . 2006-10-17 12:57 36352 c:\windows\ie8\imgutil.dll
+ 2010-12-01 07:24 . 2006-10-27 02:44 55296 c:\windows\ie8\iesetup.dll
+ 2010-12-01 07:24 . 2010-09-09 13:38 44544 c:\windows\ie8\iernonce.dll
+ 2010-12-01 07:24 . 2010-09-09 13:38 63488 c:\windows\ie8\icardie.dll
+ 2010-12-01 07:24 . 2006-10-17 12:44 60416 c:\windows\ie8\hmmapi.dll
+ 2010-12-01 07:24 . 2010-09-09 13:38 17408 c:\windows\ie8\corpol.dll
+ 2010-12-01 07:24 . 2006-10-27 02:44 71680 c:\windows\ie8\admparse.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\b56a80a51f412ce3832eddecb9bf1580\UIAutomationProvider.ni.dll
+ 2010-11-30 23:23 . 2010-11-30 23:23 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\c0ed04db7c18a6c59eddfc18e40e0fb3\System.Windows.Presentation.ni.dll
+ 2010-11-30 23:23 . 2010-11-30 23:23 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\089fd08b7e00981f59306855ea5065e0\System.Web.ApplicationServices.ni.dll
+ 2010-11-30 23:23 . 2010-11-30 23:23 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\eeae22dcbdfe5fbe6ee7aa8810c8d330\System.ServiceModel.Channels.ni.dll
+ 2010-11-30 23:19 . 2010-11-30 23:19 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\52895ca79afea8292b54f053322cff36\System.AddIn.Contract.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\8974f2d78277786a0b4e84f1127a75c0\Microsoft.VisualC.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\46c8b155e6fcd5696ffa15a67824ebab\Accessibility.ni.dll
+ 2010-11-30 22:37 . 2010-11-30 22:37 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\34fe99136a2a52306499615d9d0d0e74\Microsoft.WSMan.Runtime.ni.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 91648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Backgroun#\86190801f195b014ec18234ad4816432\Microsoft.BackgroundIntelligentTransfer.Management.ni.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 13824 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 16896 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.resources.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.resources.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Editor.resources.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.resources.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 49152 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.resources.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.resources.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 10752 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.resources.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 57344 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll
+ 2007-05-03 16:40 . 2004-08-10 19:00 25088 c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
- 2007-05-03 16:40 . 2005-08-03 18:29 25088 c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
+ 2009-10-09 14:57 . 2009-10-09 14:57 20480 c:\windows\$968930Uinstall_KB968930$\PSCustomSetupUtil.exe
+ 2009-10-09 14:56 . 2009-10-09 14:56 2048 c:\windows\system32\winrsmgr.dll
+ 2009-10-09 16:23 . 2009-10-09 16:23 4608 c:\windows\system32\WindowsPowerShell\v1.0\pwrshmsg.dll
+ 2009-10-09 16:23 . 2009-10-09 16:23 4096 c:\windows\system32\WindowsPowerShell\v1.0\powershell_ise.resources.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3082.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3076.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8536 c:\windows\Microsoft.NET\NETFXRepair.2070.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8024 c:\windows\Microsoft.NET\NETFXRepair.2052.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1055.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1053.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1049.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1046.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1045.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1044.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1043.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1042.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1041.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1040.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1038.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1037.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1036.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1035.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1033.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1032.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1031.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1030.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1029.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8024 c:\windows\Microsoft.NET\NETFXRepair.1028.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1025.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelRegUI.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8040 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll
+ 2010-11-30 22:34 . 2009-03-08 04:35 2048 c:\windows\ie8updates\KB2447568-IE8\iecompat.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\332105a018674f583e57c47e643a742d\dfsvc.ni.exe
+ 2010-11-30 22:35 . 2010-11-30 22:35 7168 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 9216 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.resources.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 7168 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.resources.dll
+ 2009-10-09 14:56 . 2009-10-09 14:56 9216 c:\windows\$968930Uinstall_KB968930$\PSSetupNativeUtils.exe
+ 2010-11-30 22:41 . 2010-11-30 22:41 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
- 2007-02-21 17:16 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
+ 2007-02-21 17:16 . 2009-01-07 18:21 121856 c:\windows\system32\xmllite.dll
+ 2009-10-09 14:56 . 2009-10-09 14:56 209408 c:\windows\system32\WsmWmiPl.dll
+ 2009-10-09 16:22 . 2009-10-09 16:22 368640 c:\windows\system32\WsmRes.dll
+ 2009-10-09 14:56 . 2009-10-09 14:56 139776 c:\windows\system32\WsmAuto.dll
+ 2009-10-09 14:56 . 2009-10-09 14:56 225280 c:\windows\system32\wsmanhttpconfig.exe
+ 2009-10-09 14:56 . 2009-10-09 14:56 233984 c:\windows\system32\winrscmd.dll
+ 2009-07-31 23:27 . 2009-07-31 23:27 201184 c:\windows\system32\winrm.vbs
+ 2019-03-07 17:56 . 2010-09-10 05:58 916480 c:\windows\system32\wininet.dll
+ 2006-10-17 13:05 . 2009-03-08 04:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2009-10-09 16:23 . 2009-10-09 16:23 148480 c:\windows\system32\WindowsPowerShell\v1.0\pspluginwkr.dll
+ 2009-10-09 14:57 . 2009-10-09 14:57 204800 c:\windows\system32\WindowsPowerShell\v1.0\powershell_ise.exe
+ 2009-10-09 14:56 . 2009-10-09 14:56 448000 c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe
+ 2009-10-09 14:57 . 2009-10-09 14:57 112640 c:\windows\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer\microsoft.backgroundintelligenttransfer.management.interop.dll
+ 2009-07-16 10:22 . 2009-07-16 10:22 126976 c:\windows\system32\WindowsPowerShell\v1.0\CompiledComposition.Microsoft.PowerShell.GPowerShell.dll
+ 2009-10-09 16:23 . 2009-10-09 16:23 178176 c:\windows\system32\wevtfwd.dll
+ 2019-03-07 17:56 . 2009-03-08 04:34 236544 c:\windows\system32\webcheck.dll
+ 2019-03-07 17:56 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
- 2019-03-07 17:56 . 2010-09-09 13:38 105984 c:\windows\system32\url.dll
+ 2019-03-07 17:56 . 2009-03-08 04:34 105984 c:\windows\system32\url.dll
+ 2008-07-29 18:59 . 2009-10-08 14:57 611328 c:\windows\system32\uiautomationcore.dll
+ 2019-03-07 17:56 . 2010-11-30 23:04 547298 c:\windows\system32\perfh009.dat
+ 2019-03-07 17:56 . 2010-11-30 23:04 102918 c:\windows\system32\perfc009.dat
+ 2019-03-07 17:56 . 2009-10-08 14:57 220160 c:\windows\system32\oleacc.dll
+ 2019-03-07 17:56 . 2008-03-07 17:02 192000 c:\windows\system32\offfilt.dll
- 2019-03-07 17:56 . 2008-04-14 00:12 192000 c:\windows\system32\offfilt.dll
+ 2019-03-07 17:56 . 2010-09-10 05:58 206848 c:\windows\system32\occache.dll
+ 2006-12-01 14:43 . 2010-07-10 05:38 604776 c:\windows\system32\NVUNINST.EXE
+ 2006-12-01 14:43 . 2010-07-10 05:38 604776 c:\windows\system32\nvudisp.exe
- 2006-08-11 21:42 . 2006-08-11 21:42 155715 c:\windows\system32\nvsvc32.exe
+ 2010-07-09 16:24 . 2006-08-11 21:42 155715 c:\windows\system32\nvsvc32.exe
+ 2010-07-09 16:24 . 2006-08-11 21:45 229376 c:\windows\system32\nvmccs.dll
- 2006-08-11 21:45 . 2006-08-11 21:45 229376 c:\windows\system32\nvmccs.dll
+ 2010-07-09 16:24 . 2010-07-09 16:24 145000 c:\windows\system32\nvcolor.exe
+ 2010-03-18 13:16 . 2010-03-18 13:16 771424 c:\windows\system32\msvcr100_clr0400.dll
+ 2019-03-07 17:56 . 2010-09-10 05:58 611840 c:\windows\system32\mstime.dll
+ 2019-03-07 17:56 . 2009-03-08 04:34 193536 c:\windows\system32\msrating.dll
- 2019-03-07 17:56 . 2006-10-27 15:09 156160 c:\windows\system32\msls31.dll
+ 2019-03-07 17:56 . 2009-03-08 04:22 156160 c:\windows\system32\msls31.dll
+ 2006-10-27 15:09 . 2010-09-10 05:58 602112 c:\windows\system32\msfeeds.dll
+ 2009-01-07 18:20 . 2009-01-07 18:20 265720 c:\windows\system32\msdbg2.dll
+ 2009-09-24 00:30 . 2009-09-24 00:30 156488 c:\windows\system32\mscorier.dll
+ 2010-12-03 19:31 . 2010-12-03 19:31 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
+ 2010-12-03 19:31 . 2010-12-03 19:31 311248 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.dll
+ 2019-03-07 17:56 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
+ 2010-05-19 14:46 . 2010-12-05 13:46 222438 c:\windows\system32\inetsrv\MetaBase.bin
+ 2006-10-27 15:09 . 2009-03-08 04:22 164352 c:\windows\system32\ieui.dll
+ 2019-03-07 17:56 . 2010-09-10 05:58 184320 c:\windows\system32\iepeers.dll
+ 2019-03-07 17:56 . 2010-09-10 05:58 387584 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 12:27 . 2009-03-08 04:11 445952 c:\windows\system32\ieapfltr.dll
+ 2019-03-07 17:56 . 2009-03-08 04:32 163840 c:\windows\system32\ieakui.dll
+ 2019-03-07 17:56 . 2009-03-08 04:33 229376 c:\windows\system32\ieaksie.dll
+ 2019-03-07 17:56 . 2009-03-08 04:33 125952 c:\windows\system32\ieakeng.dll
+ 2019-03-07 17:56 . 2010-08-26 12:22 173056 c:\windows\system32\ie4uinit.exe
+ 2010-03-18 13:16 . 2010-03-18 13:16 486216 c:\windows\system32\evr.dll
+ 2019-03-07 17:56 . 2009-03-08 04:31 216064 c:\windows\system32\dxtrans.dll
+ 2019-03-07 17:56 . 2009-03-08 04:31 348160 c:\windows\system32\dxtmsft.dll
+ 2019-03-07 17:56 . 2009-03-08 04:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2005-12-02 08:45 . 2009-03-08 04:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:53 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2019-03-07 17:56 . 2009-03-08 04:34 105984 c:\windows\system32\dllcache\url.dll
- 2019-03-07 17:56 . 2010-09-09 13:38 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 18:20 . 2009-01-07 18:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2019-03-07 17:56 . 2009-10-08 14:57 220160 c:\windows\system32\dllcache\oleacc.dll
- 2019-03-07 17:56 . 2008-04-14 00:12 192000 c:\windows\system32\dllcache\offfilt.dll
+ 2019-03-07 17:56 . 2008-03-07 17:02 192000 c:\windows\system32\dllcache\offfilt.dll
+ 2019-03-07 17:56 . 2010-09-10 05:58 206848 c:\windows\system32\dllcache\occache.dll
+ 2019-03-07 17:56 . 2010-09-10 05:58 611840 c:\windows\system32\dllcache\mstime.dll
+ 2019-03-07 17:56 . 2009-03-08 04:34 193536 c:\windows\system32\dllcache\msrating.dll
- 2019-03-07 17:56 . 2006-10-27 15:09 156160 c:\windows\system32\dllcache\msls31.dll
+ 2019-03-07 17:56 . 2009-03-08 04:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2007-05-09 14:51 . 2010-09-10 05:58 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-05-09 10:53 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
+ 2005-12-02 08:45 . 2009-03-08 14:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2019-03-07 17:56 . 2010-09-10 05:58 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2019-03-07 17:56 . 2010-09-10 05:58 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-05-09 14:51 . 2009-03-08 04:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2019-03-07 17:56 . 2009-03-08 04:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2019-03-07 17:56 . 2009-03-08 04:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2019-03-07 17:56 . 2009-03-08 04:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2019-03-07 17:56 . 2010-08-26 12:22 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2019-03-07 17:56 . 2009-03-08 04:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2019-03-07 17:56 . 2009-03-08 04:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2019-03-07 17:56 . 2009-03-08 04:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2019-03-07 17:56 . 2009-03-08 04:32 128512 c:\windows\system32\advpack.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 114520 c:\windows\Microsoft.NET\NETFXRepair.exe
+ 2010-03-18 13:16 . 2010-03-18 13:16 915800 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 753504 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
+ 2010-03-18 13:16 . 2010-03-18 13:16 350592 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClientsideProviders.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 163168 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClient.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 675672 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Speech.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 334688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Printing.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 581464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\ReachFramework.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 832856 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationUI.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 801136 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 181096 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 194424 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Royale.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 478576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Luna.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 167288 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Classic.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 232304 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Aero.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 807264 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NaturalLanguage6.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 138592 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Linq.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 699224 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 857960 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Services.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 269672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Transactions.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 113512 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceProcess.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 129912 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Routing.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 390008 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Discovery.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 505208 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activities.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 261472 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 122264 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 291184 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Remoting.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 349568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.DurableInstancing.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 231760 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 253280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Messaging.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 134528 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.Instrumentation.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 378720 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 123736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Log.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 125816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Selectors.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 392552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.dll
+ 2010-03-18 00:51 . 2010-03-18 00:51 109568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Wrapper.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 246128 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 120152 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Dynamic.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 607064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 182144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.Protocols.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 395120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 285072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.AccountManagement.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 829280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 747360 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.SqlXml.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 436600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Client.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 683872 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Linq.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 409448 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.configuration.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 210816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.Composition.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 149848 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 122248 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.DurableInstancing.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 525704 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Core.Presentation.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 112976 c:\windows\Microsoft.NET\Framework\v4.0.30319\sysglobl.dll
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Browser acting strangely - please advise

Unread postby john_m_nash » December 5th, 2010, 10:18 am

+ 2010-03-18 13:16 . 2010-03-18 13:16 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 124240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
+ 2009-08-31 10:44 . 2009-08-31 10:44 144416 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\sqmapi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 295248 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 807256 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupEngine.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 173920 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2010-03-18 13:16 . 2010-03-18 13:16 121688 c:\windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 150856 c:\windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
+ 2010-03-18 13:16 . 2010-03-18 13:16 130384 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
+ 2010-03-18 13:16 . 2010-03-18 13:16 335184 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 110936 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsecimpl.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 372048 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 145752 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 413008 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 661352 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 349576 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 170368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 387960 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 746336 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.JScript.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 505184 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.CSharp.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 794464 c:\windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 688472 c:\windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 129880 c:\windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 105808 c:\windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
+ 2010-03-18 13:16 . 2010-03-18 13:16 105288 c:\windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 139088 c:\windows\Microsoft.NET\Framework\v4.0.30319\AdoNetDiag.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 255304 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\vbc7ui.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 255896 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\Microsoft.VisualBasic.Activities.CompilerUI.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 182088 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-12-03 20:14 . 2010-12-03 20:14 807936 c:\windows\Installer\37c3b3.msi
+ 2010-11-30 22:33 . 2009-03-08 04:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-11-30 22:33 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-11-30 22:33 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-11-30 22:33 . 2009-03-08 04:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-11-30 22:33 . 2009-03-08 04:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-11-30 22:33 . 2009-03-08 04:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-11-30 22:33 . 2009-03-08 04:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-11-30 22:33 . 2009-03-08 04:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-11-30 22:33 . 2009-03-08 04:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-11-30 22:33 . 2009-03-08 14:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-11-30 22:33 . 2009-03-08 04:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-12-01 08:34 . 2009-03-08 04:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-12-01 08:35 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-12-01 08:35 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-12-01 08:35 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-12-01 08:35 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-12-01 08:35 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-12-01 08:34 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2010-12-01 08:34 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2010-12-01 08:34 . 2009-03-08 04:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2010-11-30 22:34 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2447568-IE8\spuninst\updspapi.dll
+ 2010-11-30 22:34 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2447568-IE8\spuninst\spuninst.exe
+ 2010-11-30 22:33 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2360131-IE8\wininet.dll
+ 2010-11-30 22:33 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2360131-IE8\spuninst\updspapi.dll
+ 2010-11-30 22:33 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2360131-IE8\spuninst\spuninst.exe
+ 2010-11-30 22:33 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2360131-IE8\occache.dll
+ 2010-11-30 22:33 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2360131-IE8\mstime.dll
+ 2010-11-30 22:33 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2360131-IE8\msfeeds.dll
+ 2010-11-30 22:33 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2360131-IE8\ieproxy.dll
+ 2010-11-30 22:33 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2360131-IE8\iepeers.dll
+ 2010-11-30 22:33 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2360131-IE8\iedvtool.dll
+ 2010-11-30 22:33 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2360131-IE8\iedkcs32.dll
+ 2010-11-30 22:33 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2360131-IE8\ie4uinit.exe
+ 2010-11-30 22:29 . 2010-09-09 13:38 832512 c:\windows\ie8\wininet.dll
+ 2010-11-30 22:29 . 2006-10-17 13:05 206336 c:\windows\ie8\winfxdocobj.exe
+ 2010-11-30 22:29 . 2010-09-09 13:38 233472 c:\windows\ie8\webcheck.dll
+ 2010-11-30 22:29 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
+ 2010-11-30 22:29 . 2010-03-09 11:09 430080 c:\windows\ie8\vbscript.dll
+ 2010-11-30 22:29 . 2010-09-09 13:38 105984 c:\windows\ie8\url.dll
+ 2010-11-30 22:31 . 2009-01-07 18:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2010-11-30 22:31 . 2009-01-07 18:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2010-12-01 07:24 . 2010-09-09 13:38 193024 c:\windows\ie8\msrating.dll
+ 2010-12-01 07:24 . 2006-10-27 15:09 156160 c:\windows\ie8\msls31.dll
+ 2010-12-01 07:24 . 2010-09-09 13:38 478208 c:\windows\ie8\mshtmled.dll
+ 2010-12-01 07:24 . 2010-09-09 13:38 468480 c:\windows\ie8\msfeeds.dll
+ 2010-12-01 07:24 . 2009-08-13 15:16 512000 c:\windows\ie8\jscript.dll
+ 2010-12-01 07:24 . 2010-08-25 11:30 634648 c:\windows\ie8\iexplore.exe
+ 2010-12-01 07:24 . 2006-10-27 15:09 180736 c:\windows\ie8\ieui.dll
+ 2010-12-01 07:24 . 2010-09-09 13:38 268288 c:\windows\ie8\iertutil.dll
+ 2010-12-01 07:24 . 2006-10-27 15:09 287744 c:\windows\ie8\ieproxy.dll
+ 2010-12-01 07:24 . 2010-09-09 13:38 192512 c:\windows\ie8\iepeers.dll
+ 2010-12-01 07:24 . 2010-09-09 13:38 380928 c:\windows\ie8\ieapfltr.dll
+ 2010-12-01 07:24 . 2010-08-25 11:29 161792 c:\windows\ie8\ieakui.dll
+ 2010-12-01 07:24 . 2010-09-09 13:38 230400 c:\windows\ie8\ieaksie.dll
+ 2010-12-01 07:24 . 2010-09-09 13:38 153088 c:\windows\ie8\ieakeng.dll
+ 2010-12-01 07:24 . 2010-09-09 13:38 214528 c:\windows\ie8\dxtrans.dll
+ 2010-12-01 07:24 . 2010-09-09 13:38 347136 c:\windows\ie8\dxtmsft.dll
+ 2010-12-01 07:24 . 2010-09-09 13:38 124928 c:\windows\ie8\advpack.dll
+ 2010-11-30 23:23 . 2010-11-30 23:23 245760 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\bf56bd4e9996950950b4685dac7f2156\WindowsFormsIntegration.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 195584 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\bbd68c1c06eb762bedb74bc73dc9a414\UIAutomationTypes.ni.dll
+ 2010-11-30 23:23 . 2010-11-30 23:23 481792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\00798a39f87603ae67392c44f85b1957\UIAutomationClient.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\0a5fb7acbda333f46ef269b56b063562\System.Xml.Linq.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 187904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\3a3e9feefb5fb9724cd7867a35d69cdf\System.Windows.Input.Manipulations.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 645632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\40ab9da3eafd6bd1cbc6695ba406975a\System.Transactions.ni.dll
+ 2010-11-30 23:23 . 2010-11-30 23:23 220672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\3f1613bcf5b9cf536359bfff7bd18a5a\System.ServiceProcess.ni.dll
+ 2010-11-30 23:23 . 2010-11-30 23:23 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\82ed1ab8f0885159082e80a036ff644b\System.ServiceModel.Routing.ni.dll
+ 2010-11-30 22:43 . 2010-11-30 22:43 721920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\0f2c177d8261d29f86d89095eef16727\System.Security.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 310272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\894d864ff8eeb97fad09797d33a06d83\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 758784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b095af4c06f82361e8be3ec0e6347cc3\System.Runtime.Remoting.ni.dll
+ 2010-11-30 22:42 . 2010-11-30 22:42 144896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\be70c34efd115166a2710acac3346bfa\System.Numerics.ni.dll
+ 2010-11-30 23:22 . 2010-11-30 23:22 651264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\6826a32db8001b220cdd0d6e58aa465a\System.Net.ni.dll
+ 2010-11-30 23:22 . 2010-11-30 23:22 625152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\291408f3000e5c3cf1b37a19fe92805d\System.Messaging.ni.dll
+ 2010-11-30 23:22 . 2010-11-30 23:22 392704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\9d6d586577a11ea9a64a425ef3c71908\System.Management.Instrumentation.ni.dll
+ 2010-11-30 23:22 . 2010-11-30 23:22 405504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\f7cf3d2a43d81edd5f92789f6f3ee35c\System.IO.Log.ni.dll
+ 2010-11-30 23:22 . 2010-11-30 23:22 228352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\9959125c968b7f2c43c656e1393b35ad\System.IdentityModel.Selectors.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 230912 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\fd54d0f2f9e59c87b568b9abc23d7cdf\System.EnterpriseServices.Wrapper.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 784896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\fd54d0f2f9e59c87b568b9abc23d7cdf\System.EnterpriseServices.ni.dll
+ 2010-11-30 22:43 . 2010-11-30 22:43 373248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\026f06d9cc11f8e4bce87765d35feee5\System.Dynamic.ni.dll
+ 2010-11-30 23:22 . 2010-11-30 23:22 911872 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\ee2d12ef14e9b70fac2f6d27146f2fe5\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-11-30 23:22 . 2010-11-30 23:22 461824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6f3b1d1d489ab511340848400b89f056\System.DirectoryServices.Protocols.ni.dll
+ 2010-11-30 23:22 . 2010-11-30 23:22 112128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\27cf40470d358fe4a57e502a8350353d\System.Device.ni.dll
+ 2010-11-30 23:19 . 2010-11-30 23:19 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\4d3fc0529d8089c7c0d611f5dd452bba\System.Data.DataSetExtensions.ni.dll
+ 2010-11-30 22:43 . 2010-11-30 22:43 973312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac2cd19f2159d48684e17cbdecfaa3b7\System.Configuration.ni.dll
+ 2010-11-30 23:19 . 2010-11-30 23:19 145920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\95d48fd5985ea45686feb0bf3dd48965\System.Configuration.Install.ni.dll
+ 2010-11-30 22:43 . 2010-11-30 22:43 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\ea21918644eb5bcc678bd72c4c7564a8\System.ComponentModel.Composition.ni.dll
+ 2010-11-30 23:19 . 2010-11-30 23:19 193536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\d09724ed63bd50523934132c98f15fef\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-11-30 23:19 . 2010-11-30 23:19 613888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\d8081c7946511948a128a77803f0985f\System.AddIn.ni.dll
+ 2010-11-30 23:19 . 2010-11-30 23:19 402944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\04bf5714cef2ce3fc97d55c9843b36f0\System.Activities.DurableInstancing.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 316928 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\49e65c90ae6199360d5ec36ff8ed04d5\SMSvcHost.ni.exe
+ 2010-11-30 23:18 . 2010-11-30 23:18 142336 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\b420437eca1d1aec1a8bf23cc5173661\SMDiagnostics.ni.dll
+ 2010-11-30 22:43 . 2010-11-30 22:43 450048 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b4e58d1a3e0ee75b6b107585c92c68e8\PresentationFramework.Aero.ni.dll
+ 2010-11-30 22:43 . 2010-11-30 22:43 327168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\6db66420e529cf49087d9809fc19d4b3\PresentationFramework.Royale.ni.dll
+ 2010-11-30 22:42 . 2010-11-30 22:42 283648 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\340df2dd99f470883c9a7834a1533f8a\PresentationFramework.Classic.ni.dll
+ 2010-11-30 22:43 . 2010-11-30 22:43 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\054df232cc5c718f35a9808007c053d1\PresentationFramework.Luna.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\02fefaca15882a01c7a9c46e1009913f\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 418304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\6a557c74c85034c1dd514949e7d2e159\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 193024 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\da19e7188e9253fd383e8149b960e102\CustomMarshalers.ni.dll
+ 2010-11-30 22:37 . 2010-11-30 22:37 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\a90fef2e90e3c1c1de3bf24a835dcfa0\Microsoft.WSMan.Management.ni.dll
+ 2010-11-30 22:36 . 2010-11-30 22:36 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ff9583e53a4bec6da6aae423a613ba6c\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2010-11-30 22:36 . 2010-11-30 22:36 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\f449b2674e5198e37ce8642b27a94823\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2010-11-30 22:37 . 2010-11-30 22:37 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8aece00b9a77cc2d75a921465abcce57\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2010-11-30 22:37 . 2010-11-30 22:37 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\715cee741bcf47ecaf75a856c156f3cb\Microsoft.PowerShell.Security.ni.dll
+ 2010-11-30 22:36 . 2010-11-30 22:36 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3d7d5070c97ef550f64bc835a8959341\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 253952 c:\windows\assembly\GAC_MSIL\System.Management.Automation.resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.resources.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 274432 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 278528 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 651264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.GPowerShell.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 991232 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Editor.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 200704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 618496 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 262144 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 102400 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll
+ 2010-11-30 22:34 . 2009-06-17 18:59 379184 c:\windows\$968930Uinstall_KB968930$\spuninst\updspapi.dll
+ 2010-11-30 22:34 . 2009-06-17 18:59 221488 c:\windows\$968930Uinstall_KB968930$\spuninst\spuninst.exe
+ 2009-10-09 16:23 . 2009-10-09 16:23 1107456 c:\windows\system32\WsmSvc.dll
+ 2019-03-07 17:56 . 2010-09-10 05:58 1210880 c:\windows\system32\urlmon.dll
+ 2010-07-10 05:38 . 2010-07-10 05:38 2195030 c:\windows\system32\nvdata.bin
+ 2010-07-10 05:38 . 2010-07-10 05:38 2914408 c:\windows\system32\nvcuvid.dll
+ 2010-07-10 05:38 . 2010-07-10 05:38 2506344 c:\windows\system32\nvcuvenc.dll
+ 2010-07-10 05:38 . 2010-07-10 05:38 4595712 c:\windows\system32\nvcuda.dll
+ 2010-07-09 16:24 . 2006-08-11 21:43 7630848 c:\windows\system32\nvcpl.dll
- 2006-08-11 21:43 . 2006-08-11 21:43 7630848 c:\windows\system32\nvcpl.dll
+ 2019-03-07 17:56 . 2010-09-10 05:58 5957120 c:\windows\system32\mshtml.dll
+ 2006-10-17 12:57 . 2010-09-10 05:58 1986560 c:\windows\system32\iertutil.dll
+ 2006-09-06 00:01 . 2009-02-06 21:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2019-03-07 17:56 . 2010-09-10 05:58 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-07 18:20 . 2009-01-07 18:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2019-03-07 17:56 . 2010-09-10 05:58 5957120 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-09 14:51 . 2010-09-10 05:58 1986560 c:\windows\system32\dllcache\iertutil.dll
+ 2007-05-09 14:51 . 2009-02-06 21:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-01-07 18:20 . 2009-01-07 18:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 1303896 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 6346600 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 3545952 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 2650464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsLexicons0009.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 4881752 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsData0009.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 2199880 c:\windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
+ 2010-03-18 13:16 . 2010-03-18 13:16 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 4982120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 1711496 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 6067048 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 1026936 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 3481928 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 4464480 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 2970968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 1339736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 1462648 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Presentation.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 1199968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.dll
+ 2010-03-18 20:26 . 2010-03-18 20:26 1163264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\netfx_core_x86.msi
+ 2010-03-18 13:16 . 2010-03-18 13:16 5196112 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 1141592 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 2989456 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2010-03-18 13:16 . 2010-03-18 13:16 1972552 c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
+ 2010-03-18 13:16 . 2010-03-18 13:16 6730056 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 5196112 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2010-11-30 22:41 . 2010-11-30 22:41 1160192 c:\windows\Installer\97e688.msi
+ 2010-12-03 20:17 . 2010-12-03 20:17 9472000 c:\windows\Installer\37c663.msi
+ 2010-12-04 18:59 . 2010-12-04 18:59 1094656 c:\windows\Installer\2cbe4.msi
+ 2010-11-30 22:33 . 2009-03-08 04:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-11-30 22:33 . 2009-03-08 04:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-11-30 22:33 . 2009-03-08 04:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2010-11-30 22:33 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2360131-IE8\urlmon.dll
+ 2010-11-30 22:33 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
+ 2010-11-30 22:33 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2360131-IE8\iertutil.dll
+ 2010-11-30 22:29 . 2010-09-09 13:38 1168384 c:\windows\ie8\urlmon.dll
+ 2010-12-01 07:24 . 2010-09-09 13:38 3601920 c:\windows\ie8\mshtml.dll
+ 2010-12-01 07:24 . 2010-09-09 13:38 6075904 c:\windows\ie8\ieframe.dll
+ 2010-12-01 07:24 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
+ 2010-11-30 22:43 . 2010-11-30 22:43 3779072 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f1f3a74eb37b27b7d05b8ffa941f8473\WindowsBase.ni.dll
+ 2010-11-30 23:23 . 2010-11-30 23:23 1055744 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\f307842a5d932b4c92a71a1b77d1148b\UIAutomationClientsideProviders.ni.dll
+ 2010-11-30 22:42 . 2010-11-30 22:42 9000960 c:\windows\assembly\NativeImages_v4.0.30319_32\System\161c6f80ad93b0505054d244f1c6243c\System.ni.dll
+ 2010-11-30 22:43 . 2010-11-30 22:43 5571584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2d7c29ad77c15abfa6a8fe6d24840a91\System.Xml.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 1776640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d85a3d6ed5bb77f5603e098cccf60bfa\System.Xaml.ni.dll
+ 2010-11-30 23:23 . 2010-11-30 23:23 4496384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\7775d84ce45d39ac5eede2ba5e966a8a\System.Windows.Forms.DataVisualization.ni.dll
+ 2010-11-30 23:23 . 2010-11-30 23:23 1828352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\90550903efefcbf634ee236b6fde4d0a\System.Web.Services.ni.dll
+ 2010-11-30 23:23 . 2010-11-30 23:23 1992192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\e59f0799f4351c001f2e4b72064df5de\System.Speech.ni.dll
+ 2010-11-30 23:23 . 2010-11-30 23:23 1388032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\67c54ed5743b27d8e8570a7688de93ae\System.ServiceModel.Activities.ni.dll
+ 2010-11-30 23:23 . 2010-11-30 23:23 1127424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\589e9eded9e383f4b7dfa4c66aa5c9bf\System.ServiceModel.Discovery.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 2625024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\30ed505f7ea7d6139128d4a6d9981dc0\System.Runtime.Serialization.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 1011200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\591cc2015a0165ede73d3e6770e0e7c2\System.Runtime.DurableInstancing.ni.dll
+ 2010-11-30 23:19 . 2010-11-30 23:19 1047040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\40125e5383c4af4d0b7a23e2d52b5112\System.Printing.ni.dll
+ 2010-11-30 23:22 . 2010-11-30 23:22 1159168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\848c4005079e434e04096d683fab1ded\System.Management.ni.dll
+ 2010-11-30 23:22 . 2010-11-30 23:22 1065984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\81558b32b261e911f8f822f1de63fdca\System.IdentityModel.ni.dll
+ 2010-11-30 22:42 . 2010-11-30 22:42 1651200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2fe09cc54a8390b20e380239db34228f\System.Drawing.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 1151488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\9cf61683cbb57e80828013b2c9024a7e\System.DirectoryServices.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 1872384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\0778748cd9700240f093adfc5dfc5750\System.Deployment.ni.dll
+ 2010-11-30 22:43 . 2010-11-30 22:43 6754816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\c12e10c218be4be353975af6abb072d9\System.Data.ni.dll
+ 2010-11-30 22:43 . 2010-11-30 22:43 2538496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\0da585d97fb80a097bf7cb4c5002c3ac\System.Data.SqlXml.ni.dll
+ 2010-11-30 23:22 . 2010-11-30 23:22 1332736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\b5abc386410cb0b80710bf5b1ca511dc\System.Data.Services.Client.ni.dll
+ 2010-11-30 22:43 . 2010-11-30 22:43 2499072 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\73dd24232790e0e5c2649dde8e65516c\System.Data.Linq.ni.dll
+ 2010-11-30 22:43 . 2010-11-30 22:43 7025664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\85693dfd9ba4905b0fd947fdb51446d5\System.Core.ni.dll
+ 2010-11-30 23:19 . 2010-11-30 23:19 4103168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\1f1416d0bd44f4f4b7b447dd46100cb2\System.Activities.ni.dll
+ 2010-11-30 23:19 . 2010-11-30 23:19 3691520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\9a80ca1aff58bb8bd4ba68aedbb0b21d\System.Activities.Presentation.ni.dll
+ 2010-11-30 23:19 . 2010-11-30 23:19 1506304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\c58f64b1cb8226be2d8d65c852dfe2e3\System.Activities.Core.Presentation.ni.dll
+ 2010-11-30 23:19 . 2010-11-30 23:19 2842624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\ea622ab70f67eef23533a326f29c5ed2\ReachFramework.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 1622528 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\29a210cb0025eec8da18645b52d2e559\PresentationUI.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 1134080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\fc453dc65663953ef9a84d54db7c5f44\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 1167872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\f4e162e7a860c3577fbb3455fc1349a5\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 1819648 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a571b1efa54d6a35b336fa5b5e624854\Microsoft.VisualBasic.ni.dll
+ 2010-11-30 23:18 . 2010-11-30 23:18 1079808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\1dc732b2fb25d70b83fa2cab112525f9\Microsoft.Transactions.Bridge.ni.dll
+ 2010-11-30 23:22 . 2010-11-30 23:22 2441728 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\657c944537a05caa1b1f55cffb8aabb9\Microsoft.JScript.ni.dll
+ 2010-11-30 22:43 . 2010-11-30 22:43 1612288 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\597354cf9a5082f5ca1914732fab0892\Microsoft.CSharp.ni.dll
+ 2010-11-30 22:38 . 2010-11-30 22:38 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\47a2229038c869951b36a1081a3c8768\System.Management.Automation.ni.dll
+ 2010-11-30 22:36 . 2010-11-30 22:36 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\adca7827958ca8958a599d82143dce51\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2010-11-30 22:37 . 2010-11-30 22:37 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6408339c6991217900316808e44f5158\Microsoft.PowerShell.Editor.ni.dll
+ 2010-11-30 22:37 . 2010-11-30 22:37 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\27894b3ee67930492bb4925dc27c9e6b\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2010-11-30 22:35 . 2010-11-30 22:35 2682880 c:\windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
+ 2010-07-10 05:38 . 2010-07-10 05:38 10260480 c:\windows\system32\nvcompiler.dll
+ 2006-10-27 15:09 . 2010-09-10 05:58 11080192 c:\windows\system32\ieframe.dll
+ 2006-08-11 21:42 . 2010-07-10 05:38 10604128 c:\windows\system32\dllcache\nv4_mini.sys
+ 2007-05-09 14:51 . 2010-09-10 05:58 11080192 c:\windows\system32\dllcache\ieframe.dll
+ 2010-11-30 22:33 . 2009-03-08 04:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2010-11-30 22:33 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2360131-IE8\ieframe.dll
+ 2010-11-30 22:43 . 2010-11-30 22:43 13006336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3cdd09fc0acc85c7febbd2e2ef9c4e5\System.Windows.Forms.ni.dll
+ 2010-11-30 23:22 . 2010-11-30 23:22 17919488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\40f4f298c3c655b834c73b5046a9cd0b\System.ServiceModel.ni.dll
+ 2010-11-30 23:21 . 2010-11-30 23:21 13273600 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\7afa32d3d9ab340abd33e960a849685c\System.Data.Entity.ni.dll
+ 2010-11-30 22:44 . 2010-11-30 22:44 17629184 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8357ade60159c25ee88db0aab8686e6d\PresentationFramework.ni.dll
+ 2010-11-30 22:43 . 2010-11-30 22:43 11057664 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7a1eeb425f9318f432afead4b2da965a\PresentationCore.ni.dll
+ 2010-11-30 22:42 . 2010-11-30 22:42 14415872 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-11-17 329096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG111v3 Smart Wizard.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WPN111 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 17:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 14:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 02:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-01-14 18:21 110744 -c--a-w- c:\program files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 11:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-04 22:32 53248 -c----w- c:\program files\REGSHAVE\REGSHAVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-27 18:50 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-12-02 09:26 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 19:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Steam\\steamapps\\twister625\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\0wn3dpl0z\\condition zero\\hl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\0wn3dpl0z\\counter-strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [05/10/2010 13:45 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [15/03/2010 16:17 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [05/10/2010 13:45 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [05/10/2010 13:45 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [05/10/2010 13:45 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [05/10/2010 13:45 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [05/10/2010 13:45 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [05/10/2010 13:45 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [05/10/2010 13:45 88544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04/02/2010 09:34 135664]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [15/03/2009 11:13 17149]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [05/10/2010 13:45 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [05/10/2010 13:45 84264]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys --> c:\windows\system32\DRIVERS\wg111v3.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [07/03/2019 17:56 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [02/12/2005 17:08 85888]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [02/12/2005 17:08 51840]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-12-05 c:\windows\Tasks\User_Feed_Synchronization-{047EC318-895C-4E4E-A462-DFB82241EFF9}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = \blank.htm
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\gemma\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\dave\Application Data\Mozilla\Firefox\Profiles\66i32xil.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\dave\Application Data\Mozilla\Firefox\Profiles\66i32xil.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-PCguardadvisor - c:\program files\blueyonder\PCguard advisor\PCguardadvisor.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 14:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-12-05 14:10:37
ComboFix-quarantined-files.txt 2010-12-05 14:10
ComboFix2.txt 2010-11-30 20:15
ComboFix3.txt 2010-11-30 07:37

Pre-Run: 206,234,357,760 bytes free
Post-Run: 206,213,292,032 bytes free

- - End Of File - - 4C898FCF0411B8A0CB4D5F246FBB0E15
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Browser acting strangely - please advise

Unread postby muppy03 » December 6th, 2010, 6:34 am

Combofix downloaded ok this time and I also updated it.


Excellent, that is what I like to hear. :)

It appears that internet explorer gives me this message when I try to install the recommended updates from secunia software updates


Is this still happening, what other problems are you noticing now?

Please post a new HJT log along with the update.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 140 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware