Hijack This log

jhooga

jhooga

New Member
can someone analyze my log please

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:26:04 AM, on 9/15/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15119&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PlaySushi - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (file missing)

--
End of file - 4840 bytes
 
jhooga

jhooga

New Member
I ran malwarebytes updated the database and it caught nothing at all, I did notice a fake proxy in place and I am pretty sure i got rid of that but its still kinda slow and giving me some little install errors on things, like anti virus programs
 
johnb35

johnb35

Administrator
Staff member
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
jhooga

jhooga

New Member
I cant get combofix to install, i am able to download it but then nothing happens just exits. But here is a fresh hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:34 PM, on 9/15/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15119&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PlaySushi - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [wpsfiykv] C:\Users\Catie\AppData\Local\ymwwnafnv\vdvkqnsuqiw.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (file missing)
O23 - Service: Livescribe Pulse Smartpen Service (PenCommService) - Livescribe - C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9294 bytes
 
johnb35

johnb35

Administrator
Staff member
Redownload combofix, but this time when it asks you to save it, rename it combo-fix not combofix. And try again. Let me know if that don't work either.
 
johnb35

johnb35

Administrator
Staff member
I saw your deleted post so i'm responding to it.

Please download and run rkill.scr but do not reboot the system, then try rerunning combofix again. After running rkill it will produce a log letting you know if it killed a process. Let me know if it stopped anything.
 
jhooga

jhooga

New Member
well i got it to run it just needed a reboot for some reason but here is the combofix log

ComboFix 10-09-15.01 - Catie 09/15/2010 18:10:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.822 [GMT -5:00]
Running from: F:\combo-fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\PlaySushi\PSTExt.dll
c:\users\Catie\AppData\Local\{A216C61E-705B-427A-81A4-EAE6CE26C948}
c:\users\Catie\AppData\Local\{A216C61E-705B-427A-81A4-EAE6CE26C948}\chrome.manifest
c:\users\Catie\AppData\Local\{A216C61E-705B-427A-81A4-EAE6CE26C948}\chrome\content\_cfg.js
c:\users\Catie\AppData\Local\{A216C61E-705B-427A-81A4-EAE6CE26C948}\chrome\content\overlay.xul
c:\users\Catie\AppData\Local\{A216C61E-705B-427A-81A4-EAE6CE26C948}\install.rdf
c:\users\Catie\GoToAssistDownloadHelper.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))
.

2010-09-15 23:18 . 2010-09-15 23:19 -------- d-----w- c:\users\Catie\AppData\Local\temp
2010-09-15 23:18 . 2010-09-15 23:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-15 23:02 . 2010-09-15 23:03 -------- d-----w- C:\32788R22FWJFW
2010-09-15 22:56 . 2010-09-15 22:56 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-09-15 22:55 . 2010-09-15 22:55 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-09-15 22:39 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 22:39 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 22:39 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 22:39 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 19:46 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-15 07:25 . 2010-09-15 07:25 -------- d-----w- c:\program files\Trend Micro
2010-09-15 03:56 . 2010-09-15 03:56 -------- d-----w- C:\14be0b75c79bce86d51dcd5750
2010-09-15 03:48 . 2010-09-15 21:44 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-09-15 03:47 . 2010-09-15 03:47 -------- d-----w- C:\dd7f47c235de37de3aa322d8027d
2010-09-11 17:06 . 2010-09-11 17:06 -------- d-----w- C:\084df28c8a8437c9d4
2010-09-11 17:05 . 2010-09-11 17:05 -------- d-----w- C:\f30f3796be49f480c74c8a75
2010-09-11 17:04 . 2010-09-11 17:04 -------- d-----w- C:\13c456a510113af7bfef8a9d
2010-09-11 15:49 . 2010-09-11 15:49 -------- d-----w- c:\users\Catie\AppData\Roaming\Malwarebytes
2010-09-11 15:49 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-11 15:49 . 2010-09-11 15:49 -------- d-----w- c:\programdata\Malwarebytes
2010-09-11 15:49 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-11 15:49 . 2010-09-11 15:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-11 15:34 . 2010-09-11 15:34 2838 ----a-w- c:\users\Catie\AppData\Local\imunojowayecoxe.dll
2010-09-10 22:03 . 2010-09-11 15:35 0 ----a-w- c:\users\Catie\AppData\Local\Iyugikomejes.bin
2010-09-10 22:03 . 2010-09-10 22:03 120 ----a-w- c:\users\Catie\AppData\Local\Anuwiwoniqiv.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 23:18 . 2010-05-31 18:08 -------- d-----w- c:\program files\PlaySushi
2010-09-15 22:56 . 2008-07-12 19:10 -------- d-----w- c:\programdata\Microsoft Help
2010-09-15 22:56 . 2008-07-08 18:11 -------- d-----w- c:\program files\Microsoft Works
2010-09-15 20:36 . 2008-07-08 18:04 -------- d-----w- c:\program files\Google
2010-09-15 01:26 . 2008-07-08 17:58 -------- d-----w- c:\program files\Dell
2010-09-11 17:17 . 2008-07-08 18:04 -------- d-----w- c:\programdata\McAfee
2010-09-11 17:15 . 2009-08-25 16:18 -------- d-----w- c:\program files\Oberon Media
2010-09-09 06:32 . 2008-07-13 20:59 -------- d-----w- c:\program files\Dl_cats
2010-08-20 23:31 . 2008-07-08 01:11 -------- d-----w- c:\users\Catie\AppData\Roaming\LimeWire
2010-08-16 20:41 . 2010-07-03 17:52 27591840 ----a-w- c:\programdata\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-07-11 00:35 . 2010-07-11 00:35 96 ----a-w- c:\users\Catie\AppData\Roaming\wklnhst.dat
2010-06-26 06:05 . 2010-08-10 20:11 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-10 20:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-10 20:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-10 20:11 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:18 . 2010-08-10 20:10 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 16:43 . 2010-08-10 20:10 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 14:43 . 2010-08-10 20:10 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 14:43 . 2010-08-10 20:10 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2008-07-08 20:39 . 2008-07-08 20:39 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 20:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-06-20 69632]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-19 3444736]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-8 50688]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-08 18:14 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 21:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 20:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-02-04 22:57 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 PulseUsb;Livescribe Pulse Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys [2009-12-16 19968]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-29 691696]
S0 AFS;AFS; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 532480]
S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [2010-04-05 444928]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15119&l=dis
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Catie\AppData\Roaming\Mozilla\Firefox\Profiles\vedndga8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15119&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PSI&o=15116&locale=en_US&apn_uid=396EBA31-B3CE-4D3E-9FFF-4F36288DA68F&apn_ptnrs=L6&apn_sauid=DA766601-6B76-45C5-AEF9-9263FB78316E&apn_dtid=&q=
FF - component: c:\users\Catie\AppData\Roaming\Mozilla\Firefox\Profiles\vedndga8.default\extensions\[email protected]\components\PlaySushiFF.dll
FF - plugin: c:\users\Catie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-wpsfiykv - c:\users\Catie\AppData\Local\ymwwnafnv\vdvkqnsuqiw.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-15 18:19
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-15 18:21:05
ComboFix-quarantined-files.txt 2010-09-15 23:21

Pre-Run: 173,877,858,304 bytes free
Post-Run: 173,728,415,744 bytes free

- - End Of File - - 0163823349306477A7E53FCEDBA6BEFD
 
johnb35

johnb35

Administrator
Staff member
Please place the combofix file on your desktop so we may perfom the following procedure.


1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
File::
c:\users\Catie\AppData\Local\Iyugikomejes.bin
c:\users\Catie\AppData\Local\Anuwiwoniqiv.dat



3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
 
jhooga

jhooga

New Member
Here is the new one

ComboFix 10-09-15.01 - Catie 09/15/2010 18:36:07.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.932 [GMT -5:00]
Running from: c:\users\Catie\Desktop\combo-fix.exe
Command switches used :: c:\users\Catie\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Catie\AppData\Local\Anuwiwoniqiv.dat"
"c:\users\Catie\AppData\Local\Iyugikomejes.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Catie\AppData\Local\Anuwiwoniqiv.dat
c:\users\Catie\AppData\Local\Iyugikomejes.bin

.
((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))
.

2010-09-15 23:40 . 2010-09-15 23:41 -------- d-----w- c:\users\Catie\AppData\Local\temp
2010-09-15 23:40 . 2010-09-15 23:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-15 23:40 . 2010-09-15 23:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-15 22:56 . 2010-09-15 22:56 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-09-15 22:55 . 2010-09-15 22:55 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-09-15 22:39 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 22:39 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 22:39 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 22:39 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 19:46 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-15 07:25 . 2010-09-15 07:25 -------- d-----w- c:\program files\Trend Micro
2010-09-15 03:56 . 2010-09-15 03:56 -------- d-----w- C:\14be0b75c79bce86d51dcd5750
2010-09-15 03:48 . 2010-09-15 21:44 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-09-15 03:47 . 2010-09-15 03:47 -------- d-----w- C:\dd7f47c235de37de3aa322d8027d
2010-09-11 17:06 . 2010-09-11 17:06 -------- d-----w- C:\084df28c8a8437c9d4
2010-09-11 17:05 . 2010-09-11 17:05 -------- d-----w- C:\f30f3796be49f480c74c8a75
2010-09-11 17:04 . 2010-09-11 17:04 -------- d-----w- C:\13c456a510113af7bfef8a9d
2010-09-11 15:49 . 2010-09-11 15:49 -------- d-----w- c:\users\Catie\AppData\Roaming\Malwarebytes
2010-09-11 15:49 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-11 15:49 . 2010-09-11 15:49 -------- d-----w- c:\programdata\Malwarebytes
2010-09-11 15:49 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-11 15:49 . 2010-09-11 15:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-11 15:34 . 2010-09-11 15:34 2838 ----a-w- c:\users\Catie\AppData\Local\imunojowayecoxe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 23:18 . 2010-05-31 18:08 -------- d-----w- c:\program files\PlaySushi
2010-09-15 22:56 . 2008-07-12 19:10 -------- d-----w- c:\programdata\Microsoft Help
2010-09-15 22:56 . 2008-07-08 18:11 -------- d-----w- c:\program files\Microsoft Works
2010-09-15 20:36 . 2008-07-08 18:04 -------- d-----w- c:\program files\Google
2010-09-15 01:26 . 2008-07-08 17:58 -------- d-----w- c:\program files\Dell
2010-09-11 17:17 . 2008-07-08 18:04 -------- d-----w- c:\programdata\McAfee
2010-09-11 17:15 . 2009-08-25 16:18 -------- d-----w- c:\program files\Oberon Media
2010-09-09 06:32 . 2008-07-13 20:59 -------- d-----w- c:\program files\Dl_cats
2010-08-20 23:31 . 2008-07-08 01:11 -------- d-----w- c:\users\Catie\AppData\Roaming\LimeWire
2010-08-16 20:41 . 2010-07-03 17:52 27591840 ----a-w- c:\programdata\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-07-11 00:35 . 2010-07-11 00:35 96 ----a-w- c:\users\Catie\AppData\Roaming\wklnhst.dat
2010-06-26 06:05 . 2010-08-10 20:11 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-10 20:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-10 20:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-10 20:11 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:18 . 2010-08-10 20:10 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 16:43 . 2010-08-10 20:10 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 14:43 . 2010-08-10 20:10 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 14:43 . 2010-08-10 20:10 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2008-07-08 20:39 . 2008-07-08 20:39 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-09-15_23.19.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-11-19 15:14 . 2010-09-15 23:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-19 15:14 . 2010-09-15 23:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-19 15:14 . 2010-09-15 23:05 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-19 15:14 . 2010-09-15 23:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-19 15:14 . 2010-09-15 23:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-19 15:14 . 2010-09-15 23:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-15 23:21 . 2010-09-15 23:21 1195008 c:\windows\Installer\f2fdb.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 20:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-06-20 69632]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-19 3444736]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-8 50688]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-08 18:14 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 21:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 20:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-02-04 22:57 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 PulseUsb;Livescribe Pulse Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys [2009-12-16 19968]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-29 691696]
S0 AFS;AFS; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 532480]
S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [2010-04-05 444928]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15119&l=dis
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Catie\AppData\Roaming\Mozilla\Firefox\Profiles\vedndga8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15119&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PSI&o=15116&locale=en_US&apn_uid=396EBA31-B3CE-4D3E-9FFF-4F36288DA68F&apn_ptnrs=L6&apn_sauid=DA766601-6B76-45C5-AEF9-9263FB78316E&apn_dtid=&q=
FF - component: c:\users\Catie\AppData\Roaming\Mozilla\Firefox\Profiles\vedndga8.default\extensions\[email protected]\components\PlaySushiFF.dll
FF - plugin: c:\users\Catie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-15 18:41
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-15 18:43:25
ComboFix-quarantined-files.txt 2010-09-15 23:43
ComboFix2.txt 2010-09-15 23:21

Pre-Run: 172,658,049,024 bytes free
Post-Run: 173,917,020,160 bytes free

- - End Of File - - FB854ABDFDC33CEDDBD771E2448C09EE
 
jhooga

jhooga

New Member
all done here is a fresh hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:34 PM, on 9/15/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15119&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PlaySushi - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [wpsfiykv] C:\Users\Catie\AppData\Local\ymwwnafnv\vdvkqnsuqiw.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (file missing)
O23 - Service: Livescribe Pulse Smartpen Service (PenCommService) - Livescribe - C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9294 bytes
 
johnb35

johnb35

Administrator
Staff member
You didn't uninstall the ask toolbar software please go back into add/remove programs and uninstall it.

Please download and run Ccleaner

http://download.cnet.com/ccleaner/

Set the options that are checked in the attached image and click on run cleaner.


1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
File::
c:\users\Catie\AppData\Local\imunojowayecoxe.dll

Folder::
C:\Users\Catie\AppData\Local\ymwwnafnv


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply along with a fresh hijackthis log.
 

Attachments

  • ccleaner.JPG
    ccleaner.JPG
    76.3 KB · Views: 37
jhooga

jhooga

New Member
The combofix log is too long it wont let me put it in but this part i got
ComboFix 10-09-15.01 - Catie 09/17/2010 11:01:29.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.658 [GMT -5:00]
Running from: c:\users\Catie\Desktop\combo-fix.exe
Command switches used :: c:\users\Catie\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Catie\AppData\Local\imunojowayecoxe.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Catie\AppData\Local\imunojowayecoxe.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-17 to 2010-09-17 )))))))))))))))))))))))))))))))
 
jhooga

jhooga

New Member
hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:31 AM, on 9/17/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\explorer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15119&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (file missing)
O23 - Service: Livescribe Pulse Smartpen Service (PenCommService) - Livescribe - C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7456 bytes
 
johnb35

johnb35

Administrator
Staff member
Please break up the log into multiple posts if you have to but I need to see the full log.
 
jhooga

jhooga

New Member
ComboFix 10-09-15.01 - Catie 09/17/2010 11:01:29.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.658 [GMT -5:00]
Running from: c:\users\Catie\Desktop\combo-fix.exe
Command switches used :: c:\users\Catie\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Catie\AppData\Local\imunojowayecoxe.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Catie\AppData\Local\imunojowayecoxe.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-17 to 2010-09-17 )))))))))))))))))))))))))))))))
.

2010-09-17 16:13 . 2010-09-17 16:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-17 16:13 . 2010-09-17 16:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-17 15:57 . 2010-09-17 15:58 -------- d-----w- C:\32788R22FWJFW
2010-09-17 15:52 . 2010-09-17 15:53 -------- d-----w- c:\program files\CCleaner
2010-09-16 20:03 . 2010-09-16 20:03 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-16 20:03 . 2010-09-16 20:03 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-16 20:03 . 2010-09-16 20:03 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-16 20:03 . 2010-09-16 20:03 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-16 20:03 . 2010-09-17 15:50 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-16 20:00 . 2010-09-16 20:00 -------- d-----w- c:\program files\AVG
2010-09-16 20:00 . 2010-09-16 20:00 -------- d-----w- c:\programdata\avg9
2010-09-16 17:51 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-09-16 17:51 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2010-09-16 17:51 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2010-09-16 17:51 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2010-09-16 17:51 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2010-09-16 17:51 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2010-09-16 17:51 . 2009-10-09 21:55 56320 ----a-w- c:\windows\system32\wecapi.dll
2010-09-16 17:51 . 2009-10-09 21:56 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2010-09-16 17:51 . 2009-10-09 21:55 79872 ----a-w- c:\windows\system32\wecutil.exe
2010-09-16 17:51 . 2009-10-09 21:55 54272 ----a-w- c:\windows\system32\WsmRes.dll
2010-09-16 17:51 . 2009-10-09 21:55 146944 ----a-w- c:\windows\system32\wecsvc.dll
2010-09-16 17:51 . 2009-10-09 21:55 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2010-09-16 17:50 . 2009-08-01 06:27 201184 ----a-w- c:\windows\system32\winrm.vbs
2010-09-16 17:50 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2010-09-16 17:50 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2010-09-16 17:50 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2010-09-16 17:50 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2010-09-16 17:50 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2010-09-16 17:50 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2010-09-16 17:48 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-09-16 17:48 . 2010-04-14 17:46 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-09-16 17:47 . 2010-09-16 17:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-16 17:29 . 2010-04-16 16:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-09-16 17:29 . 2010-04-16 14:17 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-09-16 17:29 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-09-16 17:25 . 2008-10-21 05:25 1645568 ----a-w- c:\windows\system32\connect.dll
2010-09-16 17:19 . 2010-09-16 17:19 -------- d-----w- c:\program files\Common Files\Java
2010-09-16 17:00 . 2010-09-16 16:59 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 23:43 . 2010-09-17 16:13 -------- d-----w- c:\users\Catie\AppData\Local\temp
2010-09-15 22:56 . 2010-09-15 22:56 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-09-15 22:55 . 2010-09-15 22:55 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-09-15 22:39 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 22:39 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 22:39 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 22:39 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 19:46 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-15 07:25 . 2010-09-15 07:25 -------- d-----w- c:\program files\Trend Micro
2010-09-15 03:56 . 2010-09-15 03:56 -------- d-----w- C:\14be0b75c79bce86d51dcd5750
2010-09-15 03:48 . 2010-09-16 19:50 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-09-15 03:47 . 2010-09-15 03:47 -------- d-----w- C:\dd7f47c235de37de3aa322d8027d
2010-09-11 17:06 . 2010-09-11 17:06 -------- d-----w- C:\084df28c8a8437c9d4
2010-09-11 17:05 . 2010-09-11 17:05 -------- d-----w- C:\f30f3796be49f480c74c8a75
2010-09-11 17:04 . 2010-09-11 17:04 -------- d-----w- C:\13c456a510113af7bfef8a9d
2010-09-11 15:49 . 2010-09-11 15:49 -------- d-----w- c:\users\Catie\AppData\Roaming\Malwarebytes
2010-09-11 15:49 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-11 15:49 . 2010-09-11 15:49 -------- d-----w- c:\programdata\Malwarebytes
2010-09-11 15:49 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-11 15:49 . 2010-09-11 15:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 18:03 . 2008-07-04 17:57 88696 ----a-w- c:\users\Catie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-16 17:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-16 17:52 . 2008-07-12 19:10 -------- d-----w- c:\programdata\Microsoft Help
2010-09-16 17:33 . 2008-07-12 19:13 -------- d-----w- c:\program files\Microsoft.NET
2010-09-16 16:59 . 2008-07-08 17:56 -------- d-----w- c:\program files\Java
2010-09-16 16:48 . 2009-01-29 22:03 -------- d-----w- c:\program files\Yahoo!
2010-09-15 23:18 . 2010-05-31 18:08 -------- d-----w- c:\program files\PlaySushi
2010-09-15 22:56 . 2008-07-08 18:11 -------- d-----w- c:\program files\Microsoft Works
2010-09-15 20:36 . 2008-07-08 18:04 -------- d-----w- c:\program files\Google
2010-09-15 01:26 . 2008-07-08 17:58 -------- d-----w- c:\program files\Dell
2010-09-11 17:17 . 2008-07-08 18:04 -------- d-----w- c:\programdata\McAfee
2010-09-11 17:15 . 2009-08-25 16:18 -------- d-----w- c:\program files\Oberon Media
2010-09-09 06:32 . 2008-07-13 20:59 -------- d-----w- c:\program files\Dl_cats
2010-08-20 23:31 . 2008-07-08 01:11 -------- d-----w- c:\users\Catie\AppData\Roaming\LimeWire
2010-08-16 20:41 . 2010-07-03 17:52 27591840 ----a-w- c:\programdata\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-07-11 00:35 . 2010-07-11 00:35 96 ----a-w- c:\users\Catie\AppData\Roaming\wklnhst.dat
2010-06-26 06:05 . 2010-08-10 20:11 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-10 20:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-10 20:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-10 20:11 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:18 . 2010-08-10 20:10 2036736 ----a-w- c:\windows\system32\win32k.sys
2008-07-08 20:39 . 2008-07-08 20:39 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-09-15_23.19.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-16 17:49 . 2008-05-27 05:17 87552 c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchFilterHost.exe
+ 2010-09-16 17:49 . 2008-05-27 05:18 71680 c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\propdefs.dll
+ 2010-09-16 17:49 . 2008-05-27 05:18 44032 c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msstrc.dll
+ 2010-09-16 17:49 . 2008-05-27 05:17 32768 c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssprxy.dll
+ 2010-09-16 17:49 . 2008-05-27 05:17 87552 c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssitlb.dll
+ 2010-09-16 17:49 . 2008-05-27 05:17 11776 c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msshooks.dll
+ 2010-09-16 17:49 . 2008-05-27 05:17 60416 c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msscntrs.dll
+ 2010-09-16 17:49 . 2008-05-27 05:17 34816 c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msscb.dll
+ 2010-09-16 17:49 . 2008-05-27 04:59 18904 c:\windows\winsxs\x86_windowssearchengine..uredqueryschema.bin_31bf3856ad364e35_7.0.6001.16503_none_88f88929e3c77aa3\StructuredQuerySchemaTrivial.bin
+ 2010-09-16 17:50 . 2008-05-27 05:18 13824 c:\windows\winsxs\x86_windowssearch-wtrservicingsupport_31bf3856ad364e35_7.0.6001.16503_none_163fe74a2171e12e\WSWTRSvc.exe
+ 2010-09-16 19:59 . 2010-09-16 19:59 65536 c:\windows\winsxs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437\vcomp.dll
+ 2010-09-16 19:59 . 2010-09-16 19:59 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80KOR.dll
+ 2010-09-16 19:59 . 2010-09-16 19:59 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80JPN.dll
+ 2010-09-16 19:59 . 2010-09-16 19:59 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ITA.dll
+ 2010-09-16 19:59 . 2010-09-16 19:59 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80FRA.dll
+ 2010-09-16 19:59 . 2010-09-16 19:59 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ESP.dll
+ 2010-09-16 19:59 . 2010-09-16 19:59 57344 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ENU.dll
+ 2010-09-16 19:59 . 2010-09-16 19:59 65536 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80DEU.dll
+ 2010-09-16 19:59 . 2010-09-16 19:59 45056 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80CHT.dll
+ 2010-09-16 19:59 . 2010-09-16 19:59 40960 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80CHS.dll
+ 2010-09-16 19:59 . 2010-09-16 19:59 57856 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfcm80u.dll
+ 2010-09-16 19:59 . 2010-09-16 19:59 69632 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfcm80.dll
+ 2010-09-16 17:29 . 2008-10-22 03:34 94720 c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceClassExtension.dll
+ 2008-01-21 02:25 . 2008-01-21 02:25 94720 c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceClassExtension.dll
+ 2010-09-16 17:29 . 2008-10-22 03:39 95232 c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceClassExtension.dll
+ 2010-09-16 17:29 . 2008-10-22 03:43 95232 c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceClassExtension.dll
+ 2010-09-16 17:51 . 2009-10-09 21:56 10240 c:\windows\winsxs\x86_microsoft-windows-winrsplugins_31bf3856ad364e35_7.0.6002.18111_none_09839c8ab9bb7786\winrssrv.dll
+ 2010-09-16 17:51 . 2009-10-09 21:56 20480 c:\windows\winsxs\x86_microsoft-windows-winrsplugins_31bf3856ad364e35_7.0.6002.18111_none_09839c8ab9bb7786\winrshost.exe
+ 2010-09-16 17:51 . 2009-10-09 21:56 40448 c:\windows\winsxs\x86_microsoft-windows-winrsplugins_31bf3856ad364e35_7.0.6002.18111_none_09839c8ab9bb7786\winrs.exe
+ 2010-09-16 17:51 . 2009-10-09 21:55 54272 c:\windows\winsxs\x86_microsoft-windows-w..for-management-core_31bf3856ad364e35_7.0.6002.18111_none_bdb29b83351bf42c\WsmRes.dll
+ 2010-09-16 17:51 . 2009-10-09 21:56 12800 c:\windows\winsxs\x86_microsoft-windows-w..for-management-core_31bf3856ad364e35_7.0.6002.18111_none_bdb29b83351bf42c\wsmprovhost.exe
+ 2010-09-16 17:51 . 2009-10-09 21:56 10240 c:\windows\winsxs\x86_microsoft-windows-w..for-management-core_31bf3856ad364e35_7.0.6002.18111_none_bdb29b83351bf42c\wsmplpxy.dll
+ 2010-09-16 17:49 . 2008-05-27 05:18 29184 c:\windows\winsxs\x86_microsoft-windows-search-profilenotify_31bf3856ad364e35_7.0.6001.16503_none_d86cd72c8d3c237e\wsepno.dll
+ 2010-09-16 17:51 . 2009-10-09 21:56 24064 c:\windows\winsxs\x86_microsoft-windows-powershell-sip_31bf3856ad364e35_7.0.6002.18111_none_5bbbc7018ac6f05b\pwrshsip.dll
+ 2010-09-16 17:51 . 2009-10-09 21:56 20480 c:\windows\winsxs\x86_microsoft-windows-powershell-events_31bf3856ad364e35_7.0.6002.18111_none_cc1f49572b1d2380\PSEvents.dll
+ 2010-09-16 17:51 . 2009-10-09 21:56 41472 c:\windows\winsxs\x86_microsoft-windows-p..rshell-wsman-plugin_31bf3856ad364e35_7.0.6002.18111_none_6a5c647b70d91477\pwrshplugin.dll
+ 2010-09-16 17:28 . 2010-06-24 05:17 16896 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.23039_none_844ab3e55fe5699d\iecompat.dll
+ 2010-09-16 17:28 . 2010-06-24 04:49 16896 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18942_none_83af6eec46d5fe48\iecompat.dll
+ 2010-09-16 17:51 . 2009-10-09 21:55 81408 c:\windows\winsxs\x86_microsoft-windows-eventlog-forwardplugin_31bf3856ad364e35_7.0.6002.18111_none_68b74f7e75ee1088\wevtfwd.dll
+ 2010-09-16 17:51 . 2009-10-09 21:55 79872 c:\windows\winsxs\x86_microsoft-windows-eventcollector_31bf3856ad364e35_7.0.6002.18111_none_ee5ac90afcc71d60\wecutil.exe
+ 2010-09-16 17:51 . 2009-10-09 21:55 56320 c:\windows\winsxs\x86_microsoft-windows-eventcollector_31bf3856ad364e35_7.0.6002.18111_none_ee5ac90afcc71d60\wecapi.dll
+ 2010-09-16 17:49 . 2008-05-27 05:18 38400 c:\windows\winsxs\x86_microsoft-windows-content-filter-rtf_31bf3856ad364e35_7.0.6001.16503_none_485964bf76e0570a\rtffilt.dll
+ 2010-09-16 17:49 . 2008-05-27 05:18 40448 c:\windows\winsxs\x86_microsoft-windows-content-filter-mime_31bf3856ad364e35_7.0.6001.16503_none_10a358dd3f57c0de\mimefilt.dll
+ 2010-09-16 17:49 . 2008-05-27 05:18 56320 c:\windows\winsxs\x86_microsoft-windows-content-filter-html_31bf3856ad364e35_7.0.6001.16503_none_13ff1de93d266b97\xmlfilter.dll
+ 2010-09-16 17:29 . 2010-04-16 17:14 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22384_none_841f73bf774481ad\Apphlpdm.dll
+ 2010-09-16 17:26 . 2009-08-29 00:19 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798\Apphlpdm.dll
+ 2010-09-16 17:29 . 2010-04-16 16:43 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18244_none_83c116a45e06721f\Apphlpdm.dll
+ 2010-09-16 17:26 . 2009-08-29 00:14 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f\Apphlpdm.dll
+ 2010-09-16 17:29 . 2010-04-16 16:08 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22672_none_8241d12f7a17ddea\Apphlpdm.dll
+ 2010-09-16 17:26 . 2009-08-28 12:24 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d\Apphlpdm.dll
+ 2010-09-16 17:29 . 2010-04-16 16:05 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18461_none_81c2022060f30bb1\Apphlpdm.dll
+ 2010-09-16 17:26 . 2009-08-28 12:39 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f\Apphlpdm.dll
+ 2010-09-16 17:26 . 2009-08-29 03:32 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa\Apphlpdm.dll
+ 2010-09-16 17:26 . 2009-08-29 03:40 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee\Apphlpdm.dll
+ 2010-09-16 17:51 . 2009-10-12 21:59 13824 c:\windows\winsxs\msil_microsoft.wsman.management.resources_31bf3856ad364e35_7.0.6002.18111_en-us_1e05efaa2a143d23\Microsoft.WSMan.Management.resources.dll
+ 2010-09-16 17:51 . 2009-10-09 21:57 69632 c:\windows\winsxs\msil_microsoft.powershell.security_31bf3856ad364e35_7.0.6002.18111_none_6ac5d03285024fca\Microsoft.PowerShell.Security.dll
+ 2010-09-16 17:51 . 2009-10-12 21:59 69632 c:\windows\winsxs\msil_microsoft.powershell.editor.resources_31bf3856ad364e35_7.0.6002.18111_en-us_68a44cfc399f4ba4\Microsoft.PowerShell.Editor.Resources.dll
+ 2010-09-16 17:50 . 2009-10-12 21:59 49152 c:\windows\winsxs\msil_microsoft.powershel..s.utility.resources_31bf3856ad364e35_7.0.6002.18111_en-us_bb0efceec6b5658f\Microsoft.PowerShell.Commands.Utility.Resources.dll
+ 2010-09-16 17:51 . 2009-10-12 21:59 40960 c:\windows\winsxs\msil_microsoft.powershel..owershell.resources_31bf3856ad364e35_7.0.6002.18111_en-us_e5e855ecd7c3c513\Microsoft.PowerShell.Gpowershell.resources.dll
+ 2010-09-16 17:51 . 2009-10-12 21:59 40960 c:\windows\winsxs\msil_microsoft.powershel..nsolehost.resources_31bf3856ad364e35_7.0.6002.18111_en-us_4f192732a616cf9a\Microsoft.PowerShell.ConsoleHost.Resources.dll
+ 2010-09-16 17:51 . 2009-10-12 21:59 16896 c:\windows\winsxs\msil_microsoft.powershel..hicalhost.resources_31bf3856ad364e35_7.0.6002.18111_en-us_3b884ca514464bac\Microsoft.PowerShell.GraphicalHost.Resources.dll
+ 2010-09-16 17:51 . 2009-10-12 21:59 36864 c:\windows\winsxs\msil_microsoft.powershel..anagement.resources_31bf3856ad364e35_7.0.6002.18111_en-us_380b0c809ccd4dc6\Microsoft.PowerShell.Commands.Management.Resources.dll
+ 2010-09-16 17:51 . 2009-10-12 21:59 10752 c:\windows\winsxs\msil_microsoft.powershel..agnostics.resources_31bf3856ad364e35_7.0.6002.18111_en-us_a3a2bd25fb8533af\Microsoft.PowerShell.Commands.Diagnostics.resources.dll
+ 2010-09-16 17:51 . 2009-10-09 21:57 57344 c:\windows\winsxs\msil_microsoft.backgroun..transfer.management_31bf3856ad364e35_7.0.6002.18111_none_8547635a2d4b532e\Microsoft.BackgroundIntelligentTransfer.Management.dll
+ 2010-09-16 17:49 . 2008-05-27 05:18 56320 c:\windows\System32\xmlfilter.dll
+ 2010-09-16 17:49 . 2008-05-27 05:18 29184 c:\windows\System32\wsepno.dll
+ 2010-09-16 17:51 . 2009-10-09 21:56 24064 c:\windows\System32\WindowsPowerShell\v1.0\pwrshsip.dll
+ 2010-09-16 17:51 . 2009-10-09 21:56 20480 c:\windows\System32\WindowsPowerShell\v1.0\PSEvents.dll
+ 2008-01-21 01:58 . 2010-09-16 19:50 54170 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-09-16 19:50 87786 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-04 17:57 . 2010-09-16 19:50 11220 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2023579175-4091069939-2251374714-1000_UserData.bin
+ 2010-09-16 17:49 . 2008-05-27 04:59 18904 c:\windows\System32\StructuredQuerySchemaTrivial.bin
+ 2008-07-12 19:16 . 2008-11-04 08:30 65384 c:\windows\System32\spool\drivers\w32x86\mdiui.dll
+ 2008-07-12 19:16 . 2008-11-04 08:30 65384 c:\windows\System32\spool\drivers\w32x86\3\mdiui.dll
+ 2010-09-16 17:49 . 2008-05-27 05:17 87552 c:\windows\System32\SearchFilterHost.exe
+ 2010-09-16 17:49 . 2008-05-27 05:18 38400 c:\windows\System32\rtffilt.dll
+ 2010-09-16 17:49 . 2008-05-27 05:18 71680 c:\windows\System32\propdefs.dll
+ 2010-09-16 17:49 . 2008-05-27 05:18 44032 c:\windows\System32\msstrc.dll
+ 2010-09-16 17:49 . 2008-05-27 05:17 32768 c:\windows\System32\mssprxy.dll
+ 2010-09-16 17:49 . 2008-05-27 05:17 87552 c:\windows\System32\mssitlb.dll
+ 2010-09-16 17:49 . 2008-05-27 05:17 11776 c:\windows\System32\msshooks.dll
+ 2010-09-16 17:49 . 2008-05-27 05:17 60416 c:\windows\System32\msscntrs.dll
+ 2010-09-16 17:49 . 2008-05-27 05:17 34816 c:\windows\System32\msscb.dll
+ 2010-09-16 17:49 . 2008-05-27 05:18 40448 c:\windows\System32\mimefilt.dll
+ 2008-07-12 19:16 . 2008-11-04 08:30 30568 c:\windows\System32\mdimon.dll
 
jhooga

jhooga

New Member
+ 2008-07-04 17:54 . 2010-09-17 15:55 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-04 17:54 . 2010-09-15 22:56 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-04 17:54 . 2010-09-15 22:56 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-04 17:54 . 2010-09-17 15:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-04 17:54 . 2010-09-17 15:55 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-04 17:54 . 2010-09-15 22:56 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-19 15:14 . 2010-09-15 23:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-19 15:14 . 2010-09-16 19:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-19 15:14 . 2010-09-16 19:48 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-19 15:14 . 2010-09-15 23:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-19 15:14 . 2010-09-15 23:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-19 15:14 . 2010-09-16 19:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-18 18:16 . 2010-03-18 18:16 87408 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsFormsIntegration.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 93024 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 35688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 17784 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Presentation.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 58240 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 67912 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 31576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 44920 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 37240 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Channels.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 64352 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Numerics.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 45952 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Thunk.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 51032 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Device.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 50552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.DataSetExtensions.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 81784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.Install.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 81800 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.DataAnnotations.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 39784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.Contract.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 68952 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll
+ 2010-03-18 19:58 . 2010-03-18 19:58 96088 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUtility.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 78152 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3082\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3076\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2070\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2052\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1055\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1053\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1049\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1046\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1045\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1044\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1043\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15192 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1042\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15704 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1041\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1040\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1038\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 16728 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1037\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1036\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1035\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1033\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1032\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1031\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1030\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1029\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1028\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1025\SetupResources.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 42880 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelPerformanceCounters.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\v4.0.30319\SbsNclPerf.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 58192 c:\windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 32592 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 52040 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 21336 c:\windows\Microsoft.NET\Framework\v4.0.30319\normalization.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 27984 c:\windows\Microsoft.NET\Framework\v4.0.30319\MUI\0409\mscorsecr.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 40784 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpe.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 20816 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreeis.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 62880 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 12128 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.Dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 97680 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 36168 c:\windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 78168 c:\windows\Microsoft.NET\Framework\v4.0.30319\ISymWrapper.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 58200 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtilLib.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 27992 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 42312 c:\windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 35656 c:\windows\Microsoft.NET\Framework\v4.0.30319\dw20.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 11592 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 88904 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 31048 c:\windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 81248 c:\windows\Microsoft.NET\Framework\v4.0.30319\CustomMarshalers.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 95048 c:\windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 29008 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 29528 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 29016 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\Accessibility.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 10064 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\CvtResUI.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 24400 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\alinkui.dll
+ 2010-09-16 17:34 . 2010-09-16 17:34 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2010-09-16 17:34 . 2010-09-16 17:34 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2010-09-16 17:34 . 2010-09-16 17:34 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2010-09-16 17:34 . 2010-09-16 17:34 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2010-09-16 17:34 . 2010-09-16 17:34 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2010-09-16 17:34 . 2010-09-16 17:34 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2010-09-16 17:34 . 2010-09-16 17:34 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2010-09-16 17:34 . 2010-09-16 17:34 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2010-09-16 17:34 . 2010-09-16 17:34 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2010-09-16 17:34 . 2010-09-16 17:34 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2010-09-16 17:34 . 2010-09-16 17:34 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-09-16 17:34 . 2010-09-16 17:34 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2010-09-16 17:34 . 2010-09-16 17:34 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2010-09-16 17:34 . 2010-09-16 17:34 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2010-09-16 17:34 . 2010-09-16 17:34 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2010-09-16 17:34 . 2010-09-16 17:34 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-09-16 17:34 . 2010-09-16 17:34 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-09-16 17:34 . 2010-09-16 17:34 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-09-16 17:33 . 2010-09-16 17:33 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-09-16 17:34 . 2010-09-16 17:34 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-09-16 17:47 . 2010-09-16 17:47 38400 c:\windows\Installer\333a4d.msi
- 2010-09-15 22:56 . 2010-09-15 22:56 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-09-16 17:48 . 2010-09-16 17:48 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-07-12 19:16 . 2010-09-15 22:56 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-07-12 19:16 . 2010-09-16 17:45 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-07-12 19:16 . 2010-09-15 22:56 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-07-12 19:16 . 2010-09-16 17:45 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-07-12 19:16 . 2010-09-16 17:45 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-07-12 19:16 . 2010-09-15 22:56 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-09-16 17:48 . 2010-09-16 17:48 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2006-07-24 15:50 . 2006-07-24 15:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\VBAME.DLL
+ 2006-07-24 15:50 . 2006-07-24 15:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSADDNDR.DLL
+ 2006-10-27 02:17 . 2006-10-27 02:17 11072 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2006-10-27 20:11 . 2006-10-27 20:11 21264 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2008-07-12 19:14 . 2008-07-12 19:14 12096 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\WORDPOL.DLL
+ 2008-07-12 19:14 . 2008-07-12 19:14 12080 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\VBIDEPOL.DLL
+ 2008-07-12 19:14 . 2008-07-12 19:14 64288 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\VBIDEPIA.DLL
+ 2006-10-26 19:04 . 2006-10-26 19:04 76624 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-10-26 19:04 . 2006-10-26 19:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 19:04 . 2006-10-26 19:04 51008 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\TWRECE.DLL
 
jhooga

jhooga

New Member
+ 2006-10-26 19:04 . 2006-10-26 19:04 76624 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-10-26 19:04 . 2006-10-26 19:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 19:04 . 2006-10-26 19:04 51008 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\TWRECE.DLL
+ 2006-10-26 19:04 . 2006-10-26 19:04 27456 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\TWORIENT.DLL
+ 2006-10-26 19:04 . 2006-10-26 19:04 58168 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\TWLAY32.DLL
+ 2006-10-26 19:05 . 2006-10-26 19:05 86840 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
+ 2006-10-26 19:04 . 2006-10-26 19:04 29976 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
+ 2006-10-27 00:59 . 2006-10-27 00:59 15672 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SMARTTAGINSTALL.EXE
+ 2006-10-27 00:49 . 2006-10-27 00:49 34104 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SETLANG.EXE
+ 2006-10-27 01:55 . 2006-10-27 01:55 55056 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\SCANOST.EXE
+ 2006-10-27 01:55 . 2006-10-27 01:55 76576 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\RM.DLL
+ 2006-10-26 19:04 . 2006-10-26 19:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\REVERSE.DLL
+ 2006-10-27 01:12 . 2006-10-27 01:12 40424 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\REFIEBAR.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 38168 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 39208 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\RECALL.DLL
+ 2006-10-26 19:05 . 2006-10-26 19:05 77144 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PSOM.DLL
+ 2008-07-12 19:14 . 2008-07-12 19:14 12112 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\PPTPOL.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 53048 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLVBA.DLL
+ 2006-10-27 20:16 . 2006-10-27 20:16 46864 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-27 00:59 . 2006-10-27 00:59 46936 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OSETUPPS.DLL
+ 2006-10-27 00:59 . 2006-10-27 00:59 16728 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OMUOPTINPS.DLL
+ 2006-10-27 01:00 . 2006-10-27 01:00 23392 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OISCTRL.DLL
+ 2006-10-27 20:11 . 2006-10-27 20:11 54680 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OFFRHD.DLL
+ 2008-07-12 19:14 . 2008-07-12 19:14 11544 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OFFICEPL.DLL
+ 2006-10-27 01:12 . 2006-10-27 01:12 65824 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2008-07-12 19:14 . 2008-07-12 19:14 12104 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSTAGPOL.DLL
+ 2008-07-12 19:14 . 2008-07-12 19:14 20280 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSTAGPIA.DLL
+ 2006-10-27 00:59 . 2006-10-27 00:59 43832 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSSH.DLL
+ 2006-10-27 00:58 . 2006-10-27 00:58 20776 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSPGIMME.DLL
+ 2006-10-27 20:26 . 2006-10-27 20:26 35152 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSOSTYLE.DLL
+ 2006-10-27 00:52 . 2006-10-27 00:52 66368 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSOMSE.DLL
+ 2006-10-27 01:12 . 2006-10-27 01:12 67896 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSOHTMED.EXE
+ 2006-10-27 20:01 . 2006-10-27 20:01 76088 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSOHEV.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 26936 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-27 00:48 . 2006-10-27 00:48 14664 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-27 00:59 . 2006-10-27 00:59 19768 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSMH.DLL
+ 2006-10-27 00:52 . 2006-10-27 00:52 48424 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSE7.EXE
+ 2006-10-27 02:18 . 2006-10-27 02:18 66880 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 21312 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MLSHEXT.DLL
+ 2006-10-27 01:12 . 2006-10-27 01:12 89400 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\METCONV.DLL
+ 2006-10-27 00:58 . 2006-10-27 00:58 65328 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MDIUI.DLL
+ 2006-10-27 00:58 . 2006-10-27 00:58 30512 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\MDIMON.DLL
+ 2006-10-27 02:41 . 2006-10-27 02:41 66368 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\INLAUNCH.DLL
+ 2008-07-12 19:14 . 2008-07-12 19:14 12096 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\GRAPHPOL.DLL
+ 2006-10-26 19:04 . 2006-10-26 19:04 75576 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\FORM.DLL
+ 2008-07-12 19:14 . 2008-07-12 19:14 12096 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\EXCELPOL.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 35160 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\DUMPSTER.DLL
+ 2006-10-27 01:55 . 2006-10-27 01:55 87344 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-27 02:30 . 2006-10-27 02:30 65312 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-27 01:12 . 2006-10-27 01:12 53576 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\AUTHZAX.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 56120 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 20:00 . 2006-10-27 20:00 47976 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 02:18 . 2006-10-27 02:18 94016 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACCOLK.DLL
+ 2006-10-27 02:07 . 2006-10-27 02:07 17680 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\PXBPROXY.DLL
+ 2006-10-27 02:07 . 2006-10-27 02:07 67920 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\PXBCOM.EXE
+ 2006-11-02 10:25 . 2010-09-16 17:53 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2010-06-14 18:41 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2010-06-14 18:41 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2010-09-16 17:53 51200 c:\windows\inf\infpub.dat
+ 2010-09-16 17:47 . 2010-09-16 17:47 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\0eb3c18ec758534395684f3ca286a201\UIAutomationProvider.ni.dll
+ 2010-09-16 17:50 . 2010-09-16 17:50 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\9bbefd2263d8f2169ab3695798208293\System.Windows.Presentation.ni.dll
+ 2010-09-16 17:50 . 2010-09-16 17:50 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\02068ef9dafba3308b13444b8f4e5940\System.Web.ApplicationServices.ni.dll
+ 2010-09-16 17:50 . 2010-09-16 17:50 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c3831eb95ccf3904bab81a97a9b08ed3\System.ServiceModel.Channels.ni.dll
+ 2010-09-16 17:47 . 2010-09-16 17:47 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\5c87f21925d5a61059ee68cef72841f4\System.AddIn.Contract.ni.dll
+ 2010-09-16 17:46 . 2010-09-16 17:46 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\552a460a8bcf608aecc6418db0d40216\Microsoft.VisualC.ni.dll
+ 2010-09-16 17:45 . 2010-09-16 17:45 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\01254caa0efc15b5cd48fb3178018701\Accessibility.ni.dll
+ 2010-09-16 17:42 . 2010-09-16 17:42 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23f03c40b3170cd0834b0c1f54ec288e\UIAutomationProvider.ni.dll
+ 2010-09-16 17:45 . 2010-09-16 17:45 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8f5483120791779ad932c5f0d2483ec6\System.Windows.Presentation.ni.dll
+ 2010-09-16 17:44 . 2010-09-16 17:44 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e9c92eafbbf8b078a299e4e1b86b7490\System.Web.DynamicData.Design.ni.dll
+ 2010-09-16 17:43 . 2010-09-16 17:43 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\178670be4ecbe420fc375ac743b18085\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-09-16 17:43 . 2010-09-16 17:43 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e8cbcf795313d91d1b24644d27cac5ed\System.AddIn.Contract.ni.dll
+ 2010-09-16 17:40 . 2010-09-16 17:40 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\08b031e550dd681f9f656a1b89f9541e\stdole.ni.dll
+ 2010-09-16 17:42 . 2010-09-16 17:42 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\07b479c6c407c4d0a91f6d546d6c59ab\PresentationFontCache.ni.exe
+ 2010-09-16 17:42 . 2010-09-16 17:42 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\65e9dac09d95e7e216beb37d2f032297\PresentationCFFRasterizer.ni.dll
+ 2010-09-16 17:42 . 2010-09-16 17:42 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\41e0c653965b60539cb0d5db9496547a\napcrypt.ni.dll
+ 2010-09-16 18:04 . 2010-09-16 18:04 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\52417b8fb1732d01b7246ff8ce006e4a\Microsoft.WSMan.Runtime.ni.dll
+ 2010-09-16 17:44 . 2010-09-16 17:44 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\20e80ca3896f0056b4987a0847b53f02\Microsoft.Vsa.ni.dll
+ 2010-09-16 17:38 . 2010-09-16 17:38 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\a1e3bf1d0f31a029ac4819db0c181eb0\Microsoft.Build.Framework.ni.dll
+ 2010-09-16 17:42 . 2010-09-16 17:42 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\359393ebcd85d9aad6510c6005f8201a\Microsoft.Build.Framework.ni.dll
+ 2010-09-16 18:05 . 2010-09-16 18:05 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\loadmxf\7c2b66544a5b121e156d6ed59483b4ed\loadmxf.ni.exe
+ 2010-09-16 17:41 . 2010-09-16 17:41 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\loadmxf\12a87481281c1bc2fa7602f8aaf883ee\loadmxf.ni.exe
+ 2010-09-16 17:40 . 2010-09-16 17:40 57856 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\18d70efe1b68105f810cb5f724e652ad\ehiUserXp.ni.dll
+ 2010-09-16 17:41 . 2010-09-16 17:41 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiReplay\67c73e5447cc18d1c6f378e2c57b4ba1\ehiReplay.ni.dll
+ 2010-09-16 17:41 . 2010-09-16 17:41 23552 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtCOM\f7fa7e35efb7694d103feb0cfb6888cd\ehiExtCOM.ni.dll
+ 2010-09-16 17:41 . 2010-09-16 17:41 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtCOM\e4fdaba41e8d230e1587400176f892ad\ehExtCOM.ni.dll
+ 2010-09-16 18:26 . 2010-09-16 18:26 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtCOM\9e066f51640d7d251314b4188b63402d\ehExtCOM.ni.dll
+ 2010-09-16 17:40 . 2010-09-16 17:40 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\4a1aaa7fc952628751dfdba3a6c36b17\dfsvc.ni.exe
+ 2010-09-16 17:51 . 2009-10-12 21:59 13824 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.WSMan.Management.resources.dll
+ 2010-09-16 17:51 . 2009-10-09 21:57 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll
+ 2010-09-16 17:51 . 2009-10-12 21:59 16896 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.GraphicalHost.Resources.dll
+ 2010-09-16 17:51 . 2009-10-12 21:59 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Gpowershell.resources.dll
+ 2010-09-16 17:51 . 2009-10-12 21:59 69632 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Editor.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Editor.Resources.dll
+ 2010-09-16 17:51 . 2009-10-12 21:59 40960 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.Resources.dll
+ 2010-09-16 17:50 . 2009-10-12 21:59 49152 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.Resources.dll
+ 2010-09-16 17:51 . 2009-10-12 21:59 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.Resources.dll
+ 2010-09-16 17:51 . 2009-10-12 21:59 10752 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.resources.dll
+ 2010-09-16 17:51 . 2009-10-09 21:57 57344 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll
+ 2010-09-16 17:43 . 2010-09-16 17:43 10576 c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2010-09-16 17:43 . 2010-09-16 17:43 11112 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2010-09-16 17:44 . 2010-09-16 17:44 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2010-09-16 17:43 . 2010-09-16 17:43 11136 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2010-09-16 17:44 . 2010-09-16 17:44 11152 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2010-09-16 17:43 . 2010-09-16 17:43 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2010-09-16 17:44 . 2010-09-16 17:44 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2010-09-16 17:43 . 2010-09-16 17:43 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2010-09-16 17:43 . 2010-09-16 17:43 19320 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2010-09-16 17:51 . 2009-10-09 21:56 2048 c:\windows\winsxs\x86_microsoft-windows-winrsplugins_31bf3856ad364e35_7.0.6002.18111_none_09839c8ab9bb7786\winrsmgr.dll
+ 2010-09-16 17:51 . 2009-10-09 21:56 2048 c:\windows\winsxs\x86_microsoft-windows-powershell-message_31bf3856ad364e35_7.0.6002.18111_none_20921e29c0790be4\pwrshmsg.dll
+ 2010-09-16 17:28 . 2009-09-10 15:10 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70656b2706\spwmp.dll
+ 2010-09-16 17:28 . 2009-09-10 15:10 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70656b2706\dxmasf.dll
+ 2009-08-02 17:36 . 2009-07-15 12:39 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d\spwmp.dll
+ 2009-08-02 17:36 . 2009-07-15 12:39 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d\dxmasf.dll
+ 2010-09-16 17:28 . 2009-09-10 20:45 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd\spwmp.dll
+ 2010-09-16 17:28 . 2009-09-10 20:45 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd\dxmasf.dll
+ 2009-08-02 17:36 . 2009-07-14 12:58 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd\spwmp.dll
+ 2009-08-02 17:36 . 2009-07-14 12:59 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd\dxmasf.dll
+ 2010-09-16 17:28 . 2009-09-10 17:30 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b26b1ca9ba\spwmp.dll
+ 2010-09-16 17:28 . 2009-09-10 17:31 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b26b1ca9ba\dxmasf.dll
+ 2010-09-16 17:28 . 2009-09-10 17:39 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f51fdf005\spwmp.dll
+ 2010-09-16 17:28 . 2009-09-10 17:40 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f51fdf005\dxmasf.dll
+ 2010-09-16 17:51 . 2009-10-12 21:59 4096 c:\windows\winsxs\x86_microsoft-windows-g..shell-exe.resources_31bf3856ad364e35_7.0.6002.18111_en-us_341232177d1574db\powershell_ise.resources.dll
+ 2010-09-16 17:48 . 2010-04-14 17:53 6656 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22670_none_3467df3ef350874f\McrMgr.dll
+ 2008-01-21 02:25 . 2008-01-21 02:25 6656 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18459_none_33fce2ffda1a968b\McrMgr.dll
+ 2010-09-16 17:29 . 2010-04-16 14:43 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22384_none_0e3fd22308cd9762\AcRes.dll
+ 2010-09-16 17:26 . 2009-08-29 00:24 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d\AcRes.dll
+ 2006-11-02 07:11 . 2006-11-02 07:11 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18244_none_0de17507ef8f87d4\AcRes.dll
+ 2006-11-02 07:11 . 2006-11-02 07:11 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4\AcRes.dll
+ 2010-09-16 17:29 . 2010-04-16 14:16 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22672_none_0c622f930ba0f39f\AcRes.dll
+ 2010-09-16 17:26 . 2009-08-28 10:09 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442\AcRes.dll
+ 2008-12-05 15:49 . 2008-03-08 01:58 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18461_none_0be26083f27c2166\AcRes.dll
+ 2008-12-05 15:49 . 2008-03-08 01:58 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24\AcRes.dll
+ 2010-09-16 17:26 . 2009-08-28 23:11 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af\AcRes.dll
+ 2010-09-16 17:26 . 2009-08-28 23:15 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3\AcRes.dll
+ 2010-09-16 17:51 . 2009-10-09 21:57 7168 c:\windows\winsxs\msil_microsoft.wsman.runtime_31bf3856ad364e35_7.0.6002.18111_none_11c52035751ba819\Microsoft.WSMan.Runtime.dll
+ 2010-09-16 17:51 . 2009-10-12 21:59 9216 c:\windows\winsxs\msil_microsoft.powershell.security.resources_31bf3856ad364e35_7.0.6002.18111_en-us_3497d9d6931ae27d\Microsoft.PowerShell.Security.Resources.dll
+ 2010-09-16 17:51 . 2009-10-12 21:59 7168 c:\windows\winsxs\msil_microsoft.backgroun..anagement.resources_31bf3856ad364e35_7.0.6002.18111_en-us_786466b8a6d2da8b\Microsoft.BackgroundIntelligentTransfer.Management.resources.dll
+ 2010-09-16 17:51 . 2009-10-09 21:56 2048 c:\windows\System32\WindowsPowerShell\v1.0\pwrshmsg.dll
+ 2010-09-16 17:51 . 2009-10-12 21:59 4096 c:\windows\System32\WindowsPowerShell\v1.0\en-US\powershell_ise.resources.dll
- 2010-09-15 23:05 . 2010-09-15 23:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-16 19:48 . 2010-09-16 19:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-16 19:48 . 2010-09-16 19:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-15 23:05 . 2010-09-15 23:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3082.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3076.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.2070.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8024 c:\windows\Microsoft.NET\NETFXRepair.2052.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1055.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1053.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1049.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1046.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1045.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1044.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1043.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1042.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1041.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1040.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1038.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1037.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1036.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1035.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1033.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1032.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1031.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1030.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1029.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8024 c:\windows\Microsoft.NET\NETFXRepair.1028.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1025.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelRegUI.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8040 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll
+ 2010-09-16 17:45 . 2010-09-16 17:45 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\b9b6069e6da06eb57e89cc544397f735\dfsvc.ni.exe
+ 2010-09-16 17:51 . 2009-10-09 21:57 7168 c:\windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
+ 2010-09-16 17:51 . 2009-10-12 21:59 9216 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll
+ 2010-09-16 17:51 . 2009-10-12 21:59 7168 c:\windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.resources.dll
+ 2010-09-16 17:49 . 2008-05-27 05:18 184832 c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchProtocolHost.exe
+ 2010-09-16 17:49 . 2008-05-27 05:18 439808 c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchIndexer.exe
+ 2010-09-16 17:49 . 2008-05-27 05:18 670208 c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssvp.dll
+ 2010-09-16 17:49 . 2008-05-27 05:18 203776 c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssphtb.dll
+ 2010-09-16 17:49 . 2008-05-27 05:18 350208 c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssph.dll
+ 2010-09-16 17:49 . 2008-05-27 04:59 106605 c:\windows\winsxs\x86_windowssearchengine..uredqueryschema.bin_31bf3856ad364e35_7.0.6001.16503_none_88f88929e3c77aa3\StructuredQuerySchema.bin
 
jhooga

jhooga

New Member
+ 2010-09-16 17:49 . 2008-05-27 05:18 231936 c:\windows\winsxs\x86_windowssearchengine-structuredquery_31bf3856ad364e35_7.0.6001.16503_none_98586419f9103903\msshsq.dll
+ 2010-09-16 17:51 . 2009-07-16 17:22 126976 c:\windows\winsxs\x86_microsoft.powershel..ershell.composition_31bf3856ad364e35_7.0.6002.18111_none_51bd91a0334b35cd\CompiledComposition.Microsoft.PowerShell.GPowerShell.dll
+ 2010-09-16 17:51 . 2009-10-09 21:57 112640 c:\windows\winsxs\x86_microsoft.backgroun..r.management.module_31bf3856ad364e35_7.0.6002.18111_none_cc9a45ee22f4030f\Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll
+ 2010-09-16 17:29 . 2008-10-22 03:34 160768 c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceTypes.dll
+ 2010-09-16 17:29 . 2008-10-22 03:34 241152 c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceApi.dll
+ 2008-01-21 02:25 . 2008-01-21 02:25 160768 c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceTypes.dll
+ 2010-09-16 17:29 . 2008-10-22 03:57 241152 c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceApi.dll
+ 2010-09-16 17:29 . 2008-10-22 03:39 160768 c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceTypes.dll
+ 2010-09-16 17:29 . 2008-10-22 03:39 241152 c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceApi.dll
+ 2010-09-16 17:29 . 2008-10-22 03:43 160768 c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceTypes.dll
+ 2010-09-16 17:29 . 2008-10-22 03:43 241152 c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceApi.dll
+ 2010-09-16 17:50 . 2009-10-09 21:56 241152 c:\windows\winsxs\x86_microsoft-windows-winrsplugins_31bf3856ad364e35_7.0.6002.18111_none_09839c8ab9bb7786\winrscmd.dll
+ 2010-09-16 17:28 . 2008-08-28 03:37 347648 c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6001.22253_none_93e85c5fd1e8ef0d\WindowsCodecsExt.dll
+ 2010-09-16 17:28 . 2008-08-28 03:40 347136 c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6001.18131_none_93725ed8b8bce4b3\WindowsCodecsExt.dll
+ 2010-09-16 17:28 . 2008-08-28 03:22 347648 c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6000.20905_none_923a2fcfd498023c\WindowsCodecsExt.dll
+ 2010-09-16 17:28 . 2008-08-28 03:24 347136 c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6000.16740_none_91804ffcbb9f565c\WindowsCodecsExt.dll
+ 2010-09-16 17:28 . 2008-08-28 03:37 712704 c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.22253_none_96d8476dba6192a6\WindowsCodecs.dll
+ 2010-09-16 17:28 . 2008-08-28 03:40 712704 c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.18131_none_966249e6a135884c\WindowsCodecs.dll
+ 2010-09-16 17:28 . 2008-08-28 03:22 712704 c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.20905_none_952a1addbd10a5d5\WindowsCodecs.dll
+ 2010-09-16 17:28 . 2008-08-28 03:24 712192 c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.16740_none_94703b0aa417f9f5\WindowsCodecs.dll
+ 2010-09-16 17:50 . 2009-10-09 21:56 214016 c:\windows\winsxs\x86_microsoft-windows-w..for-management-core_31bf3856ad364e35_7.0.6002.18111_none_bdb29b83351bf42c\WsmWmiPl.dll
+ 2010-09-16 17:50 . 2009-10-09 21:56 145408 c:\windows\winsxs\x86_microsoft-windows-w..for-management-core_31bf3856ad364e35_7.0.6002.18111_none_bdb29b83351bf42c\WsmAuto.dll
+ 2010-09-16 17:50 . 2009-10-09 21:55 252416 c:\windows\winsxs\x86_microsoft-windows-w..for-management-core_31bf3856ad364e35_7.0.6002.18111_none_bdb29b83351bf42c\WSManMigrationPlugin.dll
+ 2010-09-16 17:50 . 2009-10-09 21:56 246272 c:\windows\winsxs\x86_microsoft-windows-w..for-management-core_31bf3856ad364e35_7.0.6002.18111_none_bdb29b83351bf42c\WSManHTTPConfig.exe
+ 2010-09-16 17:50 . 2009-08-01 06:27 201184 c:\windows\winsxs\x86_microsoft-windows-w..for-management-core_31bf3856ad364e35_7.0.6002.18111_none_bdb29b83351bf42c\winrm.vbs
+ 2010-09-16 17:49 . 2008-05-27 05:17 143872 c:\windows\winsxs\x86_microsoft-windows-w..eakerstemmer-korean_31bf3856ad364e35_7.0.6001.16503_none_14072d09797cf93d\korwbrkr.dll
+ 2010-09-16 17:49 . 2008-05-27 05:17 313344 c:\windows\winsxs\x86_microsoft-windows-w..breakerstemmer-thai_31bf3856ad364e35_7.0.6001.16503_none_d40428cfc6b6fdf9\thawbrkr.dll
+ 2010-09-16 17:48 . 2010-04-14 17:54 293376 c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22670_none_dc3b2eff7065f9a1\psisdecd.dll
+ 2010-09-16 17:48 . 2010-04-14 17:47 293376 c:\windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18459_none_dbd032c0573008dd\psisdecd.dll
+ 2010-09-16 17:48 . 2010-04-14 17:54 428544 c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22670_none_e0b60d45a7bcf5f6\EncDec.dll
+ 2010-09-16 17:48 . 2010-04-14 17:46 428544 c:\windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18459_none_e04b11068e870532\EncDec.dll
+ 2010-09-16 17:28 . 2010-01-25 12:37 471552 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6002.22321_none_a350e80647cb55d4\secproc.dll
+ 2010-09-16 17:28 . 2010-01-25 08:28 518144 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6002.22321_none_a350e80647cb55d4\RMActivate.exe
+ 2010-09-16 17:28 . 2010-01-25 12:00 471552 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6002.18193_none_a27d9a752ee4af28\secproc.dll
+ 2010-09-16 17:28 . 2010-01-25 08:21 518144 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6002.18193_none_a27d9a752ee4af28\RMActivate.exe
+ 2010-09-16 17:28 . 2010-01-25 12:32 472576 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6001.22613_none_a177469e4a9b176d\secproc.dll
+ 2010-09-16 17:28 . 2010-01-25 08:34 518144 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6001.22613_none_a177469e4a9b176d\RMActivate.exe
+ 2010-09-16 17:28 . 2010-01-25 12:48 472064 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6001.18411_none_a0eba759317f47ce\secproc.dll
+ 2010-09-16 17:28 . 2010-01-25 08:34 511488 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6001.18411_none_a0eba759317f47ce\RMActivate.exe
+ 2010-09-16 17:28 . 2010-01-25 12:35 472576 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6000.21210_none_9f8ddd564d777092\secproc.dll
+ 2010-09-16 17:28 . 2010-01-25 08:27 515584 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6000.21210_none_9f8ddd564d777092\RMActivate.exe
+ 2010-09-16 17:28 . 2010-01-25 12:58 472576 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6000.17008_none_9f1710e1344a8268\secproc.dll
+ 2010-09-16 17:28 . 2010-01-25 08:36 515584 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6000.17008_none_9f1710e1344a8268\RMActivate.exe
+ 2010-09-16 17:28 . 2010-01-25 12:38 152576 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6002.22321_none_721a38317a650774\secproc_ssp.dll
+ 2010-09-16 17:28 . 2010-01-25 08:28 347136 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6002.22321_none_721a38317a650774\RMActivate_ssp.exe
+ 2010-09-16 17:28 . 2010-01-25 12:00 152064 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6002.18193_none_7146eaa0617e60c8\secproc_ssp.dll
+ 2010-09-16 17:28 . 2010-01-25 08:21 347136 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6002.18193_none_7146eaa0617e60c8\RMActivate_ssp.exe
+ 2010-09-16 17:28 . 2010-01-25 12:33 152576 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6001.22613_none_704096c97d34c90d\secproc_ssp.dll
+ 2010-09-16 17:28 . 2010-01-25 08:34 347136 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6001.22613_none_704096c97d34c90d\RMActivate_ssp.exe
+ 2010-09-16 17:28 . 2010-01-25 12:48 151040 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6001.18411_none_6fb4f7846418f96e\secproc_ssp.dll
+ 2010-09-16 17:28 . 2010-01-25 08:34 347136 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6001.18411_none_6fb4f7846418f96e\RMActivate_ssp.exe
+ 2010-09-16 17:28 . 2010-01-25 12:35 154112 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6000.21210_none_6e572d8180112232\secproc_ssp.dll
+ 2010-09-16 17:28 . 2010-01-25 08:27 435712 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6000.21210_none_6e572d8180112232\RMActivate_ssp.exe
+ 2010-09-16 17:28 . 2010-01-25 12:58 154112 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6000.17008_none_6de0610c66e43408\secproc_ssp.dll
+ 2010-09-16 17:28 . 2010-01-25 08:36 435712 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6000.17008_none_6de0610c66e43408\RMActivate_ssp.exe
+ 2010-09-16 17:28 . 2010-01-25 12:38 475648 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6002.22321_none_ebad56a205fcee15\secproc_isv.dll
+ 2010-09-16 17:28 . 2010-01-25 08:28 526336 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6002.22321_none_ebad56a205fcee15\RMActivate_isv.exe
+ 2010-09-16 17:28 . 2010-01-25 12:00 471552 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6002.18193_none_eada0910ed164769\secproc_isv.dll
+ 2010-09-16 17:28 . 2010-01-25 08:21 526336 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6002.18193_none_eada0910ed164769\RMActivate_isv.exe
+ 2010-09-16 17:28 . 2010-01-25 12:33 476672 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6001.22613_none_e9d3b53a08ccafae\secproc_isv.dll
+ 2010-09-16 17:28 . 2010-01-25 08:34 526336 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6001.22613_none_e9d3b53a08ccafae\RMActivate_isv.exe
+ 2010-09-16 17:28 . 2010-01-25 12:48 472576 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6001.18411_none_e94815f4efb0e00f\secproc_isv.dll
+ 2010-09-16 17:28 . 2010-01-25 08:35 523776 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6001.18411_none_e94815f4efb0e00f\RMActivate_isv.exe
+ 2010-09-16 17:28 . 2010-01-25 12:35 473088 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6000.21210_none_e7ea4bf20ba908d3\secproc_isv.dll
+ 2010-09-16 17:28 . 2010-01-25 08:28 523776 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6000.21210_none_e7ea4bf20ba908d3\RMActivate_isv.exe
+ 2010-09-16 17:28 . 2010-01-25 12:58 473088 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6000.17008_none_e7737f7cf27c1aa9\secproc_isv.dll
+ 2010-09-16 17:28 . 2010-01-25 08:35 523776 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6000.17008_none_e7737f7cf27c1aa9\RMActivate_isv.exe
+ 2010-09-16 17:28 . 2010-01-25 12:38 153088 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6002.22321_none_f772482c14c2182f\secproc_ssp_isv.dll
+ 2010-09-16 17:28 . 2010-01-25 08:28 346624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6002.22321_none_f772482c14c2182f\RMActivate_ssp_isv.exe
+ 2010-09-16 17:28 . 2010-01-25 12:00 152576 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6002.18193_none_f69efa9afbdb7183\secproc_ssp_isv.dll
+ 2010-09-16 17:28 . 2010-01-25 08:21 346624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6002.18193_none_f69efa9afbdb7183\RMActivate_ssp_isv.exe
+ 2010-09-16 17:28 . 2010-01-25 12:33 153088 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6001.22613_none_f598a6c41791d9c8\secproc_ssp_isv.dll
+ 2010-09-16 17:28 . 2010-01-25 08:34 346624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6001.22613_none_f598a6c41791d9c8\RMActivate_ssp_isv.exe
+ 2010-09-16 17:28 . 2010-01-25 12:48 151040 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6001.18411_none_f50d077efe760a29\secproc_ssp_isv.dll
+ 2010-09-16 17:28 . 2010-01-25 08:35 346624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6001.18411_none_f50d077efe760a29\RMActivate_ssp_isv.exe
+ 2010-09-16 17:28 . 2010-01-25 12:35 154624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6000.21210_none_f3af3d7c1a6e32ed\secproc_ssp_isv.dll
+ 2010-09-16 17:28 . 2010-01-25 08:28 431104 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6000.21210_none_f3af3d7c1a6e32ed\RMActivate_ssp_isv.exe
+ 2010-09-16 17:28 . 2010-01-25 12:58 154624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6000.17008_none_f3387107014144c3\secproc_ssp_isv.dll
+ 2010-09-16 17:28 . 2010-01-25 08:36 431104 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6000.17008_none_f3387107014144c3\RMActivate_ssp_isv.exe
+ 2010-09-16 17:28 . 2010-01-25 12:35 352768 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6002.22321_none_ea59157ba997c9d0\msdrm.dll
+ 2010-09-16 17:28 . 2010-01-25 11:58 332288 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6002.18193_none_e985c7ea90b12324\msdrm.dll
+ 2010-09-16 17:28 . 2010-01-25 12:31 336384 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6001.22613_none_e87f7413ac678b69\msdrm.dll
+ 2010-09-16 17:28 . 2010-01-25 12:45 329216 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6001.18411_none_e7f3d4ce934bbbca\msdrm.dll
+ 2010-09-16 17:28 . 2010-01-25 12:34 312832 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6000.21210_none_e6960acbaf43e48e\msdrm.dll
+ 2010-09-16 17:28 . 2010-01-25 12:56 312320 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6000.17008_none_e61f3e569616f664\msdrm.dll
+ 2010-09-16 17:49 . 2008-05-27 05:17 754176 c:\windows\winsxs\x86_microsoft-windows-propsys_31bf3856ad364e35_7.0.6001.16503_none_f3d11aeeb9526bbb\propsys.dll
+ 2010-09-16 17:51 . 2009-10-09 21:56 448000 c:\windows\winsxs\x86_microsoft-windows-powershell-exe_31bf3856ad364e35_7.0.6002.18111_none_5c6324d78a46cb5b\powershell.exe
+ 2010-09-16 17:28 . 2008-08-28 03:37 425472 c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6001.22253_none_cac5f153fec7a8b2\PhotoMetadataHandler.dll
+ 2010-09-16 17:28 . 2008-08-28 03:40 425472 c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6001.18131_none_ca4ff3cce59b9e58\PhotoMetadataHandler.dll
+ 2010-09-16 17:28 . 2008-08-28 03:21 425472 c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6000.20905_none_c917c4c40176bbe1\PhotoMetadataHandler.dll
+ 2010-09-16 17:28 . 2008-08-28 03:24 425472 c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6000.16740_none_c85de4f0e87e1001\PhotoMetadataHandler.dll
+ 2010-09-16 17:51 . 2009-10-09 21:57 154112 c:\windows\winsxs\x86_microsoft-windows-p..-wsman-pluginworker_31bf3856ad364e35_7.0.6002.18111_none_5347c6e307802485\pspluginwkr.dll
+ 2010-09-16 17:28 . 2009-09-10 15:10 310784 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.22223_none_b05140d2ecdc475e\unregmp2.exe
+ 2010-09-16 17:28 . 2009-09-10 14:58 310784 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.18111_none_afd0735fd3b858f5\unregmp2.exe
+ 2010-09-16 17:28 . 2009-09-10 15:23 310784 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.22520_none_ae67ce0cefb8a635\unregmp2.exe
+ 2010-09-16 17:28 . 2009-09-10 15:21 310784 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.18330_none_add35f6fd6a32535\unregmp2.exe
+ 2010-09-16 17:28 . 2009-09-10 15:14 311296 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.21125_none_ac866714f28dca12\unregmp2.exe
+ 2010-09-16 17:28 . 2009-09-10 15:29 311296 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.16926_none_abfdf271d96f105d\unregmp2.exe
+ 2010-09-16 17:28 . 2009-09-10 15:10 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70656b2706\wmpshare.exe
+ 2010-09-16 17:28 . 2009-09-10 15:10 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70656b2706\wmplayer.exe
+ 2010-09-16 17:28 . 2009-09-10 15:10 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70656b2706\wmpconfig.exe
+ 2009-08-02 17:36 . 2009-07-15 12:39 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d\wmpshare.exe
+ 2010-09-16 17:28 . 2009-09-10 14:58 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d\wmplayer.exe
+ 2009-08-02 17:36 . 2009-07-15 12:39 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d\wmpconfig.exe
+ 2010-09-16 17:28 . 2009-09-10 15:23 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd\wmpshare.exe
+ 2010-09-16 17:28 . 2009-09-10 15:23 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd\wmplayer.exe
+ 2010-09-16 17:28 . 2009-09-10 15:23 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd\wmpconfig.exe
+ 2009-08-02 17:36 . 2009-07-14 10:58 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd\wmpshare.exe
+ 2010-09-16 17:28 . 2009-09-10 15:21 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd\wmplayer.exe
 
You must log in or register to reply here.
Top