Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mbam Scans clean, but gmer finds odd stuff and rootrepeal locks up my system


  • This topic is locked This topic is locked
36 replies to this topic

#1 lomax327

lomax327

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:NorthEast USA
  • Local time:08:09 PM

Posted 17 September 2009 - 08:45 PM

First off, Hello! I am new here, and want to give all the staff a great big THANK YOU for volunteering your time helping folks.
I myself have learned a TON from reading the topics here, and hope to learn a great deal more.

I have included the information asked for by Rimmer in my signature to help with identifying my system specs, etc.

A while back, I was using Norton 360 and got infected with some malware, mainly Alureon.BC and Alureon.BJ.
That prompted me to switch to WindowsLive OneCare and also supplement with Mbam, which has been working great.

My Mbam scans and OneCare scans are coming back clean, but...

From time to time as I research more on malware removal techniques, I download and test out scanning tools to
make sure my protection software isnt missing things. My system seems to be running ok, but I have scanned
with Rootkit Revealer, as well as Gmer and found some odd looking stuff...

Mainly, I noticed a slew of entries in the scan that were similar to the following:

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvatkvrmfukqxqoxksgcbctmwsltxpggy@start 1

I followed the steps in Grinler's preparation post, and downloaded and ran DDS. That seemed to work fine.
I will post the DDS log as well as attach my attach.txt below.

I tried running RootRepeal, and upon selecting Report, and clicking Scan, and selecting the items and drives,
the program said "Initializing, please wait..." and my system slowed to an absolute crawl.

I understand that CPU utilization should go up and the system should take a significant performance hit during ANY scan...
but even so, this seemed out of the ordinary with how unusable the system was.

I waited 20 minutes, and eventually my HDD LED went off (it had been on solid up to that point)...
and my mouse wouldnt respond. Another 10 minutes later, I decided it was hard locked, and reluctantly powered it down.

I rebooted, disabled my network connection, disabled mbam's protection module as well as OneCare's
virus/spyware protection. I tried root repeal again. Same result... it never got past "Initializing, please wait..."

Im a little concerned at this point and would be eternally grateful to anyone who can help me illuminate what
might be my issue... (and I hope it isnt me doing something really dumb, that would be embarassing, but I would
rather learn than protect my pride lol).

As RootRepeal was locking up my system, I unfortunately dont have an ark.txt log to include... but if it helps I
am attaching the gmerlog as a hopeful substitute.

Here is the DDs log:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Dave Yeisley at 18:30:35.06 on Thu 09/17/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2373 [GMT -4:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
L:\Tools\Antivirusspyware\i3bilxer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Dave Yeisley\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\daveye~1\applic~1\mozilla\firefox\profiles\9r1ayfxd.default\
FF - prefs.js: browser.startup.homepage - hxxp://aenea.aforumfree.com/index.htm?sid=68056079b2babf68c795146e84531f48|http://theregulators3.10.forumer.com/index.php?sid=853c048dde9784435595a69caac21585
FF - plugin: c:\program files\java\j2re1.4.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.0_04\bin\NPJPI140_04.dll
FF - plugin: c:\program files\java\j2re1.4.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-4-21 269648]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2009-7-9 26104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-9-5 19160]
S3 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2007-4-2 26144]

=============== Created Last 30 ================

2009-09-17 16:14 <DIR> --d----- c:\program files\Microsoft Windows Vista Upgrade Advisor
2009-09-17 16:10 <DIR> --d----- c:\windows\Performance
2009-09-17 16:09 <DIR> --d----- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-09-17 00:07 <DIR> --d----- c:\program files\SpywareBlaster
2009-09-09 23:21 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-06 13:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-09-06 13:21 722,416 -------- c:\windows\system32\drivers\sptd.sys
2009-09-06 13:21 <DIR> --d----- c:\docume~1\daveye~1\applic~1\DAEMON Tools Pro
2009-09-05 01:19 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-09-05 01:16 <DIR> a-dshr-- C:\cmdcons
2009-09-05 01:15 230,912 -------- c:\windows\PEV.exe
2009-09-05 01:15 161,792 -------- c:\windows\SWREG.exe
2009-09-05 01:15 <DIR> --ds---- C:\ComboFix
2009-09-05 01:13 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-05 01:13 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-04 22:42 <DIR> --d----- c:\docume~1\daveye~1\applic~1\AVG8
2009-08-28 22:30 4,142,592 -------- c:\windows\system32\qtintf.dll
2009-08-28 22:30 <DIR> --d----- c:\program files\APC
2009-08-28 22:28 10,240 a------- c:\windows\system32\drivers\compbatt.sys
2009-08-28 22:28 10,240 -c------ c:\windows\system32\dllcache\compbatt.sys
2009-08-28 22:28 14,208 a------- c:\windows\system32\drivers\battc.sys
2009-08-28 22:28 14,208 -c------ c:\windows\system32\dllcache\battc.sys
2009-08-28 22:28 20,352 a------- c:\windows\system32\drivers\hidbatt.sys
2009-08-28 22:28 20,352 -c------ c:\windows\system32\dllcache\hidbatt.sys

==================== Find3M ====================

2009-08-31 20:51 33,280 a------- c:\windows\system32\rundll32.exe
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 13:09 915,456 -------- c:\windows\system32\wininet.dll
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-04-20 22:40 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042020090421\index.dat
2009-04-21 12:51 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042120090422\index.dat

============= FINISH: 18:38:35.17 ===============

Attached Files


My old sig had lots of info, but it was too long.
My new sig is short, but doesnt say much.

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 PM

Posted 03 October 2009 - 09:58 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 lomax327

lomax327
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:NorthEast USA
  • Local time:08:09 PM

Posted 03 October 2009 - 09:23 PM

THANK YOU SO MUCH for your your response!

I know you folks must be getting hammered... its been that way at my job, too.... if I could just get my hands on the guys who
write malware..... bad things.... very bad things.....

I am running the DDS tool again, will reply back with the logs.

As I mentioned above, my system does appear to be running alright, so this is not a crisis situation.

I have created several system restore points and also made Acronis Images of my boot drive to a
secondary hard disk that is currently disabled in my BIOS.... so if things go totally south, I can get
back up and running without major data loss. I just want to be totally sure my system is clean, as
my experience with the Alureon rootkit showed me that things can LOOK fine, but there can be
bad stuff going on behind the scenes.

I went through my add/remove programs list and found I had previously installed Miscrosoft SteadyState,
I think after the senior technician at WindowsLive OneCare had helped me combofix my machine to
nuke the alureon rootkit. I never enabled the full functionality of the SteadyState application, so I uninstalled
it.

I also had to recently mess around with some CD/ISO images tools because my job requires me to have
a bunch of different software tools, and I needed to combine them into one CD... The main tools being
on Hiren's BootCD.... but I had a bunch of other stuff I needed to add to the ISO and I downloaded and
tested various apps in the process to try and edit the ISO. I created a system restore point before I did any messing
around, and after each failure, I restored back... so hopefullythat didnt screw the machine up worse.

Other than that, I have mainly been playing some online games and doing email. So the above notes
should cover *most* if not all of the changes to the machine.

DDS logs will be incoming shortly.

Edited by lomax327, 03 October 2009 - 11:18 PM.

My old sig had lots of info, but it was too long.
My new sig is short, but doesnt say much.

#4 lomax327

lomax327
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:NorthEast USA
  • Local time:08:09 PM

Posted 03 October 2009 - 09:31 PM

OK.

Physically disconnected ethernet cable- check.

Disabled my LAN connection - check.

Disabled OneCare virus/spyware protection - check.

Disabled MalwareBytes IP protection and also the realtime Protection Module - check.

Ran DDS.scr - check.

DDS log is as follows:


DDS (Ver_09-09-29.01) - NTFSx86
Run by Dave Yeisley at 22:26:08.79 on Sat 10/03/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2561 [GMT -4:00]

AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Dave Yeisley\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\daveye~1\applic~1\mozilla\firefox\profiles\9r1ayfxd.default\
FF - prefs.js: browser.startup.homepage - hxxp://aenea.aforumfree.com/index.htm?sid=68056079b2babf68c795146e84531f48|http://theregulators3.10.forumer.com/index.php?sid=853c048dde9784435595a69caac21585
FF - plugin: c:\program files\java\jre6\bin\npdeploytk.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_16.dll
FF - plugin: c:\program files\java\jre6\bin\npoji610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-4-21 269648]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2009-7-9 26104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-9-5 19160]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2007-4-2 26144]

=============== Created Last 30 ================

2009-09-27 14:05 <DIR> --d----- c:\program files\DVD Identifier
2009-09-23 18:53 577,024 -c------ c:\windows\system32\dllcache\Notepad.exe
2009-09-23 18:53 69,120 -------- c:\windows\system32\notepad.exe.orig
2009-09-23 18:53 69,120 -------- c:\windows\notepad.exe.orig
2009-09-23 18:51 <DIR> --d----- C:\notepad
2009-09-23 16:56 <DIR> --d----- c:\program files\GnuWin32
2009-09-23 01:57 <DIR> --d----- c:\documents and settings\dave yeisley\.java
2009-09-21 21:48 3,086,155,776 a------- C:\vista ultimate 32bit upgrade.iso
2009-09-20 22:45 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-09-20 22:37 <DIR> --d----- c:\program files\D-Tools
2009-09-20 22:36 <DIR> --d----- c:\program files\SoftDisc
2009-09-20 17:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2009-09-18 22:04 <DIR> --ds---- C:\ComboFix
2009-09-17 23:44 411,368 -------- c:\windows\system32\deploytk.dll
2009-09-17 23:44 73,728 -------- c:\windows\system32\javacpl.cpl
2009-09-17 16:14 <DIR> --d----- c:\program files\Microsoft Windows Vista Upgrade Advisor
2009-09-17 16:10 <DIR> --d----- c:\windows\Performance
2009-09-17 16:09 <DIR> --d----- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-09-17 00:07 <DIR> --d----- c:\program files\SpywareBlaster
2009-09-09 23:21 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-06 13:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-09-06 13:21 722,416 -------- c:\windows\system32\drivers\sptd.sys
2009-09-06 13:21 <DIR> --d----- c:\docume~1\daveye~1\applic~1\DAEMON Tools Pro
2009-09-05 01:19 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-09-05 01:16 <DIR> a-dshr-- C:\cmdcons
2009-09-05 01:13 38,224 -------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-05 01:13 19,160 -------- c:\windows\system32\drivers\mbam.sys
2009-09-04 22:42 <DIR> --d----- c:\docume~1\daveye~1\applic~1\AVG8

==================== Find3M ====================

2009-08-31 20:51 33,280 a------- c:\windows\system32\rundll32.exe
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-03 15:07 403,816 -------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 -------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 -------- c:\windows\system32\OGAEXEC.exe
2009-07-28 00:00 577,024 a------- c:\windows\system32\notepad.exe
2009-07-28 00:00 577,024 a------- c:\windows\notepad.exe
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-04-20 22:40 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042020090421\index.dat
2009-04-21 12:51 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042120090422\index.dat

============= FINISH: 22:26:28.51 ===============


I have saved the attach.txt file to desktop, and will 7zip and attach it if requested.

I am just really concerned as to why rootrepeal is locking my baby up.... :(
My old sig had lots of info, but it was too long.
My new sig is short, but doesnt say much.

#5 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:09 PM

Posted 08 October 2009 - 12:24 PM

Hello lomax327 :( Welcome to the BC HijackThis Log and Analysis forum. Sorry about your wait, but I will be assisting you in cleaning up your system from here on out.


I ask that you refrain from running tools other than those we suggest while we are performing the clean-up. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.





Some questions for you:


1) What if any actual symptoms are you experiencing that makes you believe you are still infected? Is the RootRepeal locking up your main issue?

2) In your first reply the logs showed that you had ComboFix on your computer and it looks to have been taken off since then. How did you go about removing the program and if you ran it what did it show...was there deletions made?


Please answer these questions and we'll try to go from there.











Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#6 lomax327

lomax327
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:NorthEast USA
  • Local time:08:09 PM

Posted 08 October 2009 - 08:16 PM

Hey thewall, thanks for responding :(

Lets see,

1. The suspicious entries in the gmer log is my main concern, but secondarily yes, rootrepeal locking up the system also.

I dont know of a reason for rootrepeal to lock my PC up, but if there is one that is not the result of infection I would very
much like to confirm that is the issue.

The gmer log from the scan I finished found some randomly names entries that looked very suspicious to me, so this
was my main red flag. Running root repeal in preparation for posting here was when I locked up and became MORE concerned.

2. To remove combofix, I went to Start>Run then typed in combofix /u and hit Enter. I am certain combofix created
logs, and I believe there was a deletion, but I cannot remember unfortunately :(

I also think uninstalling combofix may have removed the log files... if not, where would I find them?
I already checked for a qoobox folder on my C drive, but there isnt one.

I will not be running any tools on my system until instructed otherwise by you, nor will I be posting anywhere else
about this issue unless instructed to do so by you.

I also already subscribed for email notifications to this thread :)

Please let me know how to proceed, thanks!

Edited by lomax327, 08 October 2009 - 08:17 PM.

My old sig had lots of info, but it was too long.
My new sig is short, but doesnt say much.

#7 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:09 PM

Posted 08 October 2009 - 09:13 PM

Hope we don't need any of the files CF may have deleted because they are gone bye-bye now. :(

Go to C:\ComboFix and open it up. If there is a ComboFix.txt file in there please copy and past it in your next reply.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#8 lomax327

lomax327
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:NorthEast USA
  • Local time:08:09 PM

Posted 08 October 2009 - 10:57 PM

Sadly, no... all there is in c:\combofix is

CF13551.exe

and

NircmdB.exe


No log :(
My old sig had lots of info, but it was too long.
My new sig is short, but doesnt say much.

#9 lomax327

lomax327
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:NorthEast USA
  • Local time:08:09 PM

Posted 08 October 2009 - 11:25 PM

Going to bed soon, so probably wont hear from me till the evening, after 9pm EST.

Thank you again for your help :(
My old sig had lots of info, but it was too long.
My new sig is short, but doesnt say much.

#10 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:09 PM

Posted 09 October 2009 - 10:25 AM

We need to create an OTL Report
  • Please download OTL from the mirror:
    This is THE Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:[list]
    OTListIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#11 lomax327

lomax327
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:NorthEast USA
  • Local time:08:09 PM

Posted 09 October 2009 - 09:44 PM

OTL.Txt is as follows:

OTL logfile created on: 10/9/2009 10:33:33 pm - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Dave Yeisley\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): F:\pagefile.sys 0 0H:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 277.99 Gb Free Space | 93.26% Space Free | Partition Type: NTFS
Drive D: | 100.04 Gb Total Space | 59.87 Gb Free Space | 59.84% Space Free | Partition Type: NTFS
Drive E: | 100.04 Gb Total Space | 39.55 Gb Free Space | 39.54% Space Free | Partition Type: NTFS
Drive F: | 8.01 Gb Total Space | 4.96 Gb Free Space | 61.98% Space Free | Partition Type: NTFS
Drive G: | 89.99 Gb Total Space | 3.63 Gb Free Space | 4.03% Space Free | Partition Type: NTFS
Drive H: | 590.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: EXCELSIOR
Current User Name: Dave Yeisley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/07/09 17:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
PRC - [2005/12/12 15:02:24 | 00,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2009/09/10 14:54:02 | 00,269,648 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/07/09 12:15:32 | 00,026,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
PRC - [2003/06/20 08:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe
PRC - [2007/11/27 22:56:32 | 00,755,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
PRC - [2009/07/09 12:15:38 | 01,139,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/07/09 12:15:38 | 00,065,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
PRC - [2009/09/10 14:54:00 | 00,420,176 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/09/17 23:44:11 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/12/12 15:03:54 | 00,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2009/09/17 20:15:05 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/09 22:32:17 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave Yeisley\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/12/12 15:02:24 | 00,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service [Auto | Running])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/02/21 20:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Disabled | Stopped])
SRV - [2009/04/27 21:20:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Disabled | Stopped])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/09/10 14:54:02 | 00,269,648 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])
SRV - [2007/11/27 22:56:32 | 00,755,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc [Auto | Running])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [On_Demand | Stopped])
SRV - [2009/07/09 12:15:32 | 00,026,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon [Auto | Running])
SRV - [2008/07/09 17:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/04/14 05:42:04 | 00,105,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgasvc.dll -- (p2pgasvc [On_Demand | Stopped])
SRV - [2003/06/20 08:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (SimpTcp [Auto | Running])
SRV - [2008/04/14 05:42:38 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe -- (SNMP [On_Demand | Stopped])
SRV - [2009/05/12 15:12:14 | 00,026,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe -- (spupdsvc [On_Demand | Stopped])
SRV - [2009/07/09 12:15:38 | 01,139,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss [Auto | Running])
SRV - [2006/10/18 23:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/06/27 20:42:14 | 03,972,672 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2007/04/16 21:46:00 | 00,033,792 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdPPM.sys -- (AmdPPM [System | Running])
DRV - [2006/02/21 20:46:26 | 01,505,792 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2008/04/14 00:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2009/05/29 15:56:08 | 00,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/14 00:06:40 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\HidBatt.sys -- (HidBatt [On_Demand | Stopped])
DRV - [2003/03/29 12:45:18 | 00,089,184 | R--- | M] (Ahead Software AG and its licensors) -- C:\WINDOWS\system32\DRIVERS\imagedrv.sys -- (Imagedrv [Boot | Running])
DRV - [2002/04/11 14:47:52 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\IPFilter.sys -- (IPFilter [On_Demand | Running])
DRV - [2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running])
DRV - [2008/05/15 16:15:16 | 00,053,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\MpFilter.sys -- (MpFilter [On_Demand | Running])
DRV - [2007/11/27 22:56:28 | 00,091,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\msfwdrv.sys -- (MSFWDrv [Auto | Running])
DRV - [2007/11/27 22:56:30 | 00,116,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\msfwhlpr.sys -- (MSFWHLPR [System | Running])
DRV - [2004/06/02 22:40:46 | 00,079,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus [Boot | Running])
DRV - [2004/04/02 18:40:00 | 00,021,760 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp [Boot | Running])
DRV - [2003/06/20 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/02/13 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/09/06 13:21:35 | 00,722,416 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/06/20 07:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys -- (Tcpip6 [System | Running])
DRV - [2008/04/14 00:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2007/12/06 09:51:00 | 00,285,952 | ---- | M] (Marvell) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1220945662-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1220945662-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1220945662-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1220945662-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1220945662-1060284298-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1220945662-1060284298-839522115-1003\S-1-5-21-1220945662-1060284298-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://aenea.aforumfree.com/index.htm?sid=68056079b2babf68c795146e84531f48|http://theregulators3.10.forumer.com/index.php?sid=853c048dde9784435595a69caac21585"
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.07
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 22:57:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/17 20:15:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/17 23:44:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/21 22:45:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/04/26 20:08:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Yeisley\Application Data\mozilla\Extensions
[2009/04/26 20:08:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Yeisley\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/08 23:20:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Yeisley\Application Data\mozilla\Firefox\Profiles\9r1ayfxd.default\extensions
[2009/06/25 23:04:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Yeisley\Application Data\mozilla\Firefox\Profiles\9r1ayfxd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/06 20:17:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Yeisley\Application Data\mozilla\Firefox\Profiles\9r1ayfxd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/06/04 01:09:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dave Yeisley\Application Data\mozilla\Firefox\Profiles\9r1ayfxd.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/10/08 23:20:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/17 20:15:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/17 23:44:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/09/17 20:14:59 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/17 20:14:59 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/31 22:47:26 | 00,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2009/09/17 23:44:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/09/17 20:15:08 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/21 08:24:52 | 00,660,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/09/17 20:15:13 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/09/17 20:15:13 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/09/17 20:15:13 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/09/17 20:15:13 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/09/17 20:15:13 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/09/17 20:15:13 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/09/17 20:15:13 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1220945662-1060284298-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1220945662-1060284298-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1220945662-1060284298-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1220945662-1060284298-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1220945662-1060284298-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1220945662-1060284298-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1220945662-1060284298-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O7 - HKU\S-1-5-21-1220945662-1060284298-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1220945662-1060284298-839522115-1003\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Key error. (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/02 21:50:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/09/21 18:09:24 | 00,000,337 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2002/09/09 21:18:28 | 00,049,152 | R--- | M] (Microsoft Corporation) - H:\AUTORUN2.EXE -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[24 C:\WINDOWS\*.tmp files]
[2009/09/20 17:32:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2009/09/17 16:14:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
[2009/09/17 22:11:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/09/17 23:43:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave Yeisley\Application Data\Sun
[2009/09/17 16:09:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave Yeisley\Local Settings\Application Data\Microsoft Corporation
[2009/09/20 22:37:41 | 00,000,000 | ---D | C] -- C:\Program Files\D-Tools
[2009/09/27 14:05:27 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Identifier
[2009/09/23 16:56:26 | 00,000,000 | ---D | C] -- C:\Program Files\GnuWin32
[2009/09/17 16:09:14 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2009/09/17 16:14:43 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
[2009/09/20 22:36:37 | 00,000,000 | ---D | C] -- C:\Program Files\SoftDisc
[2009/09/17 00:07:56 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/09/13 17:48:02 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/10/09 22:32:06 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave Yeisley\Desktop\OTL.exe
[2009/09/23 18:53:05 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\notepad.exe.orig
[2009/09/23 18:53:05 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe.orig
[2009/09/23 18:51:08 | 00,000,000 | ---D | C] -- C:\notepad
[2009/09/20 22:10:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave Yeisley\My Documents\Alcohol 120%
[2009/09/18 22:04:34 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/09/17 23:48:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/09/17 23:44:20 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/09/17 23:44:20 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/17 23:44:20 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/09/17 18:29:19 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Dave Yeisley\Desktop\RootRepeal.exe
[2009/09/17 17:39:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave Yeisley\Desktop\Vista&Win7upgradereports
[2009/09/17 16:10:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2009/09/15 01:12:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2009/09/15 01:12:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2009/09/15 01:12:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2009/09/15 01:12:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2009/09/15 01:12:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2009/09/15 01:12:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2009/09/15 01:12:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2009/09/15 01:12:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2009/09/15 01:12:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2009/09/15 01:12:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2009/09/15 01:12:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2009/09/15 01:12:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2009/09/15 01:12:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2009/09/15 01:12:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2009/09/15 01:12:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2009/09/15 01:12:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2009/09/15 01:12:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2009/09/09 23:21:21 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[24 C:\WINDOWS\*.tmp files]
[2009/10/09 22:32:17 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave Yeisley\Desktop\OTL.exe
[2009/10/09 22:27:29 | 00,020,812 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/09 22:26:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/09 22:26:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/09 22:26:46 | 32,207,54432 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/09 00:20:03 | 00,003,614 | ---- | M] () -- C:\WINDOWS\System32\NOTEPAD.ini
[2009/10/07 06:58:33 | 00,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume E Task.job
[2009/10/07 05:36:24 | 00,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume D Task.job
[2009/10/07 04:53:39 | 00,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job
[2009/10/07 03:53:12 | 00,000,520 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Dave Yeisley.job
[2009/10/07 01:00:47 | 00,000,506 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Dave Yeisley.job
[2009/10/05 02:32:40 | 04,286,712 | -H-- | M] () -- C:\Documents and Settings\Dave Yeisley\Local Settings\Application Data\IconCache.db
[2009/10/03 22:13:16 | 00,361,369 | ---- | M] () -- C:\Documents and Settings\Dave Yeisley\Desktop\dds.scr
[2009/10/03 04:31:55 | 00,000,840 | ---- | M] () -- C:\WINDOWS\tasks\Daily Backup.job
[2009/09/30 13:49:02 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/21 21:46:18 | 00,026,785 | ---- | M] () -- C:\Documents and Settings\Dave Yeisley\Desktop\AutoIDCard.pdf
[2009/09/20 18:18:23 | 00,000,041 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/09/19 00:30:32 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Dave Yeisley\Desktop\settings.dat
[2009/09/18 23:08:40 | 00,020,754 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2009/09/18 09:55:54 | 00,004,214 | ---- | M] () -- C:\Documents and Settings\Dave Yeisley\Desktop\kaspersky report.html
[2009/09/17 23:44:11 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/17 23:44:11 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/09/17 23:44:11 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/17 23:44:11 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/09/17 23:44:10 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/09/17 18:29:21 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Dave Yeisley\Desktop\RootRepeal.exe
[2009/09/17 00:08:25 | 00,000,713 | ---- | M] () -- C:\Documents and Settings\Dave Yeisley\Desktop\SpywareBlaster.lnk
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files - No Company Name ==========
[2009/10/08 21:34:43 | 00,003,614 | ---- | C] () -- C:\WINDOWS\System32\NOTEPAD.ini
[2009/10/03 22:13:06 | 00,361,369 | ---- | C] () -- C:\Documents and Settings\Dave Yeisley\Desktop\dds.scr
[2009/09/23 18:53:05 | 00,577,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\Notepad.exe
[2009/09/21 21:48:10 | 30,861,55776 | ---- | C] () -- C:\vista ultimate 32bit upgrade.iso
[2009/09/21 21:46:18 | 00,026,785 | ---- | C] () -- C:\Documents and Settings\Dave Yeisley\Desktop\AutoIDCard.pdf
[2009/09/20 17:54:51 | 00,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/09/18 09:55:54 | 00,004,214 | ---- | C] () -- C:\Documents and Settings\Dave Yeisley\Desktop\kaspersky report.html
[2009/09/17 18:53:11 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Dave Yeisley\Desktop\settings.dat
[2009/09/17 00:12:08 | 00,000,713 | ---- | C] () -- C:\Documents and Settings\Dave Yeisley\Desktop\SpywareBlaster.lnk
[2009/09/06 13:21:35 | 00,722,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/08/16 16:19:27 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/11 00:39:43 | 00,001,082 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2009/07/09 00:57:23 | 04,286,712 | -H-- | C] () -- C:\Documents and Settings\Dave Yeisley\Local Settings\Application Data\IconCache.db
[2009/07/08 21:09:26 | 00,030,336 | ---- | C] () -- C:\Documents and Settings\Dave Yeisley\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/17 01:43:36 | 00,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/30 00:27:00 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/08/02 10:42:03 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/31 17:47:07 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/03/31 17:47:07 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/03/31 17:47:07 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/03/22 19:29:54 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/01 00:45:36 | 00,000,223 | ---- | C] () -- C:\Documents and Settings\Dave Yeisley\Application Data\NWNToolPrefs.txt
[2007/04/04 20:42:36 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/04/04 19:56:29 | 00,000,171 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2007/04/03 23:48:04 | 00,000,225 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2007/04/03 01:40:47 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007/04/02 21:58:12 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2007/04/02 21:58:00 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/04/02 21:54:01 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Dave Yeisley\Application Data\desktop.ini
[2007/04/02 14:33:34 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/02/28 08:00:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/04/11 14:47:52 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[1996/04/03 15:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\RUNDLL32.EXE:SummaryInformation
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:6CB1B301D992F19D
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2F2F703
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


Extras.Txt is as follows:

OTL Extras logfile created on: 10/9/2009 10:33:33 pm - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Dave Yeisley\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): F:\pagefile.sys 0 0H:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 277.99 Gb Free Space | 93.26% Space Free | Partition Type: NTFS
Drive D: | 100.04 Gb Total Space | 59.87 Gb Free Space | 59.84% Space Free | Partition Type: NTFS
Drive E: | 100.04 Gb Total Space | 39.55 Gb Free Space | 39.54% Space Free | Partition Type: NTFS
Drive F: | 8.01 Gb Total Space | 4.96 Gb Free Space | 61.98% Space Free | Partition Type: NTFS
Drive G: | 89.99 Gb Total Space | 3.63 Gb Free Space | 4.03% Space Free | Partition Type: NTFS
Drive H: | 590.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: EXCELSIOR
Current User Name: Dave Yeisley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()

[HKEY_USERS\S-1-5-21-1220945662-1060284298-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Games2\World of Warcraft\BackgroundDownloader.exe" = D:\Games2\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\Microsoft Games\Mechwarrior Mercenaries\MW4Mercs.icd" = D:\Microsoft Games\Mechwarrior Mercenaries\MW4Mercs.icd:*:Enabled:MechWarrior IV -- (Microsoft Corp.)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0C98E73E-D495-CA87-EF1D-50D3A719351E}" = CCC Help Dutch
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0FF1802B-4FE0-81D5-D28F-5095543CB57B}" = Skins
"{173A4BD8-B1E5-252A-FE86-C84C7E7B5F2E}" = CCC Help English
"{17986CD6-070C-BE3E-E4D6-C36DDEEAA37C}" = Catalyst Control Center Graphics Previews Common
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20D1D37A-817B-3A45-FDF5-507BD8A79680}" = CCC Help Chinese Traditional
"{21879F6C-52F6-7A6F-6736-A7C912653608}" = CCC Help Danish
"{21E4AB1F-C62E-C5C1-96A3-F4378A763C5B}" = CCC Help Chinese Standard
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{272DDF13-3B89-D0D8-B668-CEC4FB34C1E7}" = Catalyst Control Center Localization All
"{2743B5EB-7C1C-36CC-FBBB-A02F2F4EC52D}" = ccc-utility
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star WarsŪ: Knights of the Old Republic ™
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.28 Idcrl Install
"{38DCE347-CE45-219E-56AD-30FCB04CF71A}" = CCC Help Hungarian
"{3F9FCFE0-4979-6377-771D-E8A3F3B197E7}" = CCC Help Portuguese
"{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}" = Windows 7 Upgrade Advisor Beta
"{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.28
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5C844F60-CFF2-33DE-FD0D-09F3C392679B}" = Catalyst Control Center HydraVision Full
"{5F723D64-4042-ABAE-2A9E-1FEBA1FE4B00}" = CCC Help Korean
"{61709405-4DB8-410C-53DC-A76945D7EBC1}" = CCC Help Turkish
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{6CDB4B41-9244-EC3F-5FBC-550A8BC697F4}" = CCC Help Japanese
"{6EF0B467-8FDD-845E-F168-C7F0C6124C26}" = CCC Help Finnish
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74FF7813-4878-AB41-8503-22287CF11F37}" = Catalyst Control Center Graphics Light
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79469AEF-FF16-C52B-F7F8-E1E203A036E5}" = CCC Help Italian
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{83E08A1E-963B-8846-8082-88B996FC060E}" = CCC Help Swedish
"{85CFDC2D-710E-49D5-B799-F3743CA506BA}" = Microsoft Protection Service
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{8CE71429-DB97-4069-9718-6B7F4BED8BDF}" = WinTin++
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ABF04DC-A40D-B4DA-189B-89497B599AB7}" = CCC Help French
"{9D56C31A-C9C8-394C-0804-670B0D2E0E1F}" = CCC Help Norwegian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B59A1FFA-4EE2-805D-7B48-806DE73AAE03}" = CCC Help Thai
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C37810F2-3983-B864-EB7F-DCCB67703FB0}" = Catalyst Control Center Graphics Full New
"{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}" = Windows Vista Upgrade Advisor
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF6D9C4-EFA6-F0EC-8E56-8C85609D267D}" = ccc-core-preinstall
"{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.28
"{D1C2B2A9-6FC3-69A6-DDCC-10179BD2A978}" = CCC Help German
"{D34768C2-79B7-44D2-B895-5B9270C7AD8C}" = Fritz8
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D5C8DB90-573F-A4E4-6EBF-728B634E3E07}" = CCC Help Polish
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{DD76E812-359A-FEA9-FB17-2E55EBB36543}" = Catalyst Control Center Core Implementation
"{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"{E83971BF-8FEE-F2A6-E0CC-5187C1ECBD4D}" = CCC Help Greek
"{E9C6DC23-56C9-2B27-5FEC-4EEDD107D2D6}" = ccc-core-static
"{EAC31CB7-575E-8C31-468D-10D5FB31CD1A}" = Catalyst Control Center Graphics Full Existing
"{F07717A3-8376-AA87-6BE2-D560F1EBABF0}" = CCC Help Spanish
"{F371C899-B40A-811A-2825-30BE7E941CC9}" = CCC Help Czech
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF6486A6-608F-F80C-BE5C-17D07E2D49BF}" = CCC Help Russian
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner (remove only)
"Chessmaster 9000" = Chessmaster 9000
"Dasher" = Dasher
"Defraggler" = Defraggler (remove only)
"DVD Identifier_is1" = DVD Identifier
"Gzip-1.3.12-1_is1" = GnuWin32: Gzip-1.3.12-1
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MechWarrior Mercenaries" = MechWarrior 4 Mercenaries
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero8Lite_is1" = Nero 8 Lite 8.1.1.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Orion2DeinstKey" = Master of Orion II
"SpywareBlaster_is1" = SpywareBlaster 4.2
"ST6UNST #1" = FreeDVD Codec Installer Version 1.0
"The Ultimate Troubleshooter" = The Ultimate Troubleshooter
"Trillian" = Trillian
"UnrealTournament" = Unreal Tournament
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinSS" = Windows Live OneCare
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/17/2009 1:26:59 pm | Computer Name = EXCELSIOR | Source = Application Error | ID = 1000
Description = Faulting application ghost32.exe, version 11.5.0.2165, faulting module
ghost32.exe, version 11.5.0.2165, fault address 0x000f72b1.

Error - 9/18/2009 11:01:47 pm | Computer Name = EXCELSIOR | Source = Windows Product Activation | ID = 1012
Description = Due to hardware changes on this computer, you will need to reactivate
your Windows product.

Error - 9/19/2009 12:22:06 am | Computer Name = EXCELSIOR | Source = Application Error | ID = 1000
Description = Faulting application nwmain.exe, version 1.6.9.0, faulting module
nwmain.exe, version 1.6.9.0, fault address 0x00394677.

Error - 9/20/2009 2:11:06 am | Computer Name = EXCELSIOR | Source = NTBackup | ID = 8019
Description = End Operation: Warnings or errors were encountered. Consult the backup
report for more details.

Error - 9/29/2009 12:36:33 am | Computer Name = EXCELSIOR | Source = Application Error | ID = 1000
Description = Faulting application nwmain.exe, version 1.6.9.0, faulting module
nwmain.exe, version 1.6.9.0, fault address 0x0013cacd.

Error - 10/1/2009 8:47:44 pm | Computer Name = EXCELSIOR | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module indiv01.key, version 11.0.6000.6324, fault address 0x0010bed7.

Error - 10/1/2009 9:39:11 pm | Computer Name = EXCELSIOR | Source = Application Error | ID = 1000
Description = Faulting application nwmain.exe, version 1.6.9.0, faulting module
nwmain.exe, version 1.6.9.0, fault address 0x0013cacd.

Error - 10/5/2009 1:29:56 am | Computer Name = EXCELSIOR | Source = Application Error | ID = 1000
Description = Faulting application nwmain.exe, version 1.6.9.0, faulting module
nwmain.exe, version 1.6.9.0, fault address 0x0038680b.

Error - 10/5/2009 1:57:05 am | Computer Name = EXCELSIOR | Source = Application Error | ID = 1000
Description = Faulting application nwmain.exe, version 1.6.9.0, faulting module
nwmain.exe, version 1.6.9.0, fault address 0x0038680b.

Error - 10/7/2009 3:42:58 pm | Computer Name = EXCELSIOR | Source = Application Error | ID = 1000
Description = Faulting application nwmain.exe, version 1.6.9.0, faulting module
nwmain.exe, version 1.6.9.0, fault address 0x001bedaa.

[ System Events ]
Error - 10/7/2009 4:15:15 pm | Computer Name = EXCELSIOR | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{93561965-2053-4B43-B00D.
The
master browser is stopping or an election is being forced.

Error - 10/7/2009 5:51:28 pm | Computer Name = EXCELSIOR | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{93561965-2053-4B43-B00D.
The
master browser is stopping or an election is being forced.

Error - 10/7/2009 7:27:24 pm | Computer Name = EXCELSIOR | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{93561965-2053-4B43-B00D.
The
master browser is stopping or an election is being forced.

Error - 10/7/2009 9:03:25 pm | Computer Name = EXCELSIOR | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{93561965-2053-4B43-B00D.
The
master browser is stopping or an election is being forced.

Error - 10/7/2009 10:39:18 pm | Computer Name = EXCELSIOR | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{93561965-2053-4B43-B00D.
The
master browser is stopping or an election is being forced.

Error - 10/8/2009 12:15:13 am | Computer Name = EXCELSIOR | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{93561965-2053-4B43-B00D.
The
master browser is stopping or an election is being forced.

Error - 10/8/2009 9:06:33 pm | Computer Name = EXCELSIOR | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{93561965-2053-4B43-B00D.
The
master browser is stopping or an election is being forced.

Error - 10/8/2009 10:06:40 pm | Computer Name = EXCELSIOR | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{93561965-2053-4B43-B00D.
The
master browser is stopping or an election is being forced.

Error - 10/8/2009 11:12:21 pm | Computer Name = EXCELSIOR | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{93561965-2053-4B43-B00D.
The
master browser is stopping or an election is being forced.

Error - 10/9/2009 12:24:18 am | Computer Name = EXCELSIOR | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MAC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{93561965-2053-4B43-B00D.
The
master browser is stopping or an election is being forced.

[ Windows OneCare Events ]
Error - 8/4/2009 10:37:41 pm | Computer Name = EXCELSIOR | Source = WinSS | ID = 8001
Description = Successfully detected a local printer failed to share it PrinterName
= Microsoft XPS Document Writer MachineName = EXCELSIOR ShareName = DriverName =
Microsoft XPS Document Writer Driver FileName = mxdwdrv.dll Driver Version = 3 Driver
File Creation date = 0 Driver Port = XPSPort: Eligibility For Sharing = 1 Shared By
OneCare = 0 Pre-OneCare Status = 0 Local Printer = 0 Sharing Status = 0 Error Type
= 5 Error Code = 0x0 EventID = 1 TelemetryAutoGuid = {9E14B282-071F-4E21-9FA0-4FB16F05E0B9}

Error - 8/4/2009 10:37:41 pm | Computer Name = EXCELSIOR | Source = WinSS | ID = 8001
Description = Successfully detected a local printer failed to share it PrinterName
= Microsoft Office Document Image Writer MachineName = EXCELSIOR ShareName = DriverName
= Microsoft Office Document Image Writer Driver Driver FileName = mdigraph.dll Driver
Version = 3 Driver File Creation date = 0 Driver Port = Microsoft Document Imaging
Writer Port: Eligibility For Sharing = 1 Shared By OneCare = 0 Pre-OneCare Status
= 1 Local Printer = 0 Sharing Status = 1 Error Type = 5 Error Code = 0x0 EventID = 1 TelemetryAutoGuid
= {9E14B282-071F-4E21-9FA0-4FB16F05E0B9}


< End of report >
My old sig had lots of info, but it was too long.
My new sig is short, but doesnt say much.

#12 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:09 PM

Posted 09 October 2009 - 10:34 PM

OK I want you to download and run CF again. If you installed the Recovery Console last time it should still be on your computer and you won't need to do so again. If you did not the you will need to install it first:


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found HERE
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#13 lomax327

lomax327
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:NorthEast USA
  • Local time:08:09 PM

Posted 10 October 2009 - 12:15 AM

An oddity I noticed after running combofix: The qoobox folder has reappeared in c: with an old log (dated 9.5.09) named combofix2.txt. It wasnt visible just before this run of combofix. I can post the old log if desired, as it does have deletions listed, though the other data may be outdated... it might be worth peeking at however. Let me know.

Here is the log of the current run of combofix, apparently it found something bad in a data stream:

ComboFix 09-10-08.04 - Dave Yeisley 10/10/2009 1:04.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2484 [GMT -4:00]
Running from: c:\documents and settings\Dave Yeisley\Desktop\ComboFix.exe
AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
* Created a new restore point
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.

2009-09-27 18:05 . 2009-09-27 18:05 -------- d-----w- c:\program files\DVD Identifier
2009-09-23 22:53 . 2009-07-28 04:00 577024 -c----w- c:\windows\system32\dllcache\Notepad.exe
2009-09-23 22:51 . 2009-09-23 22:51 -------- d-----w- C:\notepad
2009-09-23 20:56 . 2009-09-23 20:56 -------- d-----w- c:\program files\GnuWin32
2009-09-23 05:57 . 2009-09-23 05:57 -------- d-----w- c:\documents and settings\Dave Yeisley\.java
2009-09-21 02:45 . 2009-09-21 02:45 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-21 02:37 . 2009-09-21 02:45 -------- d-----w- c:\program files\D-Tools
2009-09-21 02:36 . 2009-09-21 02:45 -------- d-----w- c:\program files\SoftDisc
2009-09-20 21:32 . 2009-09-20 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-09-18 03:48 . 2009-09-18 03:48 -------- d-----w- c:\windows\Sun
2009-09-18 03:44 . 2009-09-18 03:44 411368 ------w- c:\windows\system32\deploytk.dll
2009-09-18 02:11 . 2009-09-18 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-17 20:14 . 2009-09-17 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Corporation
2009-09-17 20:14 . 2009-09-17 20:14 -------- d-----w- c:\program files\Microsoft Windows Vista Upgrade Advisor
2009-09-17 20:10 . 2009-09-17 20:10 -------- d-----w- c:\windows\Performance
2009-09-17 20:09 . 2009-09-17 20:09 -------- d-----w- c:\documents and settings\Dave Yeisley\Local Settings\Application Data\Microsoft Corporation
2009-09-17 20:09 . 2009-09-17 20:09 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-09-17 04:07 . 2009-09-17 04:11 -------- d-----w- c:\program files\SpywareBlaster
2009-09-13 21:48 . 2009-09-13 21:48 -------- d-----w- c:\program files\Windows Live Safety Center

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-10 02:28 . 2009-08-05 02:32 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-10-10 02:27 . 2009-04-13 18:41 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-23 21:30 . 2009-07-11 07:28 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-23 06:05 . 2009-06-04 05:37 -------- d-----w- c:\program files\SpeedFan
2009-09-23 06:03 . 2007-04-04 04:15 -------- d-----w- c:\program files\Java
2009-09-23 06:03 . 2007-04-03 01:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-13 09:34 . 2009-04-21 23:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-13 07:45 . 2009-07-31 02:57 -------- d-----w- c:\program files\Nero
2009-09-11 01:04 . 2009-04-17 16:17 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 18:54 . 2009-09-05 05:13 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-09-05 05:13 19160 ------w- c:\windows\system32\drivers\mbam.sys
2009-09-09 01:20 . 2009-05-17 03:54 -------- d-----w- c:\program files\Trillian
2009-09-06 17:31 . 2009-09-06 17:21 -------- d-----w- c:\documents and settings\Dave Yeisley\Application Data\DAEMON Tools Pro
2009-09-06 17:24 . 2009-09-06 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-09-06 17:21 . 2009-09-06 17:21 722416 ------w- c:\windows\system32\drivers\sptd.sys
2009-09-05 05:23 . 2009-04-20 03:25 -------- d-----w- c:\documents and settings\Dave Yeisley\Application Data\Malwarebytes
2009-09-05 05:13 . 2009-04-20 03:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-05 02:42 . 2009-09-05 02:42 -------- d-----w- c:\documents and settings\Dave Yeisley\Application Data\AVG8
2009-09-01 00:51 . 2003-06-20 12:00 33280 ----a-w- c:\windows\system32\rundll32.exe
2009-08-29 02:30 . 2009-08-29 02:30 -------- d-----w- c:\program files\APC
2009-08-17 01:38 . 2009-08-17 01:38 -------- d-----w- c:\program files\7-Zip
2009-08-14 00:48 . 2009-08-14 00:48 -------- d-----w- c:\documents and settings\Dave Yeisley\Application Data\Acreon
2009-08-06 23:24 . 2007-04-03 01:48 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2007-04-03 01:48 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2009-04-21 01:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2007-04-03 01:48 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2009-04-21 00:57 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2003-06-20 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2007-04-03 01:48 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2009-04-21 00:57 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 23:23 . 2008-08-09 15:06 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2007-07-30 23:18 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2003-06-20 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 19:07 . 2009-08-03 19:07 403816 ------w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07 322928 ------w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07 230768 ------w- c:\windows\system32\OGAEXEC.exe
2009-07-28 04:00 . 2003-06-20 12:00 577024 ----a-w- c:\windows\system32\notepad.exe
2009-07-28 04:00 . 2003-06-20 12:00 577024 ----a-w- c:\windows\notepad.exe
2009-07-17 19:01 . 2003-06-20 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2008-04-14 09:42 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-04-01 02:47 . 2009-02-25 01:32 324976 ------w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 65240]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-18 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-8-28 221247]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Games2\\World of Warcraft\\BackgroundDownloader.exe"=
"d:\\Microsoft Games\\Mechwarrior Mercenaries\\MW4Mercs.icd"=
"c:\\WINDOWS\\system32\\ftp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/21/2009 7:35 pm 269648]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [7/9/2009 12:15 pm 26104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/5/2009 1:13 am 19160]
S3 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [4/2/2007 10:02 pm 26144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-03 c:\windows\Tasks\Daily Backup.job
- c:\windows\system32\ntbackup.exe [2003-06-20 09:42]

2009-10-07 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2009-07-22 14:10]

2009-10-07 c:\windows\Tasks\Defraggler Volume D Task.job
- c:\program files\Defraggler\df.exe [2009-07-22 14:10]

2009-10-07 c:\windows\Tasks\Defraggler Volume E Task.job
- c:\program files\Defraggler\df.exe [2009-07-22 14:10]

2009-10-07 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Dave Yeisley.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-04-21 18:53]

2009-10-10 c:\windows\Tasks\Malwarebytes' Scheduled Update for Dave Yeisley.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-04-21 18:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Dave Yeisley\Application Data\Mozilla\Firefox\Profiles\9r1ayfxd.default\
FF - prefs.js: browser.startup.homepage - hxxp://aenea.aforumfree.com/index.htm?sid=68056079b2babf68c795146e84531f48|http://theregulators3.10.forumer.com/index.php?sid=853c048dde9784435595a69caac21585
FF - plugin: c:\program files\Java\jre6\bin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\npjpi160_16.dll
FF - plugin: c:\program files\Java\jre6\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-10 01:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3280)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-10 1:08
ComboFix-quarantined-files.txt 2009-10-10 05:08
ComboFix2.txt 2009-09-05 05:20

Pre-Run: 298,394,963,968 bytes free
Post-Run: 298,378,567,680 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
181 --- E O F --- 2009-09-10 07:04
My old sig had lots of info, but it was too long.
My new sig is short, but doesnt say much.

#14 lomax327

lomax327
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:NorthEast USA
  • Local time:08:09 PM

Posted 10 October 2009 - 12:22 AM

Actually, at the risk of you becoming irritated with me (please dont be upset!) I will post the old log here to try and save you some time... please ignore if this doesnt help:


*****OLD COMBOFIX LOG****

ComboFix 09-09-03.02 - Dave Yeisley 09/05/2009 1:16.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2589 [GMT -4:00]
Running from: e:\disc images\Tools\antivirusspyware\ComboFix.exe
AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1a7c9ce.msp
c:\windows\Installer\4463ad4.msi
c:\windows\system32\SelfDel.bat
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.

2009-09-05 05:13 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-05 05:13 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-05 02:42 . 2009-09-05 02:42 -------- d-----w- c:\documents and settings\Dave Yeisley\Application Data\AVG8
2009-08-29 02:30 . 2004-08-10 19:35 4142592 ------w- c:\windows\system32\qtintf.dll
2009-08-29 02:30 . 2009-08-29 02:30 -------- d-----w- c:\program files\APC
2009-08-29 02:28 . 2008-04-14 04:06 10240 -c----w- c:\windows\system32\dllcache\compbatt.sys
2009-08-29 02:28 . 2008-04-14 04:06 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2009-08-29 02:28 . 2008-04-14 04:06 14208 -c----w- c:\windows\system32\dllcache\battc.sys
2009-08-29 02:28 . 2008-04-14 04:06 14208 ----a-w- c:\windows\system32\drivers\battc.sys
2009-08-29 02:28 . 2008-04-14 04:06 20352 -c----w- c:\windows\system32\dllcache\hidbatt.sys
2009-08-29 02:28 . 2008-04-14 04:06 20352 ----a-w- c:\windows\system32\drivers\hidbatt.sys
2009-08-17 01:38 . 2009-08-17 01:38 -------- d-----w- c:\program files\7-Zip
2009-08-14 00:48 . 2009-08-14 00:48 -------- d-----w- c:\documents and settings\Dave Yeisley\Application Data\Acreon
2009-08-14 00:48 . 2009-08-14 00:54 -------- d-----w- c:\documents and settings\Dave Yeisley\Local Settings\Application Data\._Revolution_
2009-08-12 01:43 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 05:13 . 2009-09-05 05:13 687104 ----a-w- c:\windows\isRS-000.tmp
2009-09-05 05:13 . 2009-04-21 23:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-05 05:13 . 2009-04-20 03:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-05 01:41 . 2009-08-05 02:32 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-09-05 01:07 . 2009-04-13 18:41 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-01 03:04 . 2009-05-17 03:54 -------- d-----w- c:\program files\Trillian
2009-09-01 00:51 . 2003-06-20 12:00 33280 ----a-w- c:\windows\system32\rundll32.exe
2009-08-29 02:30 . 2007-04-03 01:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-22 19:35 . 2009-07-11 07:28 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-05 09:01 . 2003-06-20 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 02:42 . 2009-04-17 16:17 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 02:58 . 2009-07-31 02:58 -------- d-----w- c:\documents and settings\Dave Yeisley\Application Data\Nero
2009-07-31 02:58 . 2009-07-31 02:57 -------- d-----w- c:\program files\Nero
2009-07-31 02:57 . 2009-07-31 02:57 -------- d-----w- c:\program files\Common Files\Nero
2009-07-31 02:57 . 2009-07-31 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-07-31 02:33 . 2009-07-22 17:46 -------- d-----w- c:\program files\CCleaner
2009-07-22 17:31 . 2009-07-22 17:27 -------- d-----w- c:\program files\Defraggler
2009-07-22 15:48 . 2009-06-04 05:37 -------- d-----w- c:\program files\SpeedFan
2009-07-19 18:32 . 2009-07-19 18:32 -------- d-----w- c:\program files\Common Files\NVIDIA Shared
2009-07-19 18:32 . 2009-07-19 18:32 -------- d-----w- c:\program files\NVIDIA Corporation
2009-07-17 19:01 . 2003-06-20 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2008-04-14 09:42 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 08:22 . 2009-07-11 08:22 -------- d-----w- c:\documents and settings\Dave Yeisley\Application Data\Leadertech
2009-07-11 07:57 . 2009-07-11 07:34 -------- d-----w- c:\documents and settings\Dave Yeisley\Application Data\Ahead
2009-07-11 07:05 . 2007-04-04 04:18 -------- d-----w- c:\program files\Ahead
2009-07-11 04:50 . 2009-07-11 04:50 664 ------w- c:\windows\system32\d3d9caps.dat
2009-07-11 04:44 . 2009-07-11 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-07-11 04:42 . 2007-04-03 03:18 -------- d-----w- c:\program files\ATI Technologies
2009-07-09 01:10 . 2009-07-09 01:10 -------- d-----w- c:\documents and settings\Dave Yeisley\Application Data\Talkback
2009-07-09 01:09 . 2009-07-09 01:09 30336 ------w- c:\documents and settings\Dave Yeisley\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 17:09 . 2003-06-20 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2003-06-20 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2003-06-20 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2003-06-20 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2003-06-20 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2003-06-20 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2003-06-20 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2003-06-20 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2003-06-20 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2003-06-20 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2003-06-20 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2003-06-20 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2003-06-20 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2009-04-21 00:57 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2003-06-20 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-04-01 02:47 . 2009-02-25 01:32 324976 ------w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-25_23.42.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:41 . 2009-07-11 23:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
- 2009-01-30 20:10 . 2009-01-30 20:10 49152 c:\windows\WinSxS\MSIL_MOM_90ba9c70f846762e_2.0.0.0_x-ww_a60193a8\MOM.EXE
+ 2009-07-12 07:37 . 2009-07-12 07:37 49152 c:\windows\WinSxS\MSIL_MOM_90ba9c70f846762e_2.0.0.0_x-ww_a60193a8\MOM.EXE
+ 2009-07-12 07:37 . 2009-07-12 07:37 86016 c:\windows\WinSxS\MSIL_LOG_90ba9c70f846762e_2.0.3404.40476_x-ww_5eb3b0bf\LOG.EXE
- 2009-01-30 20:10 . 2009-01-30 20:10 49152 c:\windows\WinSxS\MSIL_CLI_90ba9c70f846762e_2.0.0.0_x-ww_42656733\CLI.EXE
+ 2009-07-12 07:37 . 2009-07-12 07:37 49152 c:\windows\WinSxS\MSIL_CLI_90ba9c70f846762e_2.0.0.0_x-ww_42656733\CLI.EXE
- 2009-01-30 20:10 . 2009-01-30 20:10 49152 c:\windows\WinSxS\MSIL_CCC_90ba9c70f846762e_2.0.0.0_x-ww_c7ed2bb0\CCC.EXE
+ 2009-07-12 07:37 . 2009-07-12 07:37 49152 c:\windows\WinSxS\MSIL_CCC_90ba9c70f846762e_2.0.0.0_x-ww_c7ed2bb0\CCC.EXE
+ 2009-09-05 05:13 . 2009-09-05 05:13 16384 c:\windows\Temp\Perflib_Perfdata_554.dat
+ 2008-05-27 02:18 . 2008-05-27 02:18 56320 c:\windows\system32\xmlfilter.dll
+ 2008-05-30 18:41 . 2008-05-30 18:41 20496 c:\windows\system32\WSSCPFilter.dll
- 2006-10-19 04:47 . 2006-10-19 02:47 38400 c:\windows\system32\wpdshextres.dll
+ 2006-10-19 04:47 . 2006-10-19 01:47 38400 c:\windows\system32\wpdshextres.dll
+ 2007-04-03 02:26 . 2006-10-19 01:47 63488 c:\windows\system32\wpdmtpus.dll
+ 2007-04-03 02:26 . 2006-10-19 01:47 35840 c:\windows\system32\wpdconns.dll
+ 2003-06-20 12:00 . 2006-10-19 01:47 99840 c:\windows\system32\wmpshell.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 37376 c:\windows\system32\wmdmps.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 33792 c:\windows\system32\wmdmlog.dll
+ 2007-03-26 05:00 . 2007-03-26 05:00 88824 c:\windows\system32\vxblock.dll
+ 2008-05-27 02:19 . 2008-05-27 02:19 97792 c:\windows\system32\UncCplExt.dll
+ 2008-04-14 09:42 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2008-05-27 01:59 . 2008-05-27 01:59 18904 c:\windows\system32\structuredqueryschematrivial.bin
+ 2007-04-03 02:02 . 2009-05-12 19:12 26144 c:\windows\system32\spupdsvc.exe
+ 2009-06-11 07:05 . 2007-04-09 17:23 46472 c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2009-04-27 12:51 . 2009-05-12 19:12 16928 c:\windows\system32\spmsg.dll
+ 2008-05-27 02:17 . 2008-05-27 02:17 87552 c:\windows\system32\searchfilterhost.exe
+ 2008-05-27 02:18 . 2008-05-27 02:18 38400 c:\windows\system32\rtffilt.dll
+ 2009-08-29 02:30 . 2008-04-14 04:06 20352 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\hidbatt.sys
+ 2009-08-29 02:30 . 2008-04-14 04:06 14208 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\battc.sys
+ 2009-07-19 18:44 . 2004-06-03 17:40 79360 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvatabus.sys
+ 2009-07-12 07:46 . 2001-11-09 20:01 24064 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\ativcoxx.dll
+ 2009-07-12 07:46 . 2009-04-28 03:49 17408 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\atitvo32.dll
+ 2009-07-12 07:46 . 2009-04-28 04:28 53248 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\ATIDDC.DLL
+ 2009-07-12 07:46 . 2009-04-28 01:58 45056 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\aticalrt.dll
+ 2009-07-12 07:46 . 2009-04-28 01:58 45056 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\aticalcl.dll
+ 2009-07-12 07:46 . 2009-04-28 04:31 26112 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\Ati2mdxx.exe
+ 2009-07-12 07:46 . 2009-04-28 03:49 53248 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\ati2erec.dll
+ 2009-07-12 07:46 . 2009-04-28 04:31 43520 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\ati2edxx.dll
+ 2009-07-12 07:46 . 2009-04-28 03:55 49664 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\amdpcom32.dll
+ 2009-04-29 02:22 . 2001-11-09 20:01 24064 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativcoxx.dll
+ 2009-04-29 02:22 . 2009-02-25 20:38 17408 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atitvo32.dll
+ 2009-04-29 02:22 . 2009-02-25 21:26 53248 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ATIDDC.DLL
+ 2009-07-11 04:40 . 2009-04-28 01:58 45056 c:\windows\system32\ReinstallBackups\0001\DriverFiles\aticalrt.dll
+ 2009-07-11 04:40 . 2009-04-28 01:58 45056 c:\windows\system32\ReinstallBackups\0001\DriverFiles\aticalcl.dll
+ 2009-04-29 02:22 . 2009-02-25 21:29 26112 c:\windows\system32\ReinstallBackups\0001\DriverFiles\Ati2mdxx.exe
+ 2009-04-29 02:22 . 2009-02-25 20:37 53248 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2erec.dll
+ 2009-04-29 02:22 . 2009-01-14 04:35 43520 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2edxx.dll
+ 2009-04-29 02:22 . 2009-02-25 20:44 49664 c:\windows\system32\ReinstallBackups\0001\DriverFiles\amdpcom32.dll
+ 2009-04-29 02:21 . 2001-11-09 20:01 24064 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ativcoxx.dll
+ 2009-04-29 02:21 . 2009-01-14 03:44 17408 c:\windows\system32\ReinstallBackups\0000\DriverFiles\atitvo32.dll
+ 2009-04-29 02:21 . 2009-01-14 04:32 53248 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ATIDDC.DLL
+ 2009-07-11 04:39 . 2009-02-25 20:32 45056 c:\windows\system32\ReinstallBackups\0000\DriverFiles\aticalrt.dll
+ 2009-07-11 04:39 . 2009-02-25 20:32 45056 c:\windows\system32\ReinstallBackups\0000\DriverFiles\aticalcl.dll
+ 2009-04-29 02:21 . 2009-01-14 04:36 26112 c:\windows\system32\ReinstallBackups\0000\DriverFiles\Ati2mdxx.exe
+ 2009-04-29 02:21 . 2009-01-14 03:43 53248 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2erec.dll
+ 2009-04-29 02:21 . 2009-01-14 04:35 43520 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2edxx.dll
+ 2009-04-29 02:21 . 2009-01-14 03:50 48640 c:\windows\system32\ReinstallBackups\0000\DriverFiles\amdpcom32.dll
+ 2009-04-29 02:21 . 2009-01-14 02:36 45056 c:\windows\system32\ReinstallBackups\0000\DriverFiles\amdcalrt.dll
+ 2009-04-29 02:21 . 2009-01-14 02:36 45056 c:\windows\system32\ReinstallBackups\0000\DriverFiles\amdcalcl.dll
+ 2008-02-13 21:16 . 2008-02-13 21:16 66032 c:\windows\system32\pxinsa64.exe
+ 2008-02-13 21:17 . 2008-02-13 21:17 66544 c:\windows\system32\pxcpya64.exe
+ 2008-05-27 02:18 . 2008-05-27 02:18 71680 c:\windows\system32\propdefs.dll
+ 2003-06-20 12:00 . 2009-03-08 08:31 46592 c:\windows\system32\pngfilt.dll
+ 2007-04-04 04:19 . 2001-06-26 11:15 38912 c:\windows\system32\picn20.dll
- 2007-04-04 04:19 . 2001-06-26 08:15 38912 c:\windows\system32\picn20.dll
+ 2006-02-28 12:00 . 2009-08-05 02:23 78114 c:\windows\system32\perfc009.dat
+ 2008-05-27 02:19 . 2008-05-27 02:19 11264 c:\windows\system32\oephRes.dll
+ 2007-03-02 20:47 . 2006-02-22 00:40 77824 c:\windows\system32\Oemdspif.dll
- 2006-06-29 15:05 . 2006-06-29 15:05 23552 c:\windows\system32\normaliz.dll
+ 2006-06-29 15:05 . 2009-01-07 22:20 23552 c:\windows\system32\normaliz.dll
- 2006-06-29 00:59 . 2006-06-29 00:59 24576 c:\windows\system32\nlsdl.dll
+ 2006-06-29 00:59 . 2009-01-07 22:20 24576 c:\windows\system32\nlsdl.dll
+ 2008-05-27 02:18 . 2008-05-27 02:18 44032 c:\windows\system32\msstrc.dll
+ 2008-05-27 02:17 . 2008-05-27 02:17 32768 c:\windows\system32\mssprxy.dll
+ 2008-05-27 02:17 . 2008-05-27 02:17 87552 c:\windows\system32\mssitlb.dll
+ 2008-05-27 02:17 . 2008-05-27 02:17 11776 c:\windows\system32\msshooks.dll
+ 2008-05-27 02:17 . 2008-05-27 02:17 60416 c:\windows\system32\msscntrs.dll
+ 2008-05-27 02:17 . 2008-05-27 02:17 34816 c:\windows\system32\msscb.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 27136 c:\windows\system32\mspmsnsv.dll
+ 2003-06-20 12:00 . 2009-03-08 08:31 48128 c:\windows\system32\mshtmler.dll
- 2003-06-20 12:00 . 2007-08-13 22:01 48128 c:\windows\system32\mshtmler.dll
+ 2003-06-20 12:00 . 2009-03-08 08:31 66560 c:\windows\system32\mshtmled.dll
+ 2003-06-20 12:00 . 2009-03-08 08:31 45568 c:\windows\system32\mshta.exe
- 2003-06-20 12:00 . 2007-08-13 22:32 45568 c:\windows\system32\mshta.exe
+ 2006-10-17 18:58 . 2009-03-08 08:31 13312 c:\windows\system32\msfeedssync.exe
+ 2006-11-08 04:03 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
+ 2008-01-29 22:30 . 2009-05-12 16:16 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2003-06-20 12:00 . 2009-03-08 08:34 43008 c:\windows\system32\licmgr10.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 11264 c:\windows\system32\LAPRXY.dll
+ 2003-06-20 12:00 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2003-06-20 12:00 . 2009-03-08 08:32 94720 c:\windows\system32\inseng.dll
+ 2003-06-20 12:00 . 2009-03-08 08:31 34816 c:\windows\system32\imgutil.dll
+ 2007-04-24 14:26 . 2009-03-08 08:32 36864 c:\windows\system32\ieudinit.exe
+ 2003-06-20 12:00 . 2009-03-08 08:32 71680 c:\windows\system32\iesetup.dll
+ 2003-06-20 12:00 . 2009-03-08 08:32 55808 c:\windows\system32\iernonce.dll
- 2006-06-29 15:05 . 2006-06-29 15:05 26112 c:\windows\system32\idndl.dll
+ 2006-06-29 15:05 . 2009-01-07 22:20 26112 c:\windows\system32\idndl.dll
+ 2006-10-17 18:58 . 2009-03-08 08:31 59904 c:\windows\system32\icardie.dll
- 2009-04-21 23:05 . 2007-11-28 02:56 91328 c:\windows\system32\DRVSTORE\msfwdrv_8B7A77566FDBAD6964DFFFCFFDA27E97D55990D5\msfwdrv.sys
+ 2009-08-05 02:34 . 2007-11-28 02:56 91328 c:\windows\system32\DRVSTORE\msfwdrv_8B7A77566FDBAD6964DFFFCFFDA27E97D55990D5\msfwdrv.sys
+ 2009-08-05 02:34 . 2008-05-15 20:15 53168 c:\windows\system32\DRVSTORE\mpfilter_7624CBE7EF3BB21A52F29BE608459E93D0D31F4C\mpfilter.sys
+ 2008-02-13 21:16 . 2008-02-13 21:16 68080 c:\windows\system32\drvins64.exe
+ 2007-04-03 02:26 . 2006-10-19 00:00 38528 c:\windows\system32\drivers\wpdusb.sys
+ 2008-02-13 07:00 . 2008-02-13 07:00 43528 c:\windows\system32\drivers\pxhelp20.sys
+ 2004-06-03 17:40 . 2004-06-03 02:40 79360 c:\windows\system32\drivers\nvatabus.sys
- 2004-06-03 17:40 . 2004-06-03 17:40 79360 c:\windows\system32\drivers\nvatabus.sys
- 2009-04-21 23:05 . 2007-11-28 02:56 91328 c:\windows\system32\drivers\msfwdrv.sys
+ 2009-08-05 02:34 . 2007-11-28 02:56 91328 c:\windows\system32\drivers\msfwdrv.sys
+ 2009-08-05 02:34 . 2008-05-15 20:15 53168 c:\windows\system32\drivers\MpFilter.sys
- 2009-04-20 15:52 . 2008-05-15 20:15 53168 c:\windows\system32\drivers\MpFilter.sys
+ 2009-07-19 21:39 . 2008-04-14 04:09 14592 c:\windows\system32\drivers\kbdhid.sys
+ 2009-05-29 20:04 . 2008-04-14 04:15 10624 c:\windows\system32\drivers\gameenum.sys
+ 2007-03-02 20:15 . 2006-02-22 00:09 40960 c:\windows\system32\drivers\ati2erec.dll
+ 2009-06-11 02:12 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-04-21 16:41 . 2006-10-19 01:47 99840 c:\windows\system32\dllcache\wmpshell.dll
+ 2009-04-21 16:41 . 2006-10-19 01:46 64000 c:\windows\system32\dllcache\wmplayer.exe
+ 2009-04-21 16:43 . 2006-10-19 01:47 96256 c:\windows\system32\dllcache\wmpband.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 37376 c:\windows\system32\dllcache\wmdmps.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 33792 c:\windows\system32\dllcache\wmdmlog.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-04-20 06:35 . 2008-04-14 09:42 32866 c:\windows\system32\dllcache\slrundll.exe
+ 2009-04-21 03:42 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
- 2009-04-21 03:42 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2003-06-20 12:00 . 2009-09-01 00:51 33280 c:\windows\system32\dllcache\rundll32.exe
+ 2007-08-13 22:36 . 2009-03-08 08:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-04-21 16:43 . 2006-10-19 01:47 27136 c:\windows\system32\dllcache\mspmsnsv.dll
+ 2007-08-13 22:01 . 2009-03-08 08:31 48128 c:\windows\system32\dllcache\mshtmler.dll
- 2007-08-13 22:01 . 2007-08-13 22:01 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-13 22:54 . 2009-03-08 08:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-13 22:32 . 2009-03-08 08:31 45568 c:\windows\system32\dllcache\mshta.exe
- 2007-08-13 22:32 . 2007-08-13 22:32 45568 c:\windows\system32\dllcache\mshta.exe
+ 2009-04-21 03:29 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-13 22:44 . 2009-03-08 08:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 11264 c:\windows\system32\dllcache\LAPRXY.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2009-07-19 21:39 . 2008-04-14 04:09 14592 c:\windows\system32\dllcache\kbdhid.sys
+ 2007-08-13 22:54 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2007-08-13 22:36 . 2009-03-08 08:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2009-04-21 03:29 . 2009-03-08 08:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2007-08-13 22:18 . 2009-03-08 08:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-05-29 20:04 . 2008-04-14 04:15 10624 c:\windows\system32\dllcache\gameenum.sys
+ 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2003-06-20 12:00 . 2009-03-08 08:33 18944 c:\windows\system32\corpol.dll
+ 2001-11-09 16:01 . 2001-11-09 13:01 24064 c:\windows\system32\ativcoxx.dll
- 2001-11-09 16:01 . 2001-11-09 20:01 24064 c:\windows\system32\ativcoxx.dll
+ 2007-03-02 20:16 . 2006-02-22 00:10 17408 c:\windows\system32\atitvo32.dll
- 2007-03-02 20:16 . 2009-01-14 03:44 17408 c:\windows\system32\atitvo32.dll
- 2007-03-02 20:45 . 2009-01-14 04:32 53248 c:\windows\system32\ATIDDC.DLL
+ 2007-03-02 20:45 . 2006-02-22 00:38 53248 c:\windows\system32\ATIDDC.DLL
+ 2009-02-25 20:32 . 2009-04-28 01:58 45056 c:\windows\system32\aticalrt.dll
+ 2009-02-25 20:32 . 2009-04-28 01:58 45056 c:\windows\system32\aticalcl.dll
- 2007-03-02 20:47 . 2009-01-14 04:36 26112 c:\windows\system32\Ati2mdxx.exe
+ 2007-03-02 20:47 . 2006-02-22 00:40 26112 c:\windows\system32\Ati2mdxx.exe
+ 2007-03-02 20:47 . 2006-02-22 00:40 61440 c:\windows\system32\ati2evxx.dll
+ 2007-03-02 20:47 . 2006-02-22 00:40 40960 c:\windows\system32\ati2edxx.dll
+ 2009-01-14 03:50 . 2009-04-28 03:55 49664 c:\windows\system32\amdpcom32.dll
+ 2003-06-20 12:00 . 2009-03-08 08:32 72704 c:\windows\system32\admparse.dll
+ 2008-07-30 02:07 . 2008-07-30 02:07 23040 c:\windows\Installer\b0421a.msp
+ 2009-01-30 19:57 . 2009-01-30 19:57 88576 c:\windows\Installer\acc783.msi
+ 2009-04-17 16:16 . 2009-04-17 16:16 51712 c:\windows\Installer\99758.msi
+ 2009-05-01 20:41 . 2009-05-01 20:41 26112 c:\windows\Installer\1dd1a3.msi
+ 2009-08-05 02:34 . 2009-08-05 02:34 24064 c:\windows\Installer\1d072.msi
+ 2009-08-05 02:34 . 2009-08-05 02:34 28160 c:\windows\Installer\1d060.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{FF6486A6-608F-F80C-BE5C-17D07E2D49BF}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{F371C899-B40A-811A-2825-30BE7E941CC9}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{F07717A3-8376-AA87-6BE2-D560F1EBABF0}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{EAC31CB7-575E-8C31-468D-10D5FB31CD1A}\ARPPRODUCTICON.exe
+ 2009-07-12 07:37 . 2009-07-12 07:37 10134 c:\windows\Installer\{E9C6DC23-56C9-2B27-5FEC-4EEDD107D2D6}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{E83971BF-8FEE-F2A6-E0CC-5187C1ECBD4D}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{DD76E812-359A-FEA9-FB17-2E55EBB36543}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{D5C8DB90-573F-A4E4-6EBF-728B634E3E07}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{D3B1C799-CB73-42DE-BA0F-2344793A095C}\ARPPRODUCTICON.exe
- 2009-01-30 20:09 . 2009-01-30 20:09 10134 c:\windows\Installer\{D3B1C799-CB73-42DE-BA0F-2344793A095C}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{D1C2B2A9-6FC3-69A6-DDCC-10179BD2A978}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{CEF6D9C4-EFA6-F0EC-8E56-8C85609D267D}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{C37810F2-3983-B864-EB7F-DCCB67703FB0}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{B59A1FFA-4EE2-805D-7B48-806DE73AAE03}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{9D56C31A-C9C8-394C-0804-670B0D2E0E1F}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{9ABF04DC-A40D-B4DA-189B-89497B599AB7}\ARPPRODUCTICON.exe
- 2008-05-17 16:07 . 2008-12-11 05:59 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
+ 2008-05-17 16:07 . 2009-06-11 07:07 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
- 2009-04-17 05:41 . 2009-04-17 05:41 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-06-11 07:07 . 2009-06-11 07:07 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-08-02 14:41 . 2009-04-17 05:41 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-08-02 14:41 . 2009-08-12 05:33 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-08-02 14:41 . 2009-04-17 05:41 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-08-02 14:41 . 2009-08-12 05:33 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-08-02 14:41 . 2009-04-17 05:41 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-08-02 14:41 . 2009-08-12 05:33 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-08-02 14:41 . 2009-08-12 05:33 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-08-02 14:41 . 2009-04-17 05:41 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-08-02 14:41 . 2009-08-12 05:33 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-08-02 14:41 . 2009-04-17 05:41 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-08-02 14:41 . 2009-08-12 05:33 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-08-02 14:41 . 2009-04-17 05:41 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-08-02 04:11 . 2009-08-02 04:11 10134 c:\windows\Installer\{8CE71429-DB97-4069-9718-6B7F4BED8BDF}\SystemFolder_msiexec.exe
- 2009-04-21 22:38 . 2009-04-21 22:38 10134 c:\windows\Installer\{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}\ARPPRODUCTICON.exe
+ 2009-08-05 02:33 . 2009-08-05 02:33 10134 c:\windows\Installer\{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{83E08A1E-963B-8846-8082-88B996FC060E}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{79469AEF-FF16-C52B-F7F8-E1E203A036E5}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{74FF7813-4878-AB41-8503-22287CF11F37}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{6EF0B467-8FDD-845E-F168-C7F0C6124C26}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{6CDB4B41-9244-EC3F-5FBC-550A8BC697F4}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{61709405-4DB8-410C-53DC-A76945D7EBC1}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{5F723D64-4042-ABAE-2A9E-1FEBA1FE4B00}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{5C844F60-CFF2-33DE-FD0D-09F3C392679B}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{3F9FCFE0-4979-6377-771D-E8A3F3B197E7}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{38DCE347-CE45-219E-56AD-30FCB04CF71A}\ARPPRODUCTICON.exe
+ 2009-07-12 07:37 . 2009-07-12 07:37 10134 c:\windows\Installer\{2743B5EB-7C1C-36CC-FBBB-A02F2F4EC52D}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{272DDF13-3B89-D0D8-B668-CEC4FB34C1E7}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{21E4AB1F-C62E-C5C1-96A3-F4378A763C5B}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{21879F6C-52F6-7A6F-6736-A7C912653608}\ARPPRODUCTICON.exe
+ 2009-07-12 07:37 . 2009-07-12 07:37 10134 c:\windows\Installer\{20D1D37A-817B-3A45-FDF5-507BD8A79680}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{17986CD6-070C-BE3E-E4D6-C36DDEEAA37C}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{173A4BD8-B1E5-252A-FE86-C84C7E7B5F2E}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{0FF1802B-4FE0-81D5-D28F-5095543CB57B}\ARPPRODUCTICON.exe
+ 2009-07-12 07:36 . 2009-07-12 07:36 10134 c:\windows\Installer\{0C98E73E-D495-CA87-EF1D-50D3A719351E}\ARPPRODUCTICON.exe
+ 2007-03-22 23:05 . 2007-03-22 23:05 97632 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2009-04-03 22:01 . 2009-04-03 22:01 71504 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\XL12CNVP.DLL
+ 2009-04-03 21:57 . 2009-04-03 21:57 21320 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\WRD12EXE.EXE
+ 2009-04-02 18:35 . 2009-04-02 18:35 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PXBPROXY.DLL
+ 2009-04-02 18:35 . 2009-04-02 18:35 68496 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PXBCOM.EXE
+ 2006-10-27 01:13 . 2006-10-27 01:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XL12CNVP.DLL
+ 2006-10-27 01:07 . 2006-10-27 01:07 17680 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBPROXY.DLL
+ 2009-07-29 03:05 . 2009-04-30 21:22 12800 c:\windows\ie8updates\KB972260-IE8\xpshims.dll
+ 2009-07-29 03:05 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-07-29 03:05 . 2009-04-30 21:22 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2009-06-11 07:06 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll
+ 2009-06-11 07:06 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll
+ 2009-04-29 20:26 . 2009-03-08 18:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-04-29 20:25 . 2009-02-20 18:09 44544 c:\windows\ie8\pngfilt.dll
+ 2009-04-29 20:25 . 2007-08-13 22:01 48128 c:\windows\ie8\mshtmler.dll
+ 2009-04-29 20:25 . 2007-08-13 22:32 45568 c:\windows\ie8\mshta.exe
+ 2009-04-29 20:25 . 2007-08-13 22:36 12288 c:\windows\ie8\msfeedssync.exe
+ 2009-04-29 20:25 . 2009-02-20 18:09 52224 c:\windows\ie8\msfeedsbs.dll
+ 2009-04-29 20:25 . 2007-08-13 22:44 40960 c:\windows\ie8\licmgr10.dll
+ 2009-04-29 20:25 . 2009-02-20 18:09 27648 c:\windows\ie8\jsproxy.dll
+ 2009-04-29 20:25 . 2007-08-13 22:39 92672 c:\windows\ie8\inseng.dll
+ 2009-04-29 20:25 . 2007-08-13 22:36 36352 c:\windows\ie8\imgutil.dll
+ 2009-04-29 20:25 . 2007-08-13 22:39 55296 c:\windows\ie8\iesetup.dll
+ 2009-04-29 20:25 . 2009-02-20 18:09 44544 c:\windows\ie8\iernonce.dll
+ 2009-04-29 20:25 . 2009-02-20 18:09 78336 c:\windows\ie8\ieencode.dll
+ 2009-04-29 20:25 . 2009-02-20 10:20 70656 c:\windows\ie8\ie4uinit.exe
+ 2009-04-29 20:25 . 2009-02-20 18:09 63488 c:\windows\ie8\icardie.dll
+ 2009-04-29 20:25 . 2007-08-13 22:18 60416 c:\windows\ie8\hmmapi.dll
+ 2009-04-29 20:25 . 2008-04-14 09:41 35328 c:\windows\ie8\corpol.dll
+ 2009-04-29 20:25 . 2007-08-13 22:39 71680 c:\windows\ie8\admparse.dll
+ 2009-05-29 19:49 . 2009-05-29 19:56 16608 c:\windows\gdrv.sys
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 16384 c:\windows\assembly\GAC_MSIL\PCKGHLP.Foundation.Private\2.0.3309.28643__90ba9c70f846762e\PCKGHLP.Foundation.Private.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 19968 c:\windows\assembly\GAC_MSIL\PCKGHLP.Foundation.Implementation\2.0.3404.40491__90ba9c70f846762e\PCKGHLP.Foundation.Implementation.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 28672 c:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 49152 c:\windows\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e\MOM.EXE
- 2009-01-30 20:10 . 2009-01-30 20:10 49152 c:\windows\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e\MOM.EXE
+ 2009-07-12 07:37 . 2009-07-12 07:37 16384 c:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 86016 c:\windows\assembly\GAC_MSIL\LOG\2.0.3404.40476__90ba9c70f846762e\LOG.EXE
+ 2009-07-12 07:37 . 2009-07-12 07:37 32768 c:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 32768 c:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 61440 c:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3404.40476__90ba9c70f846762e\LOG.Foundation.Implementation.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 16384 c:\windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 16384 c:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.DLL
- 2009-01-30 20:10 . 2009-01-30 20:10 16384 c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 16384 c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.DLL
- 2009-01-30 20:10 . 2009-01-30 20:10 20480 c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.DLL
- 2009-01-30 20:10 . 2009-01-30 20:10 16384 c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 16384 c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.DLL
- 2009-01-30 20:10 . 2009-01-30 20:10 45056 c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 45056 c:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 16384 c:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.DLL
- 2009-01-30 20:10 . 2009-01-30 20:10 16384 c:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.DLL
- 2009-01-30 20:10 . 2009-01-30 20:10 49152 c:\windows\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e\CLI.EXE
+ 2009-07-12 07:37 . 2009-07-12 07:37 49152 c:\windows\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e\CLI.EXE
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\CLI.Implementation\2.0.3404.40392__90ba9c70f846762e\CLI.Implementation.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 73728 c:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 28672 c:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 40960 c:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 24576 c:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 57344 c:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3404.40396__90ba9c70f846762e\CLI.Component.SkinFactory.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 81920 c:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3404.40395__90ba9c70f846762e\CLI.Component.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 16384 c:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 45056 c:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\CLI.Component.Load\2.0.3404.40476__90ba9c70f846762e\CLI.Component.Load.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\CLI.Component.Icomponent\2.0.3404.40414__90ba9c70f846762e\CLI.Component.Icomponent.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\CLI.Component.Help\2.0.3404.40475__90ba9c70f846762e\CLI.Component.Help.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 61440 c:\windows\assembly\GAC_MSIL\CLI.Component.Erecord\2.0.3404.40424__90ba9c70f846762e\CLI.Component.Erecord.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 65536 c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.ProfileManager.Resources\2.0.3404.40428__90ba9c70f846762e\CLI.Component.Dashboard.ProfileManager.Resources.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 65536 c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.HotKeyManager.Resources\2.0.3404.40428__90ba9c70f846762e\CLI.Component.Dashboard.HotKeyManager.Resources.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 40960 c:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 24576 c:\windows\assembly\GAC_MSIL\CLI.Component.AutoRemoval\2.0.3404.40464__90ba9c70f846762e\CLI.Component.Autoremoval.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 11776 c:\windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3404.40497__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 40960 c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3404.40409__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 16384 c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 61440 c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 73728 c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3404.40404__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 16384 c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 32768 c:\windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Runtime\2.0.3404.40499__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3404.40413__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 32768 c:\windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime\2.0.3404.40446__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 40960 c:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Runtime\2.0.3404.40422__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 94208 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3404.40453__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 53248 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 61440 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3404.40452__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3309.28647__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 19456 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3404.40494__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 45056 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3404.40481__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 49152 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.3404.40486__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 49152 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3404.40447__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 61440 c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3309.28647__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 77824 c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3404.40495__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3309.28633__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 69632 c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.3404.40424__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.OverDrive2.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive2.Graphics.Runtime\2.0.3404.40423__90ba9c70f846762e\CLI.Aspect.OverDrive2.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Shared\2.0.3309.28642__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 40960 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Runtime\2.0.3404.40498__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Shared\2.0.3309.28643__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 45056 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Runtime\2.0.3404.40478__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 45056 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Runtime\2.0.3404.40442__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Shared\2.0.3309.28633__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 40960 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Runtime\2.0.3404.40438__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 32768 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Runtime\2.0.3404.40502__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 53248 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 81920 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3404.40437__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 10240 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Shared\2.0.3404.40501__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 32768 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Runtime\2.0.3404.40501__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime\2.0.3404.40423__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3404.40404__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 10240 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Shared\2.0.3404.40497__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 36864 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Runtime\2.0.3404.40497__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 69632 c:\windows\assembly\GAC_MSIL\CLI.Aspect.FramelockGenlock.Graphics.Shared\2.0.3309.28633__90ba9c70f846762e\CLI.Aspect.FramelockGenlock.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 94208 c:\windows\assembly\GAC_MSIL\CLI.Aspect.FramelockGenlock.Graphics.Runtime\2.0.3404.40506__90ba9c70f846762e\CLI.Aspect.FramelockGenlock.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 36864 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3404.40445__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 40960 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3404.40418__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 65536 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 77824 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3404.40464__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 32768 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 36864 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3404.40436__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 32768 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3404.40447__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 49152 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 65536 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3404.40436__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 40960 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 69632 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3404.40448__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 53248 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 40960 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3404.40437__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 12800 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Shared\2.0.3404.40500__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 36864 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Runtime\2.0.3404.40500__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 98304 c:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard\2.0.3404.40429__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 28672 c:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 24576 c:\windows\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Shared\2.0.3309.28642__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 36864 c:\windows\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Runtime\2.0.3404.40505__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 86016 c:\windows\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Dashboard\2.0.3404.40505__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Shared\2.0.3309.28646__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 12288 c:\windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Runtime\2.0.3404.40490__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 90112 c:\windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Dashboard\2.0.3404.40490__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Dashboard.DLL
- 2009-01-30 20:10 . 2009-01-30 20:10 49152 c:\windows\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e\CCC.EXE
+ 2009-07-12 07:37 . 2009-07-12 07:37 49152 c:\windows\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e\CCC.EXE
+ 2009-07-12 07:37 . 2009-07-12 07:37 28672 c:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3404.40477__90ba9c70f846762e\CCC.Implementation.DLL
- 2009-01-30 20:10 . 2009-01-30 20:10 14848 c:\windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 14848 c:\windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 45056 c:\windows\assembly\GAC_MSIL\AxInterop.SHDocVw\1.1.0.0__90ba9c70f846762e\AxInterop.SHDocVw.DLL
- 2009-01-30 20:10 . 2009-01-30 20:10 45056 c:\windows\assembly\GAC_MSIL\AxInterop.SHDocVw\1.1.0.0__90ba9c70f846762e\AxInterop.SHDocVw.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 81920 c:\windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3404.40395__90ba9c70f846762e\ATIDEMOS.DLL
- 2009-01-30 20:10 . 2009-01-30 20:10 32768 c:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 32768 c:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 61440 c:\windows\assembly\GAC_MSIL\APM.Server\2.0.3404.40394__90ba9c70f846762e\APM.Server.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 61440 c:\windows\assembly\GAC_MSIL\AEM.UI\2.0.3404.40477__90ba9c70f846762e\AEM.UI.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\AEM.UI.Shared\2.0.3309.28642__90ba9c70f846762e\AEM.UI.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 45056 c:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3404.40393__90ba9c70f846762e\AEM.Server.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 16384 c:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 16384 c:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 45056 c:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3404.40490__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 16384 c:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.GD.Shared\2.0.3309.28646__90ba9c70f846762e\AEM.Plugin.Source.GD.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 16384 c:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.EEU.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.Source.EEU.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 16384 c:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 16384 c:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 16384 c:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 16384 c:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 20480 c:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 24576 c:\windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.DLL
- 2009-01-30 20:10 . 2009-01-30 20:10 24576 c:\windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 13312 c:\windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.DLL
- 2009-01-30 20:10 . 2009-01-30 20:10 13312 c:\windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 49152 c:\windows\assembly\GAC\Interop.NewIWshRuntimeLibrary\1.0.0.0__90ba9c70f846762e\Interop.NewIWshRuntimeLibrary.DLL
- 2009-01-30 20:10 . 2009-01-30 20:10 49152 c:\windows\assembly\GAC\Interop.NewIWshRuntimeLibrary\1.0.0.0__90ba9c70f846762e\Interop.NewIWshRuntimeLibrary.DLL
+ 2009-07-15 02:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973346\update\spcustom.dll
+ 2009-07-15 02:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973346\spmsg.dll
+ 2009-08-02 08:22 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB972636-IE8\update\spcustom.dll
+ 2009-08-02 08:22 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB972636-IE8\spmsg.dll
+ 2009-07-29 03:05 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB972260-IE8\update\spcustom.dll
+ 2009-07-29 03:05 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB972260-IE8\spmsg.dll
+ 2009-07-29 01:44 . 2009-07-03 17:06 12800 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\xpshims.dll
+ 2009-07-29 01:44 . 2009-07-03 17:06 55296 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\msfeedsbs.dll
+ 2009-07-29 01:44 . 2009-07-03 17:06 25600 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\jsproxy.dll
+ 2009-07-15 02:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971633\update\spcustom.dll
+ 2009-07-15 02:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971633\spmsg.dll
+ 2009-06-04 05:12 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB971180-IE8\update\spcustom.dll
+ 2009-06-04 05:12 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB971180-IE8\spmsg.dll
+ 2009-06-11 07:01 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB970238\update\spcustom.dll
+ 2009-06-11 07:01 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB970238\spmsg.dll
+ 2009-06-11 07:04 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969898\update\spcustom.dll
+ 2009-06-11 07:04 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969898\spmsg.dll
+ 2009-06-11 07:06 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969897-IE8\update\spcustom.dll
+ 2009-06-11 07:06 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969897-IE8\spmsg.dll
+ 2009-06-11 02:12 . 2009-04-30 21:22 12800 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\xpshims.dll
+ 2009-06-11 02:12 . 2009-04-30 21:22 25600 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\jsproxy.dll
+ 2009-06-11 07:01 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB968537\update\spcustom.dll
+ 2009-06-11 07:01 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB968537\spmsg.dll
+ 2009-04-29 20:26 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB968220-IE8\update\spcustom.dll
+ 2009-04-29 20:26 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB968220-IE8\spmsg.dll
+ 2009-06-11 07:04 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB961501\update\spcustom.dll
+ 2009-06-11 07:04 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB961501\spmsg.dll
+ 2009-07-15 01:59 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB961371\update\spcustom.dll
+ 2009-07-15 01:59 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB961371\spmsg.dll
+ 2009-06-16 14:43 . 2009-06-16 14:43 81920 c:\windows\$hf_mig$\KB961371\SP3QFE\fontsub.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 4096 c:\windows\system32\wmvdmoe2.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 4096 c:\windows\system32\wmvdmod.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 4096 c:\windows\system32\WMVADVE.DLL
+ 2007-04-03 02:25 . 2006-10-19 01:47 4096 c:\windows\system32\WMVADVD.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 4096 c:\windows\system32\wmsdmoe2.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 4096 c:\windows\system32\wmsdmod.dll
+ 2007-04-03 02:26 . 2006-10-19 01:58 8704 c:\windows\system32\wdfmgr.exe
+ 2007-04-03 02:26 . 2006-10-19 01:47 4096 c:\windows\system32\wdfapi.dll
+ 2007-04-03 02:26 . 2006-10-19 01:58 8704 c:\windows\system32\uwdf.exe
+ 2008-05-27 02:19 . 2008-05-27 02:19 2048 c:\windows\system32\UncRes.dll
+ 2006-09-24 13:28 . 2006-09-24 13:28 5248 c:\windows\system32\speedfan.sys
+ 2003-06-20 12:00 . 2006-10-19 01:47 4096 c:\windows\system32\MPG4DMOD.dll
+ 2008-04-14 09:41 . 2006-10-19 01:47 4096 c:\windows\system32\MP4SDMOD.dll
+ 2008-04-14 09:41 . 2006-10-19 01:47 4096 c:\windows\system32\MP43DMOD.dll
+ 1996-04-03 19:33 . 1996-04-03 19:33 5248 c:\windows\system32\giveio.sys
+ 2007-02-02 07:00 . 2007-02-02 07:00 9464 c:\windows\system32\drivers\cdralw2k.sys
+ 2007-02-02 07:00 . 2007-02-02 07:00 9336 c:\windows\system32\drivers\cdr4_xp.sys
+ 2009-04-21 16:43 . 2006-10-19 01:47 4096 c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 4096 c:\windows\system32\dllcache\wmvdmod.dll
+ 2009-04-21 16:43 . 2006-10-19 01:47 4096 c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 4096 c:\windows\system32\dllcache\wmsdmod.dll
+ 2009-04-21 16:41 . 2006-10-19 01:47 4096 c:\windows\system32\dllcache\MPG4DMOD.dll
+ 2009-04-21 16:43 . 2006-10-19 01:47 4096 c:\windows\system32\dllcache\MP4SDMOD.dll
+ 2009-04-21 16:43 . 2006-10-19 01:47 4096 c:\windows\system32\dllcache\MP43DMOD.dll
+ 2009-04-21 16:41 . 2006-10-19 01:47 7168 c:\windows\system32\dllcache\asferror.dll
+ 2003-06-20 12:00 . 2006-10-19 01:47 7168 c:\windows\system32\asferror.dll
+ 2008-03-09 20:53 . 2009-07-14 07:21 8192 c:\windows\repair\RegBack\UsrClass.dat
- 2008-03-09 20:53 . 2008-03-09 20:55 8192 c:\windows\repair\RegBack\UsrClass.dat
+ 2009-07-12 07:37 . 2009-07-12 07:37 9158 c:\windows\Installer\{E9C6DC23-56C9-2B27-5FEC-4EEDD107D2D6}\NewShortcut11_EAB9635D261D49BE88DDE71A7C809B2D.exe
- 2008-08-02 14:41 . 2009-04-17 05:41 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-08-02 14:41 . 2009-08-12 05:33 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-08-02 04:11 . 2009-08-02 04:11 2238 c:\windows\Installer\{8CE71429-DB97-4069-9718-6B7F4BED8BDF}\controlPanelIcon.exe
+ 2009-04-29 02:23 . 2009-04-29 02:23 9158 c:\windows\Installer\{4324BC93-C82F-ED16-BA86-5E34B9E05303}\NewShortcut11_EAB9635D261D49BE88DDE71A7C809B2D.exe
+ 2009-04-29 20:26 . 2009-03-08 08:35 2048 c:\windows\ie8updates\KB968220-IE8\iecompat.dll
+ 2009-07-12 07:37 . 2009-07-12 07:37 7168 c:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3404.40393__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 7680 c:\windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3404.40500__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 8704 c:\windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3404.40496__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 7680 c:\windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3404.40496__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 9728 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Shared\2.0.3404.40502__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 7168 c:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.DLL
+ 2007-04-04 03:44 . 1997-04-09 00:08 299520 c:\windows\uninst.exe
- 2007-04-04 03:44 . 1997-04-09 03:08 299520 c:\windows\uninst.exe
+ 2008-04-14 09:42 . 2009-01-07 22:21 121856 c:\windows\system32\xmllite.dll
- 2008-04-14 09:42 . 2008-04-14 09:42 121856 c:\windows\system32\xmllite.dll
+ 2008-05-30 18:41 . 2008-05-30 18:41 223760 c:\windows\system32\WSSCredentialProvider.dll
+ 2007-04-03 02:26 . 2006-10-19 01:47 356352 c:\windows\system32\wpdsp.dll
+ 2007-04-03 02:26 . 2006-10-19 01:47 154624 c:\windows\system32\wpdmtp.dll
+ 2007-04-03 02:26 . 2006-10-19 01:47 629760 c:\windows\system32\wpd_ci.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 603648 c:\windows\system32\WMSPDMOD.dll
+ 2008-04-14 09:42 . 2006-10-19 01:47 242688 c:\windows\system32\wmpasf.dll
+ 2007-04-03 02:25 . 2008-06-18 09:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 157184 c:\windows\system32\wmidx.dll
+ 2008-04-14 02:53 . 2006-10-19 01:47 227328 c:\windows\system32\wmerror.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 348672 c:\windows\system32\wmdrmnet.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 429056 c:\windows\system32\wmdrmdev.dll
+ 2007-04-03 02:25 . 2007-10-27 21:40 222720 c:\windows\system32\wmasf.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 757248 c:\windows\system32\WMADMOD.dll
+ 2006-10-17 19:05 . 2009-03-08 08:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2003-06-20 12:00 . 2009-03-08 08:34 236544 c:\windows\system32\webcheck.dll
+ 2003-06-20 12:00 . 2009-03-08 08:33 420352 c:\windows\system32\vbscript.dll
+ 2009-06-21 16:50 . 1998-04-24 04:00 368912 c:\windows\system32\vbar332.dll
- 2003-06-20 12:00 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
+ 2003-06-20 12:00 . 2009-03-08 08:34 105984 c:\windows\system32\url.dll
+ 2008-05-27 02:19 . 2008-05-27 02:19 131072 c:\windows\system32\UncPH.dll
+ 2008-05-27 02:19 . 2008-05-27 02:19 108032 c:\windows\system32\UncNE.dll
+ 2008-05-27 02:19 . 2008-05-27 02:19 143872 c:\windows\system32\UncDMS.dll
+ 2009-07-11 07:55 . 2006-03-17 18:49 368640 c:\windows\system32\TwnLib4.dll
+ 2009-07-11 07:55 . 2000-06-26 14:45 106496 c:\windows\system32\TwnLib20.dll
+ 2008-05-27 01:59 . 2008-05-27 01:59 106605 c:\windows\system32\structuredqueryschema.bin
+ 2008-05-27 02:17 . 2008-05-27 02:17 301568 c:\windows\system32\srchadmin.dll
+ 2009-06-11 07:05 . 2007-04-09 17:24 758664 c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2008-05-27 02:18 . 2008-05-27 02:18 184832 c:\windows\system32\searchprotocolhost.exe
+ 2008-05-27 02:18 . 2008-05-27 02:18 439808 c:\windows\system32\searchindexer.exe
+ 2003-06-20 12:00 . 2009-04-15 14:51 585216 c:\windows\system32\rpcrt4.dll
+ 2009-07-11 07:04 . 2009-07-11 07:05 566392 c:\windows\system32\Restore\rstrlog.dat
+ 2009-07-19 18:44 . 2004-06-03 17:40 294400 c:\windows\system32\ReinstallBackups\0007\DriverFiles\idecoi.dll
+ 2009-07-12 07:46 . 2009-04-28 04:31 155648 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\Oemdspif.dll
+ 2009-07-12 07:46 . 2009-01-14 04:05 887724 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\ativva6x.dat
+ 2009-07-12 07:46 . 2009-04-28 04:32 204800 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\atipdlxx.dll
+ 2009-07-12 07:46 . 2009-04-28 04:32 290816 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\atiok3x2.dll
+ 2009-07-12 07:46 . 2009-04-28 03:51 475136 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\atikvmag.dll
+ 2009-07-12 07:46 . 2009-04-28 03:58 307200 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\atiiiexx.dll
+ 2009-07-12 07:46 . 2009-04-23 21:29 189051 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\atiicdxx.dat
+ 2009-07-12 07:46 . 2009-04-28 04:41 442368 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\ATIDEMGX.dll
+ 2009-07-12 07:46 . 2008-10-21 18:51 118784 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\atibrtmon.exe
+ 2009-07-12 07:46 . 2009-04-28 03:50 126976 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\atiadlxx.dll
+ 2009-07-12 07:46 . 2009-04-28 04:30 602112 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\ati2evxx.exe
+ 2009-07-12 07:46 . 2009-04-28 04:31 155648 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\ati2evxx.dll
+ 2009-07-12 07:46 . 2009-04-28 04:40 325120 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\ati2dvag.dll
+ 2009-07-12 07:46 . 2009-04-28 03:44 626688 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\ati2cqag.dll
+ 2009-04-29 02:22 . 2009-02-25 21:29 155648 c:\windows\system32\ReinstallBackups\0001\DriverFiles\Oemdspif.dll
+ 2009-04-29 02:22 . 2009-01-14 04:05 887724 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativva6x.dat
+ 2009-04-29 02:22 . 2009-01-14 04:36 196608 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atipdlxx.dll
+ 2009-04-29 02:22 . 2009-01-14 04:53 286720 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiok3x2.dll
+ 2009-04-29 02:22 . 2009-01-14 03:45 401408 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atikvmag.dll
+ 2009-04-29 02:22 . 2009-02-25 21:09 307200 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiiiexx.dll
+ 2009-04-29 02:22 . 2009-01-26 17:55 182995 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiicdxx.dat
+ 2009-04-29 02:22 . 2009-01-14 04:49 425984 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ATIDEMGX.dll
+ 2009-04-29 02:22 . 2008-10-21 18:51 118784 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atibrtmon.exe
+ 2009-04-29 02:22 . 2009-01-14 03:44 110592 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atiadlxx.dll
+ 2009-04-29 02:22 . 2009-01-14 04:34 598016 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2evxx.exe
+ 2009-04-29 02:22 . 2009-01-14 04:35 155648 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2evxx.dll
+ 2009-04-29 02:22 . 2009-01-14 04:47 323584 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2dvag.dll
+ 2009-04-29 02:22 . 2009-01-14 03:37 577536 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2cqag.dll
+ 2009-04-29 02:21 . 2009-01-14 04:36 151552 c:\windows\system32\ReinstallBackups\0000\DriverFiles\Oemdspif.dll
+ 2009-04-29 02:21 . 2009-01-14 04:05 887724 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ativva6x.dat
+ 2009-04-29 02:21 . 2009-01-14 04:36 196608 c:\windows\system32\ReinstallBackups\0000\DriverFiles\atipdlxx.dll
+ 2009-04-29 02:21 . 2009-01-14 04:53 286720 c:\windows\system32\ReinstallBackups\0000\DriverFiles\atiok3x2.dll
+ 2009-04-29 02:21 . 2009-01-14 03:45 401408 c:\windows\system32\ReinstallBackups\0000\DriverFiles\atikvmag.dll
+ 2009-04-29 02:21 . 2009-01-14 03:37 307200 c:\windows\system32\ReinstallBackups\0000\DriverFiles\atiiiexx.dll
+ 2009-04-29 02:21 . 2008-10-29 22:13 180720 c:\windows\system32\ReinstallBackups\0000\DriverFiles\atiicdxx.dat
+ 2009-04-29 02:21 . 2009-01-14 04:49 425984 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ATIDEMGX.dll
+ 2009-04-29 02:21 . 2008-10-21 18:51 118784 c:\windows\system32\ReinstallBackups\0000\DriverFiles\atibrtmon.exe
+ 2009-04-29 02:21 . 2009-01-14 03:44 110592 c:\windows\system32\ReinstallBackups\0000\DriverFiles\atiadlxx.dll
+ 2009-04-29 02:21 . 2009-01-14 04:34 598016 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2evxx.exe
+ 2009-04-29 02:21 . 2009-01-14 04:35 155648 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2evxx.dll
+ 2009-04-29 02:21 . 2009-01-14 04:47 323584 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2dvag.dll
+ 2009-04-29 02:21 . 2009-01-14 03:37 577536 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2cqag.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 211456 c:\windows\system32\qasf.dll
+ 2007-07-05 21:55 . 2007-07-05 21:55 158192 c:\windows\system32\pxwma.dll
+ 2007-07-05 21:55 . 2007-07-05 21:55 379376 c:\windows\system32\PxWave.dll
+ 2007-07-05 21:55 . 2007-07-05 21:55 186864 c:\windows\system32\PxMas.dll
+ 2008-02-13 21:16 . 2008-02-13 21:16 121328 c:\windows\system32\pxinsi64.exe
+ 2007-06-07 05:02 . 2007-06-07 05:02 535288 c:\windows\system32\pxdrv.dll
+ 2008-02-13 21:17 . 2008-02-13 21:17 120304 c:\windows\system32\pxcpyi64.exe
+ 2007-07-05 21:55 . 2007-07-05 21:55 567792 c:\windows\system32\Px.dll
+ 2008-05-27 02:17 . 2008-05-27 02:17 754176 c:\windows\system32\propsys.dll
+ 2006-02-28 12:00 . 2009-08-05 02:23 462168 c:\windows\system32\perfh009.dat
+ 2008-05-27 02:19 . 2008-05-27 02:19 273408 c:\windows\system32\oeph.dll
+ 2003-06-20 12:00 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
+ 2007-04-03 01:56 . 2004-10-29 19:25 176128 c:\windows\system32\nvusmb.exe
+ 2007-04-03 01:56 . 2004-10-29 19:25 176128 c:\windows\system32\NVUNINST.EXE
- 2007-04-03 01:56 . 2004-06-18 21:57 172032 c:\windows\system32\nvuide.exe
+ 2007-04-03 01:56 . 2004-06-18 06:57 172032 c:\windows\system32\nvuide.exe
+ 2007-04-03 01:56 . 2004-10-29 19:25 176128 c:\windows\system32\nvugart.exe
- 2007-04-04 04:18 . 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
+ 2007-04-04 04:18 . 2001-07-09 14:50 155648 c:\windows\system32\NeroCheck.exe
+ 2007-04-03 02:25 . 2006-10-19 01:47 321536 c:\windows\system32\mswmdm.dll
+ 2003-06-20 12:00 . 2009-03-08 08:32 611840 c:\windows\system32\mstime.dll
+ 2008-05-27 02:18 . 2008-05-27 02:18 203776 c:\windows\system32\mssphtb.dll
+ 2008-05-27 02:18 . 2009-05-25 04:24 350208 c:\windows\system32\mssph.dll
+ 2008-05-27 02:18 . 2008-05-27 02:18 231936 c:\windows\system32\msshsq.dll
+ 2007-04-03 02:25 . 2006-12-04 20:21 414720 c:\windows\system32\msscp.dll
+ 2003-06-20 12:00 . 2009-03-08 08:34 193536 c:\windows\system32\msrating.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 175616 c:\windows\system32\mspmsp.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 179712 c:\windows\system32\msnetobj.dll
- 2003-06-20 12:00 . 2007-08-13 22:54 156160 c:\windows\system32\msls31.dll
+ 2003-06-20 12:00 . 2009-03-08 08:22 156160 c:\windows\system32\msls31.dll
+ 2006-11-08 04:03 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 265720 c:\windows\system32\msdbg2.dll
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2007-04-03 02:25 . 2008-06-18 05:09 100864 c:\windows\system32\logagent.exe
+ 2003-06-20 12:00 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
+ 2003-06-20 12:00 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2009-07-11 07:55 . 2006-03-17 15:45 802816 c:\windows\system32\imagXRA7.dll
+ 2009-07-11 07:55 . 2006-03-17 15:45 258048 c:\windows\system32\imagXR7.dll
+ 2009-07-11 07:55 . 2006-03-17 15:45 497296 c:\windows\system32\imagXpr7.dll
+ 2006-11-08 04:03 . 2009-03-08 08:22 164352 c:\windows\system32\ieui.dll
+ 2003-06-20 12:00 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2003-06-20 12:00 . 2009-07-03 17:09 386048 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 18:27 . 2009-03-08 08:11 445952 c:\windows\system32\ieapfltr.dll
+ 2003-06-20 12:00 . 2009-03-08 08:32 163840 c:\windows\system32\ieakui.dll
+ 2003-06-20 12:00 . 2009-03-08 08:33 229376 c:\windows\system32\ieaksie.dll
+ 2003-06-20 12:00 . 2009-03-08 08:33 125952 c:\windows\system32\ieakeng.dll
+ 2003-06-20 12:00 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
- 2007-04-02 18:32 . 2009-04-21 22:33 160344 c:\windows\system32\FNTCACHE.DAT
+ 2007-04-02 18:32 . 2009-06-11 11:25 160344 c:\windows\system32\FNTCACHE.DAT
+ 2009-06-21 16:50 . 2007-06-05 14:19 516096 c:\windows\system32\ExTab.dll
+ 2009-06-21 16:50 . 2007-04-03 20:51 307200 c:\windows\system32\ExPMenu.dll
+ 2009-06-21 16:50 . 2007-06-05 14:20 602112 c:\windows\system32\ExMenu.dll
+ 2009-06-21 16:50 . 2007-04-03 20:51 614400 c:\windows\system32\ExButton.dll
+ 2009-06-21 16:50 . 2005-10-04 12:11 118784 c:\windows\system32\eWebControl.dll
+ 2009-06-21 16:50 . 2005-10-11 18:40 356352 c:\windows\system32\eSellerateEngine.dll
+ 2003-06-20 12:00 . 2009-03-08 08:31 216064 c:\windows\system32\dxtrans.dll
+ 2003-06-20 12:00 . 2009-03-08 08:31 348160 c:\windows\system32\dxtmsft.dll
- 2009-04-21 23:04 . 2007-11-28 02:56 116416 c:\windows\system32\DRVSTORE\msfwhlpr_0D06EB3A0072EC31805FD097692DFF987F98BDA6\msfwhlpr.sys
+ 2009-08-05 02:34 . 2007-11-28 02:56 116416 c:\windows\system32\DRVSTORE\msfwhlpr_0D06EB3A0072EC31805FD097692DFF987F98BDA6\msfwhlpr.sys
+ 2007-04-03 02:25 . 2006-10-19 01:47 991744 c:\windows\system32\drmv2clt.dll
- 2009-04-21 23:04 . 2007-11-28 02:56 116416 c:\windows\system32\drivers\msfwhlpr.sys
+ 2009-08-05 02:34 . 2007-11-28 02:56 116416 c:\windows\system32\drivers\msfwhlpr.sys
+ 2009-04-21 16:43 . 2006-10-19 01:47 603648 c:\windows\system32\dllcache\WMSPDMOD.dll
+ 2009-04-21 16:43 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-04-21 16:43 . 2006-10-19 01:47 242688 c:\windows\system32\dllcache\wmpasf.dll
+ 2007-04-03 02:25 . 2008-06-18 09:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2009-04-21 16:43 . 2006-10-19 01:47 157184 c:\windows\system32\dllcache\wmidx.dll
+ 2009-04-21 16:43 . 2006-10-19 01:47 227328 c:\windows\system32\dllcache\wmerror.dll
+ 2007-04-03 02:25 . 2007-10-27 21:40 222720 c:\windows\system32\dllcache\wmasf.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 757248 c:\windows\system32\dllcache\WMADMOD.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2007-08-13 22:54 . 2009-07-03 17:09 915456 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-13 22:54 . 2009-03-08 08:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 22:54 . 2009-03-08 08:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2009-04-21 22:19 . 2009-03-08 08:33 420352 c:\windows\system32\dllcache\vbscript.dll
- 2007-08-13 22:44 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-13 22:44 . 2009-03-08 08:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-04-21 16:41 . 2007-06-27 02:10 317440 c:\windows\system32\dllcache\unregmp2.exe
+ 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-04-21 03:42 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 211456 c:\windows\system32\dllcache\qasf.dll
+ 2007-08-13 22:44 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 321536 c:\windows\system32\dllcache\mswmdm.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2007-08-13 22:54 . 2009-03-08 08:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-04-03 02:25 . 2006-12-04 20:21 414720 c:\windows\system32\dllcache\msscp.dll
+ 2007-08-13 22:44 . 2009-03-08 08:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 175616 c:\windows\system32\dllcache\mspmsp.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 179712 c:\windows\system32\dllcache\msnetobj.dll
+ 2003-06-20 12:00 . 2009-03-08 08:22 156160 c:\windows\system32\dllcache\msls31.dll
- 2003-06-20 12:00 . 2007-08-13 22:54 156160 c:\windows\system32\dllcache\msls31.dll
+ 2009-04-21 03:29 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-04-21 16:43 . 2006-10-19 01:47 243712 c:\windows\system32\dllcache\mpvis.dll
+ 2009-04-21 03:40 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2007-04-03 02:25 . 2008-06-18 05:09 100864 c:\windows\system32\dllcache\logagent.exe
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-04-21 22:19 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2007-08-13 22:43 . 2009-03-08 18:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2009-06-11 02:12 . 2009-07-03 17:09 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2007-08-13 22:54 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 22:39 . 2009-07-03 17:09 386048 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-04-29 20:26 . 2009-07-01 07:08 101376 c:\windows\system32\dllcache\iecompat.dll
+ 2009-04-21 03:29 . 2009-03-08 08:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2003-06-20 12:00 . 2009-03-08 08:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 22:39 . 2009-03-08 08:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 22:39 . 2009-03-08 08:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-13 22:39 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-13 22:35 . 2009-03-08 08:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-13 22:35 . 2009-03-08 08:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 991744 c:\windows\system32\dllcache\drmv2clt.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 229376 c:\windows\system32\dllcache\cewmdm.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 542720 c:\windows\system32\dllcache\blackbox.dll
+ 2007-03-02 20:29 . 2006-02-22 00:24 860480 c:\windows\system32\dllcache\ativvaxx.dll
+ 2007-03-02 20:53 . 2006-02-22 00:46 256512 c:\windows\system32\dllcache\ati2dvag.dll
+ 2007-03-02 20:11 . 2006-02-22 00:04 258048 c:\windows\system32\dllcache\ati2cqag.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 229376 c:\windows\system32\cewmdm.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 542720 c:\windows\system32\blackbox.dll
+ 2007-03-02 20:29 . 2006-02-22 00:24 860480 c:\windows\system32\ativvaxx.dll
+ 2007-03-02 20:47 . 2006-02-22 00:41 114688 c:\windows\system32\atipdlxx.dll
+ 2007-09-29 07:47 . 2009-04-28 04:32 290816 c:\windows\system32\atiok3x2.dll
+ 2007-03-02 20:17 . 2006-02-22 00:11 151552 c:\windows\system32\atikvmag.dll
+ 2007-03-02 20:57 . 2006-02-22 00:20 307200 c:\windows\system32\atiiiexx.dll
- 2007-03-02 20:57 . 2009-01-14 03:37 307200 c:\windows\system32\atiiiexx.dll
+ 2007-02-26 15:44 . 2006-02-13 17:29 121995 c:\windows\system32\atiicdxx.dat
+ 2007-03-02 20:54 . 2009-04-28 04:41 442368 c:\windows\system32\ATIDEMGX.dll
+ 2007-03-02 20:54 . 2009-04-28 04:41 442368 c:\windows\system32\ATIDEMGX(6).dll
+ 2007-03-02 20:54 . 2009-04-28 04:41 442368 c:\windows\system32\ATIDEMGX(5).dll
+ 2007-03-02 20:54 . 2009-04-28 04:41 442368 c:\windows\system32\ATIDEMGX(4).dll
+ 2007-03-02 20:54 . 2009-04-28 04:41 442368 c:\windows\system32\ATIDEMGX(3).dll
+ 2007-03-02 20:54 . 2009-04-28 04:41 442368 c:\windows\system32\ATIDEMGX(2).dll
+ 2005-02-22 23:18 . 2006-02-21 23:21 282624 c:\windows\system32\ATIDEMGR.dll
+ 2009-01-14 03:44 . 2009-04-28 03:50 126976 c:\windows\system32\atiadlxx.dll
+ 2009-01-14 03:44 . 2009-04-28 03:50 126976 c:\windows\system32\atiadlxx(6).dll
+ 2009-01-14 03:44 . 2009-04-28 03:50 126976 c:\windows\system32\atiadlxx(5).dll
+ 2009-01-14 03:44 . 2009-04-28 03:50 126976 c:\windows\system32\atiadlxx(4).dll
+ 2009-01-14 03:44 . 2009-04-28 03:50 126976 c:\windows\system32\atiadlxx(3).dll
+ 2009-01-14 03:44 . 2009-04-28 03:50 126976 c:\windows\system32\atiadlxx(2).dll
+ 2007-04-03 03:18 . 2009-04-28 01:20 593920 c:\windows\system32\ati2sgag.exe
- 2007-04-03 03:18 . 2009-01-14 02:05 593920 c:\windows\system32\ati2sgag.exe
+ 2007-03-02 20:46 . 2006-02-22 00:39 405504 c:\windows\system32\ati2evxx.exe
+ 2007-03-02 20:47 . 2009-04-28 04:31 155648 c:\windows\system32\ati2evxx(6).dll
+ 2007-03-02 20:47 . 2009-04-28 04:31 155648 c:\windows\system32\ati2evxx(5).dll
+ 2007-03-02 20:47 . 2009-04-28 04:31 155648 c:\windows\system32\ati2evxx(4).dll
+ 2007-03-02 20:47 . 2009-04-28 04:31 155648 c:\windows\system32\ati2evxx(3).dll
+ 2007-03-02 20:47 . 2009-04-28 04:31 155648 c:\windows\system32\ati2evxx(2).dll
+ 2007-03-02 20:53 . 2006-02-22 00:46 256512 c:\windows\system32\ati2dvag.dll
+ 2007-03-02 20:11 . 2006-02-22 00:04 258048 c:\windows\system32\ati2cqag.dll
+ 2003-06-20 12:00 . 2009-03-08 08:32 128512 c:\windows\system32\advpack.dll
+ 2009-04-21 16:43 . 2007-04-03 04:04 366080 c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2009-04-21 16:43 . 2007-04-03 04:04 863232 c:\windows\ServicePackFiles\i386\digopt.msi
+ 2006-10-24 07:01 . 2006-10-24 07:01 780800 c:\windows\Resources\Themes\Zune\Shell\NormalColor\shellstyle.dll
+ 2008-03-09 20:53 . 2009-07-14 07:21 229376 c:\windows\repair\RegBack\NTUSER.DAT
+ 2009-01-30 20:00 . 2009-01-30 20:00 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2009-04-17 20:28 . 2009-04-17 20:28 158720 c:\windows\Installer\f01551.msi
+ 2009-04-21 03:52 . 2009-04-21 03:52 972800 c:\windows\Installer\d1862.msi
+ 2007-04-04 22:27 . 2007-04-04 22:27 428544 c:\windows\Installer\cf9de.msi
+ 2007-08-21 22:00 . 2007-08-21 22:00 431104 c:\windows\Installer\b21e2.msi
+ 2008-12-13 14:58 . 2008-12-13 14:58 754688 c:\windows\Installer\b134af.msp
+ 2009-01-30 20:00 . 2009-01-30 20:00 648192 c:\windows\Installer\b13486.msi
+ 2008-07-30 02:23 . 2008-07-30 02:23 250880 c:\windows\Installer\b04223.msp
+ 2008-07-30 02:28 . 2008-07-30 02:28 278016 c:\windows\Installer\b04221.msp
+ 2008-07-30 00:40 . 2008-07-30 00:40 291840 c:\windows\Installer\b0421f.msp
+ 2009-01-30 19:59 . 2009-01-30 19:59 137728 c:\windows\Installer\b04219.msi
+ 2008-07-29 22:35 . 2008-07-29 22:35 553472 c:\windows\Installer\acc788.msp
+ 2008-07-29 22:33 . 2008-07-29 22:33 506368 c:\windows\Installer\acc786.msp
+ 2008-07-29 22:37 . 2008-07-29 22:37 911360 c:\windows\Installer\acc785.msp
+ 2009-04-17 07:06 . 2009-04-17 07:06 301056 c:\windows\Installer\a00d2.msi
+ 2008-05-17 16:12 . 2008-05-17 16:12 355328 c:\windows\Installer\9c2ad.msi
+ 2008-05-17 16:07 . 2008-05-17 16:07 886272 c:\windows\Installer\9c28c.msi
+ 2008-03-09 17:10 . 2008-03-09 17:10 259584 c:\windows\Installer\85e5a.msi
+ 2008-03-09 17:08 . 2008-03-09 17:08 331264 c:\windows\Installer\85e3c.msi
+ 2008-11-12 08:00 . 2008-11-12 08:00 432640 c:\windows\Installer\794754.msi
+ 2009-07-12 07:37 . 2009-07-12 07:37 207360 c:\windows\Installer\754f2f.msi
+ 2009-07-12 07:37 . 2009-07-12 07:37 248832 c:\windows\Installer\754f26.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 248832 c:\windows\Installer\754f1d.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 251392 c:\windows\Installer\754f14.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 251392 c:\windows\Installer\754f0b.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 251392 c:\windows\Installer\754f02.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 251392 c:\windows\Installer\754ef9.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 251392 c:\windows\Installer\754ef0.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 251392 c:\windows\Installer\754ee7.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 251392 c:\windows\Installer\754ede.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 251392 c:\windows\Installer\754ed5.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 248320 c:\windows\Installer\754ecc.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 248832 c:\windows\Installer\754ec3.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 248832 c:\windows\Installer\754eba.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 251392 c:\windows\Installer\754eb1.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 249344 c:\windows\Installer\754ea8.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 251392 c:\windows\Installer\754e9f.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 249344 c:\windows\Installer\754e96.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 252416 c:\windows\Installer\754e8d.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 251904 c:\windows\Installer\754e84.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 249344 c:\windows\Installer\754e7b.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 251904 c:\windows\Installer\754e72.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 251392 c:\windows\Installer\754e69.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 424448 c:\windows\Installer\754e60.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 224768 c:\windows\Installer\754e57.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 271872 c:\windows\Installer\754e4e.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 193024 c:\windows\Installer\754e45.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 274944 c:\windows\Installer\754e3c.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 300544 c:\windows\Installer\754e33.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 195072 c:\windows\Installer\754e2a.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 280064 c:\windows\Installer\754e21.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 321536 c:\windows\Installer\754e18.msi
+ 2009-07-12 07:36 . 2009-07-12 07:36 271360 c:\windows\Installer\754e0f.msi
+ 2009-08-02 04:11 . 2009-08-02 04:11 217088 c:\windows\Installer\6c3b68.msi
+ 2008-09-29 03:41 . 2008-09-29 03:41 474624 c:\windows\Installer\4f09608.msi
+ 2009-07-29 03:05 . 2009-07-29 03:05 248832 c:\windows\Installer\4c7229.msi
+ 2008-06-11 18:02 . 2008-06-11 18:02 830464 c:\windows\Installer\34e5728.msp
+ 2008-07-28 18:59 . 2008-07-28 18:59 180736 c:\windows\Installer\34e5712.msp
+ 2009-03-20 15:48 . 2009-03-20 15:48 183808 c:\windows\Installer\2cf77.msp
+ 2007-04-04 05:42 . 2007-04-04 05:42 390656 c:\windows\Installer\29b42b.msi
+ 2008-11-30 04:27 . 2008-11-30 04:27 683008 c:\windows\Installer\1d59625.msi
+ 2007-09-12 20:37 . 2007-09-12 20:37 344064 c:\windows\Installer\1d0b3f1.msp
+ 2009-08-05 02:34 . 2009-08-05 02:34 740352 c:\windows\Installer\1d07b.msi
+ 2009-08-05 02:34 . 2009-08-05 02:34 463360 c:\windows\Installer\1d069.msi
+ 2009-08-05 02:34 . 2009-08-05 02:34 526336 c:\windows\Installer\1d057.msi
+ 2009-08-05 02:34 . 2009-08-05 02:34 592384 c:\windows\Installer\1d04d.msi
+ 2008-10-06 22:23 . 2008-10-06 22:23 441856 c:\windows\Installer\1ccc0a9.msi
+ 2007-02-16 19:42 . 2007-02-16 19:42 223232 c:\windows\Installer\158b2a.msp
+ 2007-04-03 01:54 . 2007-04-03 01:54 264704 c:\windows\Installer\149eb.msi
- 2008-05-17 16:07 . 2008-12-11 05:59 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-05-17 16:07 . 2009-06-11 07:07 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-08-02 14:41 . 2009-08-12 05:33 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-08-02 14:41 . 2009-04-17 05:41 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-08-02 14:41 . 2009-08-12 05:33 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-08-02 14:41 . 2009-04-17 05:41 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-08-02 14:41 . 2009-08-12 05:33 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-08-02 14:41 . 2009-04-17 05:41 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-08-02 14:41 . 2009-04-17 05:41 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-08-02 14:41 . 2009-08-12 05:33 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-08-02 14:41 . 2009-08-12 05:33 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-08-02 14:41 . 2009-04-17 05:41 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-08-02 14:41 . 2009-08-12 05:33 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-08-02 14:41 . 2009-04-17 05:41 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2003-07-15 07:18 . 2003-07-15 07:18 141360 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2009-01-18 20:05 . 2009-01-18 20:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2006-10-27 00:49 . 2006-10-27 00:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12CVR.DLL
+ 2003-06-20 12:00 . 2007-06-27 02:10 317440 c:\windows\inf\unregmp2.exe
+ 2009-08-02 08:22 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB972636-IE8\spuninst\updspapi.dll
+ 2009-08-02 08:22 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB972636-IE8\spuninst\spuninst.exe
+ 2009-08-02 08:22 . 2009-05-12 05:11 102912 c:\windows\ie8updates\KB972636-IE8\iecompat.dll
+ 2009-07-29 03:05 . 2009-05-13 05:15 915456 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2009-07-29 03:05 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-07-29 03:05 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-07-29 03:05 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
+ 2009-07-29 03:05 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-07-29 03:05 . 2009-04-30 21:22 246272 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll
+ 2009-07-29 03:05 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-07-29 03:05 . 2009-04-30 21:22 385536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-07-29 03:05 . 2009-04-30 11:21 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2009-06-04 05:12 . 2007-11-30 12:39 382840 c:\windows\ie8updates\KB971180-IE8\spuninst\updspapi.dll
+ 2009-06-04 05:12 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB971180-IE8\spuninst\spuninst.exe
+ 2009-06-04 05:12 . 2009-02-28 04:55 105984 c:\windows\ie8updates\KB971180-IE8\iecompat.dll
+ 2009-06-11 07:06 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll
+ 2009-06-11 07:06 . 2008-07-09 07:38 382840 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll
+ 2009-06-11 07:06 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe
+ 2009-06-11 07:06 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll
+ 2009-06-11 07:06 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll
+ 2009-06-11 07:06 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe
+ 2009-04-29 20:26 . 2007-11-30 12:39 382840 c:\windows\ie8updates\KB968220-IE8\spuninst\updspapi.dll
+ 2009-04-29 20:26 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB968220-IE8\spuninst\spuninst.exe
+ 2009-04-29 20:25 . 2009-03-03 00:18 826368 c:\windows\ie8\wininet.dll
+ 2009-04-29 20:25 . 2007-08-13 22:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2009-04-29 20:25 . 2009-02-20 18:09 233472 c:\windows\ie8\webcheck.dll
+ 2009-04-29 20:25 . 2008-05-27 17:23 765952 c:\windows\ie8\vgx.dll
+ 2009-04-29 20:25 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2009-04-29 20:25 . 2009-02-20 18:09 105984 c:\windows\ie8\url.dll
+ 2009-04-29 20:26 . 2009-01-07 22:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-04-29 20:26 . 2009-01-07 22:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-04-29 20:25 . 2006-09-06 21:43 213216 c:\windows\ie8\spuninst.exe
+ 2009-04-29 20:25 . 2009-02-20 18:09 102912 c:\windows\ie8\occache.dll
+ 2009-04-29 20:25 . 2009-02-20 18:09 671232 c:\windows\ie8\mstime.dll
+ 2009-04-29 20:25 . 2009-02-20 18:09 193024 c:\windows\ie8\msrating.dll
+ 2009-04-29 20:25 . 2007-08-13 22:54 156160 c:\windows\ie8\msls31.dll
+ 2009-04-29 20:25 . 2009-02-20 18:09 477696 c:\windows\ie8\mshtmled.dll
+ 2009-04-29 20:25 . 2009-02-20 18:09 459264 c:\windows\ie8\msfeeds.dll
+ 2009-04-29 20:25 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
+ 2009-04-29 20:25 . 2009-02-28 04:54 636072 c:\windows\ie8\iexplore.exe
+ 2009-04-29 20:25 . 2007-08-13 22:54 180736 c:\windows\ie8\ieui.dll
+ 2009-04-29 20:25 . 2009-02-20 18:09 268288 c:\windows\ie8\iertutil.dll
+ 2009-04-29 20:25 . 2007-08-13 22:54 287744 c:\windows\ie8\ieproxy.dll
+ 2009-04-29 20:25 . 2007-08-13 22:54 191488 c:\windows\ie8\iepeers.dll
+ 2009-04-29 20:25 . 2009-02-20 18:09 385024 c:\windows\ie8\iedkcs32.dll
+ 2009-04-29 20:25 . 2009-02-20 18:09 383488 c:\windows\ie8\ieapfltr.dll
+ 2009-04-29 20:25 . 2009-02-20 05:14 161792 c:\windows\ie8\ieakui.dll
+ 2009-04-29 20:25 . 2009-02-20 18:09 230400 c:\windows\ie8\ieaksie.dll
+ 2009-04-29 20:25 . 2009-02-20 18:09 153088 c:\windows\ie8\ieakeng.dll
+ 2009-04-29 20:25 . 2009-02-20 18:09 214528 c:\windows\ie8\dxtrans.dll
+ 2009-04-29 20:25 . 2009-02-20 18:09 347136 c:\windows\ie8\dxtmsft.dll
+ 2009-04-29 20:25 . 2009-02-20 18:09 124928 c:\windows\ie8\advpack.dll
+ 2009-07-12 07:37 . 2009-07-12 07:37 503808 c:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3404.40507__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 106496 c:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3404.40477__90ba9c70f846762e\MOM.Implementation.DLL
- 2009-01-30 20:10 . 2009-01-30 20:10 131072 c:\windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__90ba9c70f846762e\Interop.SHDocVw.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 131072 c:\windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__90ba9c70f846762e\Interop.SHDocVw.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 405504 c:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3404.40409__90ba9c70f846762e\CLI.Component.Wizard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 544768 c:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3404.40472__90ba9c70f846762e\CLI.Component.Systemtray.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 122880 c:\windows\assembly\GAC_MSIL\CLI.Component.PowerXpressHybrid\2.0.3404.40503__90ba9c70f846762e\CLI.Component.PowerXpressHybrid.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 278528 c:\windows\assembly\GAC_MSIL\CLI.Component.Launchpad\2.0.3404.40494__90ba9c70f846762e\CLI.Component.Launchpad.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 188416 c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.ProfileManager\2.0.3404.40428__90ba9c70f846762e\CLI.Component.Dashboard.ProfileManager.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 200704 c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.HotKeyManager\2.0.3404.40428__90ba9c70f846762e\CLI.Component.Dashboard.HotKeyManager.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 290816 c:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3404.40397__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 110592 c:\windows\assembly\GAC_MSIL\CLI.Aspect.WorkstationConfig2.Graphics.Dashboard\2.0.3404.40499__90ba9c70f846762e\CLI.Aspect.WorkstationConfig2.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 139264 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3404.40483__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 106496 c:\windows\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3404.40414__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 167936 c:\windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard\2.0.3404.40446__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 491520 c:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3404.40482__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 286720 c:\windows\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Dashboard\2.0.3404.40422__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 364544 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3404.40452__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 172032 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3404.40494__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 147456 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3404.40482__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 147456 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.3404.40487__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 172032 c:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3404.40447__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 671744 c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3404.40495__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 479232 c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive2.Graphics.Dashboard\2.0.3404.40423__90ba9c70f846762e\CLI.Aspect.OverDrive2.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 151552 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Dashboard\2.0.3404.40499__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 196608 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU3.Graphics.Dashboard\2.0.3404.40478__90ba9c70f846762e\CLI.Aspect.MultiVPU3.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 192512 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Dashboard\2.0.3404.40442__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 192512 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Dashboard\2.0.3404.40438__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 286720 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Dashboard\2.0.3404.40502__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 405504 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3404.40460__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 811008 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3404.40438__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 258048 c:\windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Dashboard\2.0.3404.40501__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 245760 c:\windows\assembly\GAC_MSIL\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard\2.0.3404.40422__90ba9c70f846762e\CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 204800 c:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3404.40414__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 225280 c:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3404.40414__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 311296 c:\windows\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3404.40503__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 192512 c:\windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Dashboard\2.0.3404.40497__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 323584 c:\windows\assembly\GAC_MSIL\CLI.Aspect.FramelockGenlock.Graphics.Dashboard\2.0.3404.40506__90ba9c70f846762e\CLI.Aspect.FramelockGenlock.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 126976 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3404.40446__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 712704 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3404.40405__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 589824 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3404.40415__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 364544 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3404.40469__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 798720 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3404.40465__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 286720 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared\2.0.3404.40429__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 307200 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3404.40419__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 401408 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3404.40447__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 450560 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3404.40433__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 692224 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3404.40456__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 675840 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3404.40448__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 438272 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3404.40437__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 208896 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Dashboard\2.0.3404.40501__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 262144 c:\windows\assembly\GAC_MSIL\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard\1.2.2600.29179__90ba9c70f846762e\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard.DLL
- 2009-01-30 20:10 . 2009-01-30 20:10 262144 c:\windows\assembly\GAC_MSIL\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard\1.2.2600.29179__90ba9c70f846762e\CLI.AIB.TutorialInfoCentre.Tutorial.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 360448 c:\windows\assembly\GAC\Interop.MSForms\2.0.0.0__90ba9c70f846762e\Interop.MSForms.DLL
- 2009-01-30 20:10 . 2009-01-30 20:10 360448 c:\windows\assembly\GAC\Interop.MSForms\2.0.0.0__90ba9c70f846762e\Interop.MSForms.DLL
- 2009-01-30 20:10 . 2009-01-30 20:10 225280 c:\windows\assembly\GAC\Interop.MSComctlLib\2.0.0.0__90ba9c70f846762e\Interop.MSComctlLib.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 225280 c:\windows\assembly\GAC\Interop.MSComctlLib\2.0.0.0__90ba9c70f846762e\Interop.MSComctlLib.DLL
- 2009-01-30 20:10 . 2009-01-30 20:10 143360 c:\windows\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\ICSharpCode.SharpZipLib.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 143360 c:\windows\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\ICSharpCode.SharpZipLib.DLL
- 2009-01-30 20:10 . 2009-01-30 20:10 212992 c:\windows\assembly\GAC\AxInterop.MSForms\2.0.0.0__90ba9c70f846762e\AxInterop.MSForms.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 212992 c:\windows\assembly\GAC\AxInterop.MSForms\2.0.0.0__90ba9c70f846762e\AxInterop.MSForms.DLL
- 2009-01-30 20:10 . 2009-01-30 20:10 135168 c:\windows\assembly\GAC\AxInterop.MSComctlLib\2.0.0.0__90ba9c70f846762e\AxInterop.MSComctlLib.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 135168 c:\windows\assembly\GAC\AxInterop.MSComctlLib\2.0.0.0__90ba9c70f846762e\AxInterop.MSComctlLib.DLL
+ 2009-06-04 05:12 . 2008-05-27 02:18 261120 c:\windows\$NtUninstallKB940157$\spuninst\wss_SpCustom.dll
+ 2009-06-04 05:12 . 2007-09-27 14:46 379184 c:\windows\$NtUninstallKB940157$\spuninst\updspapi.dll
+ 2009-06-04 05:12 . 2007-09-27 14:46 221488 c:\windows\$NtUninstallKB940157$\spuninst\spuninst.exe
+ 2009-07-15 02:01 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB973346\update\updspapi.dll
+ 2009-07-15 02:01 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973346\update\update.exe
+ 2009-07-15 02:01 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973346\spuninst.exe
+ 2009-08-02 08:22 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB972636-IE8\update\updspapi.dll
+ 2009-08-02 08:22 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB972636-IE8\update\update.exe
+ 2009-08-02 08:22 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB972636-IE8\spuninst.exe
+ 2009-08-02 08:22 . 2009-07-01 06:33 101376 c:\windows\$hf_mig$\KB972636-IE8\SP3QFE\iecompat.dll
+ 2009-07-29 03:05 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB972260-IE8\update\updspapi.dll
+ 2009-07-29 03:05 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB972260-IE8\update\update.exe
+ 2009-07-29 03:05 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB972260-IE8\spuninst.exe
+ 2009-07-29 01:44 . 2009-07-03 17:06 915456 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
+ 2009-07-29 01:44 . 2009-07-03 17:06 206848 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\occache.dll
+ 2009-07-29 01:44 . 2009-07-03 17:06 594432 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\msfeeds.dll
+ 2009-07-29 01:44 . 2009-07-03 17:06 246272 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\ieproxy.dll
+ 2009-07-29 01:44 . 2009-07-03 17:06 184320 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\iepeers.dll
+ 2009-07-29 01:44 . 2009-07-03 17:06 386048 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\iedkcs32.dll
+ 2009-07-29 01:44 . 2009-07-03 11:38 173056 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\ie4uinit.exe
+ 2009-07-15 02:01 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB971633\update\updspapi.dll
+ 2009-07-15 02:01 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB971633\update\update.exe
+ 2009-07-15 02:01 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971633\spuninst.exe
+ 2009-06-04 05:12 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB971180-IE8\update\updspapi.dll
+ 2009-06-04 05:12 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB971180-IE8\update\update.exe
+ 2009-06-04 05:12 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB971180-IE8\spuninst.exe
+ 2009-06-04 05:11 . 2009-05-12 05:11 102912 c:\windows\$hf_mig$\KB971180-IE8\SP3QFE\iecompat.dll
+ 2009-06-11 07:01 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB970238\update\updspapi.dll
+ 2009-06-11 07:01 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB970238\update\update.exe
+ 2009-06-11 07:01 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB970238\spuninst.exe
+ 2009-04-15 15:24 . 2009-04-15 15:24 585216 c:\windows\$hf_mig$\KB970238\SP3QFE\rpcrt4.dll
+ 2009-06-11 07:04 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB969898\update\updspapi.dll
+ 2009-06-11 07:04 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB969898\update\update.exe
+ 2009-06-11 07:04 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB969898\spuninst.exe
+ 2009-06-11 07:06 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB969897-IE8\update\updspapi.dll
+ 2009-06-11 07:06 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB969897-IE8\update\update.exe
+ 2009-06-11 07:06 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB969897-IE8\spuninst.exe
+ 2009-06-11 02:12 . 2009-05-13 05:10 915456 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
+ 2009-06-11 02:12 . 2009-04-30 21:22 246272 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\ieproxy.dll
+ 2009-06-11 02:12 . 2009-04-30 21:22 385536 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\iedkcs32.dll
+ 2009-06-11 02:12 . 2009-04-30 10:47 173056 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\ie4uinit.exe
+ 2009-06-11 07:01 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB968537\update\updspapi.dll
+ 2009-06-11 07:01 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB968537\update\update.exe
+ 2009-06-11 07:01 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB968537\spuninst.exe
+ 2009-04-29 20:26 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB968220-IE8\update\updspapi.dll
+ 2009-04-29 20:26 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB968220-IE8\update\update.exe
+ 2009-04-29 20:26 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB968220-IE8\spuninst.exe
+ 2009-04-29 20:26 . 2009-02-28 04:55 105984 c:\windows\$hf_mig$\KB968220-IE8\SP3QFE\iecompat.dll
+ 2009-06-11 07:04 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB961501\update\updspapi.dll
+ 2009-06-11 07:04 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB961501\update\update.exe
+ 2009-06-11 07:04 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB961501\spuninst.exe
+ 2009-05-07 15:14 . 2009-05-07 15:14 346112 c:\windows\$hf_mig$\KB961501\SP3QFE\localspl.dll
+ 2009-07-15 01:59 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB961371\update\updspapi.dll
+ 2009-07-15 01:59 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB961371\update\update.exe
+ 2009-07-15 01:59 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB961371\spuninst.exe
+ 2009-06-16 14:43 . 2009-06-16 14:43 119808 c:\windows\$hf_mig$\KB961371\SP3QFE\t2embed.dll
+ 2007-04-03 02:25 . 2008-06-18 09:03 2458112 c:\windows\system32\WMVCore.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 1329152 c:\windows\system32\WMSPDMOE.dll
+ 2003-06-20 12:00 . 2006-10-19 01:47 8231936 c:\windows\system32\wmploc.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 1117696 c:\windows\system32\WMADMOE.dll
+ 2003-06-20 12:00 . 2009-04-17 12:26 1847168 c:\windows\system32\win32k.sys
+ 2003-06-20 12:00 . 2004-07-17 18:35 1326080 c:\windows\system32\webfldrs.msi
+ 2003-06-20 12:00 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2008-05-27 02:21 . 2008-05-27 02:21 1582592 c:\windows\system32\tquery.dll
+ 2009-07-12 07:46 . 2009-04-28 04:08 2670720 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\ativvaxx.dll
+ 2009-07-12 07:46 . 2007-09-29 07:36 3107788 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\ativva5x.dat
+ 2009-07-12 07:46 . 2009-04-28 01:56 3227648 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\aticaldd.dll
+ 2009-07-12 07:46 . 2009-04-28 04:21 3818272 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\ati3duag.dll
+ 2009-07-12 07:46 . 2009-04-28 06:13 3565568 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\ati2mtag.sys
+ 2009-04-29 02:22 . 2009-01-14 04:05 2500224 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativvaxx.dll
+ 2009-04-29 02:22 . 2007-09-29 07:36 3107788 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativvaxx.dat
+ 2009-04-29 02:22 . 2007-09-29 07:36 3107788 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ativva5x.dat
+ 2009-07-11 04:40 . 2009-04-28 01:56 3227648 c:\windows\system32\ReinstallBackups\0001\DriverFiles\aticaldd.dll
+ 2009-04-29 02:22 . 2009-01-14 04:22 4009152 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati3duag.dll
+ 2009-04-29 02:22 . 2009-02-25 22:58 3565568 c:\windows\system32\ReinstallBackups\0001\DriverFiles\ati2mtag.sys
+ 2009-04-29 02:21 . 2009-01-14 04:05 2500224 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ativvaxx.dll
+ 2009-04-29 02:21 . 2007-09-29 07:36 3107788 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ativvaxx.dat
+ 2009-04-29 02:21 . 2007-09-29 07:36 3107788 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ativva5x.dat
+ 2009-07-11 04:39 . 2009-02-25 20:30 3227648 c:\windows\system32\ReinstallBackups\0000\DriverFiles\aticaldd.dll
+ 2009-04-29 02:21 . 2009-01-14 04:22 4009152 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati3duag.dll
+ 2009-04-29 02:21 . 2009-01-14 07:14 3455488 c:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2mtag.sys
+ 2009-04-29 02:21 . 2009-01-14 02:34 3227648 c:\windows\system32\ReinstallBackups\0000\DriverFiles\Amdcaldd.dll
+ 2003-06-20 12:00 . 2009-06-03 19:09 1291264 c:\windows\system32\quartz.dll
+ 2007-07-05 21:55 . 2007-07-05 21:55 1649136 c:\windows\system32\PxSFS.DLL
+ 2008-05-27 02:21 . 2008-05-27 02:21 1418240 c:\windows\system32\mssrch.dll
+ 2003-06-20 12:00 . 2009-07-19 13:18 5937152 c:\windows\system32\mshtml.dll
+ 2009-07-11 07:55 . 2006-03-17 15:45 1757184 c:\windows\system32\imagX7.dll
+ 2006-10-17 18:57 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
+ 2006-09-06 06:01 . 2009-02-07 01:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2009-06-21 16:50 . 2007-06-08 17:53 1753088 c:\windows\system32\ExGrid.dll
+ 2007-03-02 20:53 . 2006-02-22 00:46 1505792 c:\windows\system32\drivers\ati2mtag.sys
+ 2007-04-03 02:25 . 2008-06-18 09:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-04-21 16:43 . 2006-10-19 01:47 1329152 c:\windows\system32\dllcache\WMSPDMOE.dll
+ 2009-04-21 16:41 . 2006-10-19 01:47 8231936 c:\windows\system32\dllcache\wmploc.dll
+ 2007-04-03 02:25 . 2006-10-19 01:47 1117696 c:\windows\system32\dllcache\WMADMOE.dll
+ 2009-04-21 03:41 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys
+ 2007-08-13 22:54 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-04-21 16:41 . 2006-11-01 22:31 1669120 c:\windows\system32\dllcache\setup_wm.exe
+ 2009-04-21 03:42 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2009-06-10 13:19 . 2009-06-10 13:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2007-08-13 22:54 . 2009-07-19 13:18 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2009-04-21 03:29 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-04-21 03:29 . 2009-02-07 01:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-01-07 22:20 . 2009-01-07 22:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2007-03-02 20:38 . 2006-02-22 00:30 2636672 c:\windows\system32\dllcache\ati3duag.dll
+ 2007-03-02 20:53 . 2006-02-22 00:46 1505792 c:\windows\system32\dllcache\ati2mtag.sys
+ 2007-03-02 20:21 . 2006-02-22 00:11 5124096 c:\windows\system32\atioglxx.dll
+ 2006-02-22 00:27 . 2006-02-22 00:27 6684672 c:\windows\system32\atioglx1.dll
+ 2009-02-25 20:30 . 2009-04-28 01:56 3227648 c:\windows\system32\aticaldd.dll
+ 2007-03-02 20:38 . 2006-02-22 00:30 2636672 c:\windows\system32\ati3duag.dll
+ 2004-07-17 18:35 . 2004-07-17 18:35 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2009-04-21 16:41 . 2007-04-03 04:12 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi
+ 2007-05-25 16:08 . 2007-05-25 16:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2009-03-05 19:40 . 2009-03-05 19:40 6819840 c:\windows\Installer\de46a.msp
+ 2009-08-05 06:11 . 2009-08-05 06:11 5518848 c:\windows\Installer\d4ed1b.msp
+ 2009-07-01 17:21 . 2009-07-01 17:21 8891904 c:\windows\Installer\d4ed02.msp
+ 2008-12-12 16:09 . 2008-12-12 16:09 5517824 c:\windows\Installer\c43aa.msp
+ 2009-06-30 15:30 . 2009-06-30 15:30 5520384 c:\windows\Installer\bce7c.msp
+ 2008-12-13 14:57 . 2008-12-13 14:57 8397824 c:\windows\Installer\b13496.msp
+ 2008-07-30 00:26 . 2008-07-30 00:26 1043456 c:\windows\Installer\b04222.msp
+ 2008-07-30 01:37 . 2008-07-30 01:37 2679808 c:\windows\Installer\b04220.msp
+ 2008-07-30 02:15 . 2008-07-30 02:15 3697664 c:\windows\Installer\b0421e.msp
+ 2008-07-30 00:34 . 2008-07-30 00:34 1448448 c:\windows\Installer\b0421d.msp
+ 2008-07-30 01:22 . 2008-07-30 01:22 4137984 c:\windows\Installer\b0421c.msp
+ 2008-07-30 00:18 . 2008-07-30 00:18 3376640 c:\windows\Installer\b0421b.msp
+ 2008-07-29 22:45 . 2008-07-29 22:45 2543616 c:\windows\Installer\acc78c.msp
+ 2008-07-29 22:29 . 2008-07-29 22:29 2926080 c:\windows\Installer\acc78b.msp
+ 2008-07-29 22:41 . 2008-07-29 22:41 6487040 c:\windows\Installer\acc78a.msp
+ 2008-07-29 22:39 . 2008-07-29 22:39 3403264 c:\windows\Installer\acc789.msp
+ 2008-07-29 22:43 . 2008-07-29 22:43 1013248 c:\windows\Installer\acc787.msp
+ 2008-07-29 22:31 . 2008-07-29 22:31 6083072 c:\windows\Installer\acc784.msp
+ 2009-01-14 20:43 . 2009-01-14 20:43 5520384 c:\windows\Installer\9e9eaae.msp
+ 2009-01-15 07:35 . 2009-01-15 07:35 4830720 c:\windows\Installer\99760.msp
+ 2008-10-25 14:15 . 2008-10-25 14:15 6227456 c:\windows\Installer\794780.msp
+ 2008-10-17 14:03 . 2008-10-17 14:03 5518336 c:\windows\Installer\794769.msp
+ 2009-07-12 07:37 . 2009-07-12 07:37 1064448 c:\windows\Installer\754f38.msi
+ 2009-02-11 19:02 . 2009-02-11 19:02 5519872 c:\windows\Installer\6b0a073.msp
+ 2009-04-06 21:00 . 2009-04-06 21:00 5518336 c:\windows\Installer\68cd30.msp
+ 2008-11-19 14:01 . 2008-11-19 14:01 3732480 c:\windows\Installer\5b3fe.msp
+ 2008-10-23 03:43 . 2008-10-23 03:43 6820352 c:\windows\Installer\5b3f3.msp
+ 2008-10-23 03:48 . 2008-10-23 03:48 7672832 c:\windows\Installer\5b3dc.msp
+ 2008-11-05 19:25 . 2008-11-05 19:25 5518336 c:\windows\Installer\5b3c5.msp
+ 2008-10-20 15:18 . 2008-10-20 15:18 6474240 c:\windows\Installer\5b3af.msp
+ 2007-04-03 03:57 . 2007-04-03 03:57 5864960 c:\windows\Installer\5a3e1.msp
+ 2008-08-02 14:41 . 2008-08-02 14:41 5923328 c:\windows\Installer\4f1229.msi
+ 2008-08-14 19:01 . 2008-08-14 19:01 5517312 c:\windows\Installer\4af7f9.msp
+ 2009-05-01 19:49 . 2009-05-01 19:49 4328960 c:\windows\Installer\44912.msp
+ 2009-04-24 16:31 . 2009-04-24 16:31 1425920 c:\windows\Installer\448f8.msp
+ 2007-04-03 03:08 . 2007-04-03 03:08 1142784 c:\windows\Installer\3a8127.msi
+ 2008-06-19 22:28 . 2008-06-19 22:28 1573376 c:\windows\Installer\34e576a.msp
+ 2008-07-16 14:39 . 2008-07-16 14:39 5519360 c:\windows\Installer\34e5755.msp
+ 2008-07-08 15:27 . 2008-07-08 15:27 8436736 c:\windows\Installer\34e573f.msp
+ 2009-08-29 02:58 . 2009-08-29 02:58 6653952 c:\windows\Installer\322eb5.msp
+ 2009-08-29 03:22 . 2009-08-29 03:22 1697792 c:\windows\Installer\322eb4.msp
+ 2009-04-26 18:50 . 2009-04-26 18:50 2754048 c:\windows\Installer\2fb2cb1.msi
+ 2008-09-05 17:08 . 2008-09-05 17:08 5515776 c:\windows\Installer\2b59e.msp
+ 2007-04-04 04:24 . 2007-04-04 04:24 2677760 c:\windows\Installer\275083.msi
+ 2008-04-24 14:22 . 2008-04-24 14:22 4275712 c:\windows\Installer\1d0b448.msp
+ 2005-10-26 18:59 . 2005-10-26 18:59 2883072 c:\windows\Installer\1d0b43d.msp
+ 2008-06-10 18:09 . 2008-06-10 18:09 5517312 c:\windows\Installer\1d0b426.msp
+ 2008-04-18 18:56 . 2008-04-18 18:56 6215680 c:\windows\Installer\1d0b344.msp
+ 2007-07-21 17:26 . 2007-07-21 17:26 7574016 c:\windows\Installer\1d0b339.msp
+ 2009-08-05 02:33 . 2009-08-05 02:33 1013248 c:\windows\Installer\1d043.msi
+ 2009-06-02 17:22 . 2009-06-02 17:22 1046528 c:\windows\Installer\1a1eb.msi
+ 2008-06-11 19:05 . 2008-06-11 19:05 9994240 c:\windows\Installer\151e145.msp
+ 2008-04-01 18:33 . 2008-04-01 18:33 5479936 c:\windows\Installer\151e118.msp
+ 2008-01-31 14:30 . 2008-01-31 14:30 9947648 c:\windows\Installer\151e102.msp
+ 2008-01-14 20:53 . 2008-01-14 20:53 5213696 c:\windows\Installer\151e0d5.msp
+ 2007-11-08 15:42 . 2007-11-08 15:42 4158464 c:\windows\Installer\151e0a9.msp
+ 2009-05-14 16:34 . 2009-05-14 16:34 3730944 c:\windows\Installer\14ce1e7.msp
+ 2009-05-04 11:46 . 2009-05-04 11:46 8299008 c:\windows\Installer\14ce1da.msp
+ 2009-05-12 17:01 . 2009-05-12 17:01 6818816 c:\windows\Installer\14ce1cd.msp
+ 2009-04-24 16:30 . 2009-04-24 16:30 2583552 c:\windows\Installer\14ce1b4.msp
+ 2009-05-28 16:32 . 2009-05-28 16:32 5518848 c:\windows\Installer\14ce1a6.msp
+ 2009-04-23 21:57 . 2009-04-23 21:57 7672832 c:\windows\Installer\14ce18e.msp
+ 2007-04-03 02:24 . 2007-04-03 02:24 3443712 c:\windows\Installer\12051f.msi
+ 2008-08-04 13:45 . 2008-08-04 13:45 1132544 c:\windows\Installer\10ca9b.msp
+ 2007-05-10 17:45 . 2007-05-10 17:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2008-12-18 20:48 . 2008-12-18 20:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2009-04-03 21:57 . 2009-04-03 21:57 4671320 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\WRD12CNV.DLL
+ 2009-04-02 18:35 . 2009-04-02 18:35 1787216 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PPCNV.DLL
+ 2009-07-29 03:05 . 2009-04-30 21:22 1207808 c:\windows\ie8updates\KB972260-IE8\urlmon.dll
+ 2009-07-29 03:05 . 2009-05-13 05:15 5936128 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
+ 2009-07-29 03:05 . 2009-04-30 21:22 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll
+ 2009-06-11 07:06 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll
+ 2009-06-11 07:06 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll
+ 2009-06-11 07:06 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll
+ 2009-04-29 20:25 . 2009-02-20 18:09 1160192 c:\windows\ie8\urlmon.dll
+ 2009-04-29 20:25 . 2009-02-20 18:09 3595264 c:\windows\ie8\mshtml.dll
+ 2009-04-29 20:25 . 2009-02-20 18:09 6066176 c:\windows\ie8\ieframe.dll
+ 2009-04-29 20:25 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat
+ 2009-02-02 22:07 . 2009-02-02 22:07 1914440 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2009-07-12 07:37 . 2009-07-12 07:37 1019904 c:\windows\assembly\GAC_MSIL\CLI.Component.Eeu\2.0.3404.40461__90ba9c70f846762e\CLI.Component.Eeu.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 1142784 c:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3404.40401__90ba9c70f846762e\CLI.Component.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 1036288 c:\windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.3404.40424__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.DLL
+ 2009-07-12 07:37 . 2009-07-12 07:37 1728512 c:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3404.40413__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL
+ 2009-07-29 01:44 . 2009-07-03 17:06 1208832 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\urlmon.dll
+ 2009-07-29 01:44 . 2009-07-19 13:17 5938176 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
+ 2009-07-29 01:44 . 2009-07-03 17:06 1985536 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\iertutil.dll
+ 2009-06-03 19:12 . 2009-06-03 19:12 1291264 c:\windows\$hf_mig$\KB971633\SP3QFE\quartz.dll
+ 2009-06-11 02:12 . 2009-04-30 21:22 1207808 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\urlmon.dll
+ 2009-06-11 02:12 . 2009-05-13 05:10 5936128 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
+ 2009-06-11 02:12 . 2009-04-30 21:22 1985024 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\iertutil.dll
+ 2009-04-17 10:50 . 2009-04-17 10:50 1847808 c:\windows\$hf_mig$\KB968537\SP3QFE\win32k.sys
+ 2008-04-14 09:42 . 2009-07-14 03:43 10841088 c:\windows\system32\wmp.dll
+ 2009-07-12 07:46 . 2009-04-28 05:12 11845632 c:\windows\system32\ReinstallBackups\0006\DriverFiles\B_80188\atioglxx.dll
+ 2009-04-29 02:22 . 2009-02-25 21:30 11841536 c:\windows\system32\ReinstallBackups\0001\DriverFiles\atioglxx.dll
+ 2009-04-29 02:21 . 2009-01-14 05:46 11591680 c:\windows\system32\ReinstallBackups\0000\DriverFiles\atioglxx.dll
+ 2009-04-17 05:42 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe
+ 2006-11-08 04:03 . 2009-07-19 22:48 11067392 c:\windows\system32\ieframe.dll
+ 2009-04-21 16:43 . 2009-07-14 03:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-04-21 03:29 . 2009-07-19 22:48 11067392 c:\windows\system32\dllcache\ieframe.dll
+ 2006-10-30 11:05 . 2006-10-30 11:05 11390464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpf.msi
+ 2009-02-25 23:07 . 2009-02-25 23:07 11646464 c:\windows\Installer\de474.msp
+ 2009-07-01 17:19 . 2009-07-01 17:19 10607104 c:\windows\Installer\d4ed03.msp
+ 2008-12-13 15:21 . 2008-12-13 15:21 10473472 c:\windows\Installer\b134a2.msp
+ 2007-07-31 12:29 . 2007-07-31 12:29 12836864 c:\windows\Installer\9c2a4.msp
+ 2008-09-24 17:05 . 2008-09-24 17:05 16381440 c:\windows\Installer\794791.msp
+ 2008-10-20 15:22 . 2008-10-20 15:22 11758592 c:\windows\Installer\5b408.msp
+ 2007-04-03 03:32 . 2007-04-03 03:32 19210240 c:\windows\Installer\559d8.msp
+ 2009-07-22 02:47 . 2009-07-22 02:47 15706112 c:\windows\Installer\50e78.msp
+ 2007-07-13 01:24 . 2007-07-13 01:24 15256576 c:\windows\Installer\4f9f6e.msp
+ 2008-08-11 15:51 . 2008-08-11 15:51 15916544 c:\windows\Installer\4af84b.msp
+ 2008-07-30 12:50 . 2008-07-30 12:50 12506112 c:\windows\Installer\4af82d.msp
+ 2008-08-11 15:49 . 2008-08-11 15:49 22457344 c:\windows\Installer\4af822.msp
+ 2008-06-04 17:29 . 2008-06-04 17:29 16905728 c:\windows\Installer\4af804.msp
+ 2009-04-04 11:35 . 2009-04-04 11:35 38325760 c:\windows\Installer\37e55d.msp
+ 2008-07-08 14:09 . 2008-07-08 14:09 11887616 c:\windows\Installer\34e5781.msp
+ 2008-07-03 15:37 . 2008-07-03 15:37 11759104 c:\windows\Installer\34e575f.msp
+ 2008-07-01 13:25 . 2008-07-01 13:25 11814912 c:\windows\Installer\34e56fc.msp
+ 2007-10-15 03:33 . 2007-10-15 03:33 26646016 c:\windows\Installer\303c8ba.msp
+ 2008-08-13 18:49 . 2008-08-13 18:49 11816960 c:\windows\Installer\2b5bf.msp
+ 2008-07-30 03:20 . 2008-07-30 03:20 11767296 c:\windows\Installer\2b5a8.msp
+ 2009-07-31 02:24 . 2009-07-31 02:24 15705600 c:\windows\Installer\29059.msp
+ 2009-05-01 20:40 . 2009-05-01 20:40 21084160 c:\windows\Installer\1dd19a.msi
+ 2008-02-25 19:07 . 2008-02-25 19:07 11772416 c:\windows\Installer\1d0b452.msp
+ 2008-03-01 02:09 . 2008-03-01 02:09 16907776 c:\windows\Installer\1d0b3fc.msp
+ 2008-03-17 16:48 . 2008-03-17 16:48 11813888 c:\windows\Installer\151e12f.msp
+ 2008-04-14 18:26 . 2008-04-14 18:26 11888128 c:\windows\Installer\151e0ec.msp
+ 2008-01-14 19:24 . 2008-01-14 19:24 10721280 c:\windows\Installer\151e0bf.msp
+ 2009-02-27 20:37 . 2009-02-27 20:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
+ 2009-04-03 22:01 . 2009-04-03 22:01 15108448 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\XL12CNV.EXE
+ 2009-07-29 03:05 . 2009-04-30 21:22 11064832 c:\windows\ie8updates\KB972260-IE8\ieframe.dll
+ 2009-06-11 07:06 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll
+ 2009-07-29 01:44 . 2009-07-19 13:17 11068416 c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\ieframe.dll
+ 2009-05-01 19:22 . 2009-05-01 19:22 11064832 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\ieframe.dll
+ 2007-07-27 13:03 . 2007-07-27 13:03 119977472 c:\windows\Installer\1d0b3e7.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 65240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-8-28 221247]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Games2\\World of Warcraft\\BackgroundDownloader.exe"=
"d:\\Microsoft Games\\Mechwarrior Mercenaries\\MW4Mercs.icd"=
"c:\\WINDOWS\\system32\\ftp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [7/9/2009 12:15 pm 26104]
S3 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [4/2/2007 10:02 pm 26144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-29 c:\windows\Tasks\Daily Backup.job
- c:\windows\system32\ntbackup.exe [2003-06-20 09:42]

2009-08-30 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2009-07-22 14:10]

2009-08-29 c:\windows\Tasks\Defraggler Volume D Task.job
- c:\program files\Defraggler\df.exe [2009-07-22 14:10]

2009-08-29 c:\windows\Tasks\Defraggler Volume E Task.job
- c:\program files\Defraggler\df.exe [2009-07-22 14:10]

2009-08-30 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Dave Yeisley.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-04-21 17:36]

2009-09-05 c:\windows\Tasks\Malwarebytes' Scheduled Update for Dave Yeisley.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-04-21 17:36]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Windows SteadyState


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Dave Yeisley\Application Data\Mozilla\Firefox\Profiles\9r1ayfxd.default\
FF - prefs.js: browser.startup.homepage - hxxp://aenea.aforumfree.com/index.htm?sid=68056079b2babf68c795146e84531f48|http://theregulators3.10.forumer.com/index.php?sid=853c048dde9784435595a69caac21585
FF - plugin: c:\program files\Java\j2re1.4.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.0_04\bin\NPJPI140_04.dll
FF - plugin: c:\program files\Java\j2re1.4.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: e:\program files\Netscape\Communicator\Program\Plugins\npdrmv2.dll
FF - plugin: e:\program files\Netscape\Communicator\Program\Plugins\npdsplay.dll
FF - plugin: e:\program files\Netscape\Communicator\Program\Plugins\NPJava11.dll
FF - plugin: e:\program files\Netscape\Communicator\Program\Plugins\NPJava12.dll
FF - plugin: e:\program files\Netscape\Communicator\Program\Plugins\NPJava13.dll
FF - plugin: e:\program files\Netscape\Communicator\Program\Plugins\NPJava32.dll
FF - plugin: e:\program files\Netscape\Communicator\Program\Plugins\NPJPI140_04.dll
FF - plugin: e:\program files\Netscape\Communicator\Program\Plugins\NPOFFICE.DLL
FF - plugin: e:\program files\Netscape\Communicator\Program\Plugins\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 01:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-09-05 1:20
ComboFix-quarantined-files.txt 2009-09-05 05:20
ComboFix2.txt 2009-04-25 23:43

Pre-Run: 302,028,800,000 bytes free
Post-Run: 302,104,387,584 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
1379 --- E O F --- 2009-08-26 03:18
My old sig had lots of info, but it was too long.
My new sig is short, but doesnt say much.

#15 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:09 PM

Posted 10 October 2009 - 11:17 AM

You did good, thanks for posting the old log. :(

I want you to give Kaspersky a try. It was down for repairs the other day but hopefully it is back up. This scan can take a bit to run so be patient with it and let it finish.

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users