Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Garmanma said I have a nasty rootkit


  • This topic is locked This topic is locked
27 replies to this topic

#1 JudyLee

JudyLee

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:05:39 AM

Posted 25 September 2009 - 10:49 PM

I'm not sure if you need to see what transpired before I moved to this forum, but if you do, here it is:
http://www.bleepingcomputer.com/forums/t/259143/total-security-at-least-thats-how-it-started/

Here's the part where Garmanma said: Win32.TDSS.dt = a pretty nasty rootkit

So here's the back story:

Let me start by saying Thank you all for being here. This "HP Pavillion Entertainment PC" laptop came to me as a gift back in the spring.
It was completely reformatted by a dear friend's geek-mother and reset to factory specs. Except for a small bit of physical damage, it is absolutely perfect.

Last month my 13 year old son clicked somewhere he should not have clicked (I asked - he said it was a link in an email - and no he would not tell me what it was -ok - we can all guess - but he is a good kid and feels really bad about the results).

How did I realize that he had done something? I logged on after work the next day and my entire desktop was replaced by a bright blue and pink screen with the words "TOTAL SECURITY" across the top... being prompted to download their Total Security System to protect my computer. Well I know better than that! I finally managed to get my desktop back by using ctr-alt-del and ending its process. I tried AVG - it said the file had been corrupted and would not load - I should get Total Security instead. I tried SpyBot - it said the file had been corrupted and would not load - I should get Total Security instead. I tried to get to a restore point, but it said the restore point had been corrupted - I should get Total Security to fix it.

With over 3 hours of help over Ventrilo from a truly dedicated geek friend, we finally found a program running named "16887344.exe"
He directed me to the ways and means of removing this program - finding its traces in the registry and removing them- and finally regaining the ability to use AVG and SpyBot... which I ran and found nothing remarkable as I recall. We patted ourselves on the back for a job well done, and held our collective breath that nothing else would show up.

I came to these forums a month ago and searched "total security" and found nothing. Now when one searches that term, more than 5 pages show up.

A different truly-talented geek friend suggested that I update ComboFix and run it till it didn't find anything to fix, and then send him the log - which I did - and he said it looked fine - just a few not-too-bad items to remove but it wouldn't really matter if they were not removed. He assumed the bad stuff had been found and dealt with.

Well I feel like I've used up all my geek-friend tokens for this month ... But something is still not right - the Windows Explorer part of my system works terribly slowly. When I mouse over the START button, it can take up to a minute before the cursor changes to acknowledge that it is there. When I'm trying to change from one window to another, it can take a minute or more to accomplish the change. Even alt-tab works very slowly for changing windows. Logging on and off can take several minutes as well.

Also every time I log on now I get a blue screen stating inconsistencies on this disk. The computer has only a C: drive and a D: drive. I was told that the D: drive should be where the backup restore ability is stored. When I try to open that, it says it is inaccessible or corrupted.

I would be happy to just reformat and start over, but I was not given the restore disks with the computer. My normal usage for this computer is gaming (my two teenage sons and I are World of Warcraft players), with usually a firefox browser open too keep track of fan sites, and aim and msn running to keep in touch with friends coming and going.

I have a little bit of knowledge about these things ... and I know - A little bit of knowledge is a very dangerous thing!
But I can pay attention and follow directions, so I'd be very grateful for any suggestions you can give me.

I thought I should add something ...

Today I decided to try "Start in Recovery Console"
It directed me to check the computer for viruses and said to "Run: CHKDSK /F"
but I don't have an F drive.
It also said... "Tech Info: Stop: 0X0000007B (0XF7A89534, 0X0000034, 0X00000000, 0x00000000)

Also I tried to run Spybot tonight, and it froze on "514970/545801: Win32.TDSS.dt"

Thanks again.

~~~~~~~~~~~~

Garmanma instructed me to run several programs and post the logs on that other forum which is linked above.
Then yesterday, he instructed me to:


"OK, no more messing around
We need to create an OTL Report"


And he has asked me to post the logs here so that your wizards can work their magic ... please :-)

The Logs from OTL follow:


OTL logfile created on: 9/24/2009 7:07:55 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Judy\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 406.96 Mb Available Physical Memory | 40.13% Memory free
2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.38% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80.46 Gb Total Space | 35.51 Gb Free Space | 44.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC785018295244
Current User Name: Judy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/07/05 02:09:03 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006/07/25 16:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2009/09/03 18:49:34 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2005/12/15 23:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/06 00:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2006/05/18 19:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/03/16 00:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/05/04 01:58:26 | 00,458,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2006/06/17 01:22:46 | 00,794,713 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2009/02/06 05:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2009/07/05 02:09:08 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/09/03 18:49:37 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/03/05 14:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/06/29 21:42:11 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PRC - [2009/09/03 18:49:41 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/03 18:49:40 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2006/03/16 00:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2009/09/23 02:31:21 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/10 13:49:24 | 00,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/09/24 18:57:59 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judy\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/06/12 16:27:28 | 00,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr [On_Demand | Stopped])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/07/25 16:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2009/09/03 18:49:34 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/12/15 23:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/06 00:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/24 15:13:36 | 00,242,424 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [Disabled | Stopped])
SRV - [2006/03/16 00:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/05/02 18:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand | Stopped])
SRV - [2005/04/04 03:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/04/02 05:51:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Disabled | Stopped])
SRV - [2009/07/05 02:09:03 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2006/05/18 19:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2006/07/25 16:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [On_Demand | Stopped])
SRV - [2005/08/06 00:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Stopped])
SRV - [2004/08/10 15:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2009/06/22 07:49:04 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqsvc.exe -- (MSMQ [Auto | Stopped])
SRV - [2009/06/22 07:49:23 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqtgsvc.exe -- (MSMQTriggers [Auto | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/06/06 16:39:56 | 00,061,952 | ---- | M] (Ricoh) -- C:\WINDOWS\System32\Drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD [On_Demand | Running])
DRV - [2001/08/18 00:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2004/08/04 10:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/18 00:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/18 00:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2009/09/03 18:49:41 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/09/03 18:49:41 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/23 09:30:20 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2006/05/12 16:05:02 | 00,057,320 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2001/08/18 00:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/18 00:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2006/04/11 06:35:18 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2005/09/19 17:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\eabfiltr.sys -- (eabfiltr [System | Running])
DRV - [2005/09/19 17:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\eabusb.sys -- (eabusb [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/09/19 17:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\cpqbttn.sys -- (HBtnKey [On_Demand | Running])
DRV - [2006/06/02 11:02:36 | 00,572,928 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\System32\drivers\CHDAud.sys -- (HdAudAddService [On_Demand | Running])
DRV - [2005/01/07 20:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/04/20 12:02:40 | 00,208,000 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2006/04/20 12:03:20 | 00,995,712 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2006/03/22 16:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2005/10/13 05:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2009/05/17 02:08:26 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2006/02/15 07:57:46 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2009/06/22 07:48:44 | 00,091,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.sys -- (MQAC [On_Demand | Running])
DRV - [2001/08/18 00:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2006/03/16 00:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/06/20 20:05:58 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/18 00:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/18 00:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/18 00:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2005/11/16 16:28:32 | 00,028,928 | ---- | M] (REDC) -- C:\WINDOWS\System32\DRIVERS\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
DRV - [2005/12/22 13:02:22 | 00,051,840 | ---- | M] (REDC) -- C:\WINDOWS\System32\DRIVERS\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
DRV - [2005/11/01 14:08:00 | 00,308,992 | ---- | M] (REDC) -- C:\WINDOWS\System32\DRIVERS\rixdptsk.sys -- (rismxdp [On_Demand | Running])
DRV - [2008/05/08 08:28:49 | 00,202,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\RMCast.sys -- (RMCAST [On_Demand | Running])
DRV - [2004/08/04 02:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2006/03/16 00:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/04 10:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/18 01:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2001/08/18 01:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/18 01:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/18 01:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/18 01:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2006/06/17 00:40:56 | 00,193,120 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2001/08/18 00:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2009/03/26 15:23:46 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2006/04/21 13:06:24 | 01,429,632 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w39n51.sys -- (w39n51 [On_Demand | Running])
DRV - [2006/04/20 12:02:36 | 00,727,296 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\S-1-5-21-550649503-4093617429-2617151104-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\S-1-5-21-550649503-4093617429-2617151104-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.507.024.001
FF - prefs.js..extensions.enabledItems: foxsaver@www.foxsaver.com:2.2.7.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.3.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/02 05:51:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/29 11:00:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/09/03 19:23:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/14 18:33:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/23 02:31:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/23 02:31:43 | 00,000,000 | ---D | M]

[2009/03/20 23:25:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\mozilla\Extensions
[2009/03/20 23:25:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/23 02:42:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\mozilla\Firefox\Profiles\yklwuwgl.default\extensions
[2009/09/15 12:03:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\mozilla\Firefox\Profiles\yklwuwgl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/29 16:00:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\mozilla\Firefox\Profiles\yklwuwgl.default\extensions\foxmarks@kei.com
[2009/09/03 18:57:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\mozilla\Firefox\Profiles\yklwuwgl.default\extensions\foxsaver@www.foxsaver.com
[2009/03/20 23:24:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/23 02:31:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/23 02:30:55 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/23 02:30:56 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/02 05:49:57 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/23 02:31:29 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/04/19 03:58:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/04/19 03:58:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/04/19 03:58:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/04/19 03:58:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/04/19 03:58:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/04/19 03:58:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/04/19 03:58:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/09/23 02:31:32 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/09/23 02:31:32 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/29 15:25:00 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/09/23 02:31:32 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/09/23 02:31:33 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/09/23 02:31:33 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/09/23 02:31:33 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/09/23 02:31:33 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-550649503-4093617429-2617151104-1005..\Run: [Google Update] C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-550649503-4093617429-2617151104-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-550649503-4093617429-2617151104-1005..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-550649503-4093617429-2617151104-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[41 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/09/24 18:57:59 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Judy\Desktop\OTL.exe
[2009/09/23 20:17:27 | 00,000,145 | ---- | C] () -- C:\Documents and Settings\Judy\Desktop\peek.bat
[2009/09/23 20:17:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Judy\My Documents\Downloads
[2009/09/22 19:17:49 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\Judy\Desktop\Win32kDiag.exe
[2009/09/21 23:40:03 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Judy\Desktop\settings.dat
[2009/09/21 23:36:37 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Judy\Desktop\tatertot.scr.exe
[2009/09/13 12:51:31 | 01,089,601 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/09/13 03:48:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/09/13 03:48:20 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/09/13 03:47:38 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/09/13 03:44:00 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/09/13 03:44:00 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/09/13 03:44:00 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/09/13 03:43:58 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/09/13 03:43:58 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/09/13 03:43:54 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/09/13 03:43:54 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/09/13 03:43:47 | 00,000,000 | ---D | C] -- C:\1828b8d98095724c3b
[2009/09/13 03:16:36 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/09/11 20:54:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Judy\Local Settings\Application Data\KodakGallery
[2009/09/11 20:53:45 | 00,027,648 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/09/11 20:53:45 | 00,003,072 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/09/11 20:53:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Judy\Application Data\Skinux
[2009/09/11 20:33:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009/09/11 20:33:21 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2009/09/11 20:33:21 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009/09/11 20:33:21 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009/09/11 20:11:10 | 00,001,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2009/09/11 20:11:09 | 00,001,837 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2009/09/11 20:11:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2009/09/11 19:59:05 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2fs.dll
[2009/09/11 19:59:05 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2fs.dll
[2009/09/11 19:59:05 | 00,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2.dll
[2009/09/11 19:59:05 | 00,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2.dll
[2009/09/11 19:59:05 | 00,062,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2009/09/11 19:55:56 | 00,000,000 | ---D | C] -- C:\Program Files\Kodak
[2009/09/11 19:51:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2009/09/10 19:15:38 | 00,353,777 | ---- | C] () -- C:\Documents and Settings\Judy\Desktop\gc-pony-png.JPG
[2009/09/07 12:33:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Judy\Desktop\Wellington
[2009/09/06 01:38:04 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/09/04 19:10:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/08/29 20:10:57 | 01,580,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/08/29 20:10:57 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/08/29 20:10:57 | 00,190,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\schedsvc.dll
[2009/08/29 20:10:57 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/08/29 20:10:57 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/08/29 20:10:57 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/08/29 20:10:57 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\shsvcs.dll
[2009/08/29 20:10:57 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/08/29 20:10:57 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\regsvc.dll
[2009/08/29 20:10:57 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe
[2009/08/29 20:10:56 | 03,597,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll
[2009/08/29 20:10:56 | 02,142,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/08/29 20:10:56 | 02,020,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/08/29 20:10:56 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/08/29 20:10:56 | 00,986,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/08/29 20:10:56 | 00,924,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/08/29 20:10:56 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/08/29 20:10:56 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/08/29 20:10:56 | 00,611,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/08/29 20:10:56 | 00,577,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/08/29 20:10:56 | 00,574,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys
[2009/08/29 20:10:56 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/08/29 20:10:56 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll
[2009/08/29 20:10:56 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/08/29 20:10:56 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll
[2009/08/29 20:10:56 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/08/29 20:10:56 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/08/29 20:10:56 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\es.dll
[2009/08/29 20:10:56 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tapisrv.dll
[2009/08/29 20:10:56 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mswsock.dll
[2009/08/29 20:10:56 | 00,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netman.dll
[2009/08/29 20:10:56 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\upnphost.dll
[2009/08/29 20:10:56 | 00,182,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/08/29 20:10:56 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll
[2009/08/29 20:10:56 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\xmlprov.dll
[2009/08/29 20:10:56 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/08/29 20:10:56 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/08/29 20:10:56 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/08/29 20:10:56 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\browser.dll
[2009/08/29 20:10:56 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ssdpsrv.dll
[2009/08/29 20:10:56 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\cryptsvc.dll
[2009/08/29 20:10:56 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/08/29 20:10:56 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\eventlog.dll
[2009/08/29 20:10:56 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/08/29 20:10:56 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/08/29 20:10:56 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/08/29 20:10:56 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mspmsnsv.dll
[2009/08/29 20:10:56 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/08/29 20:10:56 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/08/29 20:10:56 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/08/29 20:10:56 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\linkinfo.dll
[2009/08/29 20:10:56 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/08/29 20:10:56 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/08/29 20:10:56 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/08/29 20:10:56 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys
[2009/08/29 20:10:56 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/08/29 20:10:56 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/08/29 20:10:56 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/08/29 20:10:56 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/08/29 20:10:56 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/08/29 20:10:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/29 16:09:55 | 00,230,912 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/29 02:43:26 | 10,633,09312 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/29 02:02:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/08/27 19:42:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/03/22 23:45:46 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/22 02:51:53 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/09/12 03:29:34 | 00,000,219 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/12 03:25:15 | 00,000,748 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/12 03:10:16 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/12 02:57:52 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/29 15:18:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 14:46:56 | 00,005,326 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 14:43:40 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 14:13:22 | 00,000,624 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/06/29 07:00:42 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/03/16 00:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006/03/04 03:07:34 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 14:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/06 14:06:32 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 16:24:26 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[41 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/09/24 18:57:59 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judy\Desktop\OTL.exe
[2009/09/24 18:52:49 | 41,731,982 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/24 18:48:00 | 00,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-550649503-4093617429-2617151104-1005UA.job
[2009/09/24 18:47:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/24 18:46:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/24 18:46:44 | 10,633,09312 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/23 21:48:01 | 00,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-550649503-4093617429-2617151104-1005Core.job
[2009/09/23 20:17:27 | 00,000,145 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\peek.bat
[2009/09/22 19:17:49 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\Win32kDiag.exe
[2009/09/22 19:10:49 | 00,112,900 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/21 23:41:23 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\settings.dat
[2009/09/21 23:36:39 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Judy\Desktop\tatertot.scr.exe
[2009/09/21 02:08:16 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/09/18 15:49:36 | 00,002,277 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\Google Chrome.lnk
[2009/09/14 18:22:18 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/13 04:51:15 | 00,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/13 04:08:44 | 00,518,380 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/13 04:08:44 | 00,453,754 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/13 04:08:44 | 00,075,092 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/11 21:06:10 | 00,027,648 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/09/11 20:53:44 | 00,003,072 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/09/11 20:11:10 | 00,001,837 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2009/09/11 20:11:10 | 00,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2009/09/10 19:15:38 | 00,353,777 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\gc-pony-png.JPG
[2009/09/10 19:09:59 | 00,465,493 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\gc-pony-png.png
[2009/09/10 19:09:10 | 02,376,882 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\gc-pony-photoshop.psd
[2009/09/06 18:04:50 | 00,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/04 19:08:58 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/04 18:32:54 | 03,192,102 | R--- | M] () -- C:\Documents and Settings\Judy\Desktop\ComboFix.exe
[2009/09/03 22:25:22 | 00,230,912 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/03 18:49:41 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/09/03 18:49:41 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/09/03 18:49:41 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/29 20:04:02 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/29 19:14:41 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\ESQULzxspectrum
[2009/08/29 14:27:20 | 00,005,326 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/08/29 13:19:04 | 01,577,100 | -H-- | M] () -- C:\Documents and Settings\Judy\Local Settings\Application Data\IconCache.db
[2009/08/29 02:47:56 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/08/28 17:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >

OTL Extras logfile created on: 9/24/2009 7:08:20 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Judy\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 406.96 Mb Available Physical Memory | 40.13% Memory free
2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.38% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80.46 Gb Total Space | 35.51 Gb Free Space | 44.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC785018295244
Current User Name: Judy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-550649503-4093617429-2617151104-1005\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BE247E71-C143-40BB-ADF2-A465DF062BAB}" = HP User Guides 0035
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EC397D90-720E-426D-B381-0A10C6FD5A49}" = HP Pavilion Webcam Demo
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"AVG8Uninstall" = AVG Free 8.5
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP
"ESPNMotion" = ESPNMotion
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Peggle Deluxe 1.01" = Peggle Deluxe 1.01
"PROSet" = Intel® PRO Network Connections Drivers
"Rhapsody" = Rhapsody
"SwiftKit" = SwiftKit
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"WildTangent hplaptop Master Uninstall" = My HP Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-550649503-4093617429-2617151104-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/1/2009 9:48:05 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/4/2009 6:48:05 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/5/2009 12:32:34 AM | Computer Name = PC785018295244 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3498, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2009 6:38:39 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/12/2009 12:50:38 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/17/2009 10:50:37 AM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/20/2009 12:48:06 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/20/2009 10:35:29 PM | Computer Name = PC785018295244 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/21/2009 4:49:05 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/21/2009 5:50:37 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

[ Application Events ]
Error - 9/1/2009 9:48:05 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/4/2009 6:48:05 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/5/2009 12:32:34 AM | Computer Name = PC785018295244 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3498, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2009 6:38:39 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/12/2009 12:50:38 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/17/2009 10:50:37 AM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/20/2009 12:48:06 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/20/2009 10:35:29 PM | Computer Name = PC785018295244 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/21/2009 4:49:05 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/21/2009 5:50:37 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 9/21/2009 5:34:28 PM | Computer Name = PC785018295244 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 60 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 9/21/2009 5:34:28 PM | Computer Name = PC785018295244 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 9/21/2009 6:34:28 PM | Computer Name = PC785018295244 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 120 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 9/21/2009 6:34:28 PM | Computer Name = PC785018295244 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 9/21/2009 6:56:46 PM | Computer Name = PC785018295244 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 0018DE0ECA86 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/21/2009 6:57:22 PM | Computer Name = PC785018295244 | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 9/24/2009 6:48:30 PM | Computer Name = PC785018295244 | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 9/24/2009 6:50:36 PM | Computer Name = PC785018295244 | Source = Service Control Manager | ID = 7022
Description = The Server service hung on starting.

Error - 9/24/2009 6:50:36 PM | Computer Name = PC785018295244 | Source = Service Control Manager | ID = 7001
Description = The Message Queuing service depends on the Server service which failed
to start because of the following error: %%1070

Error - 9/24/2009 6:50:36 PM | Computer Name = PC785018295244 | Source = Service Control Manager | ID = 7001
Description = The Message Queuing Triggers service depends on the Message Queuing
service which failed to start because of the following error: %%1068


< End of report >
My Signature Response:

BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 13 October 2009 - 04:17 AM

Hello and :( to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

*If you have since resolved the original problem you were having, we would appreciate you letting us know.

*If not please perform the following steps below so we can have a look at the current condition of your machine.

*If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

**If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.

----------------------------*-------------------------------

We need to see some information about what is happening in your machine.

Please perform the following scan:


Posted Image
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:(

#3 JudyLee

JudyLee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:05:39 AM

Posted 13 October 2009 - 05:36 PM

Thank you so much for getting back to me ... Yes, it has been a long wait,
but we all know "Good things come to those who wait."

Here is the DDS log:


DDS (Ver_09-10-13.01) - NTFSx86
Run by Judy at 18:32:14.95 on Tue 10/13/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.376 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Judy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/go/notebookaccessories
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\judy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {4D908843-2D1F-43AF-BC92-EC2AFCB524B7} = 208.67.220.220,208.67.222.222
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\judy\applic~1\mozilla\firefox\profiles\yklwuwgl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\judy\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\judy\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-17 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-23 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-23 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-3 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-18 24652]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]

=============== Created Last 30 ================


==================== Find3M ====================

2009-09-19 00:00 37 a------- c:\documents and settings\judy\jagex_runescape_preferences.dat
2009-09-18 23:33 45 a------- c:\documents and settings\judy\jagex_runescape_preferences2.dat
2009-09-03 22:25 230,912 a------- c:\windows\PEV.exe
2009-09-03 18:49 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-09-03 18:49 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-28 23:55 90,112 a------- c:\windows\DUMP7cb1.tmp
2009-08-13 11:16 512,000 a------- c:\windows\system32\dllcache\jscript.dll
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 09:33 3,597,824 a------- c:\windows\system32\dllcache\cache\mshtml.dll
2009-07-19 09:33 3,597,824 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 09:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 14:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2008-01-05 17:56 22 ac-sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 18:32:46.56 ===============
My Signature Response:

#4 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 15 October 2009 - 07:46 AM

Hello JudyLee, and :( to Bleeping Computer Malware Removal Forum, My Nick is Net_Surfer I'll be glad to help you with your computer problems.

I will be working on your Malware issues, this may or may not solve other issues you may have with your machine.

Sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.


You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown Here.

-----------------------------------------------------------

Please be patient and I'd be grateful if you would note the following:

The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.

1. Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic.
2. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
3. All of my posts need to be checked by my coach before they are posted here your benefit will be "four eyes and two brains" looking into your problem, but my responses may be somewhat delayed so please be patient while I attempt to remove your malware.
4. Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You ran COMBOFix on your own: That's Not Good... Not GOOD.. :) You may have shot yourself in the foot. :)

Combofix is a very complex and dangerous tool. It is not a one size fit all tool and it is not automatically removing what needs to be removed by itself. It is like a scalpel in the hands of a surgeon. A surgeon can remove exactly what is need and no more while an untrained person would either cut too much or not enough.

Combofix is powerful enough to be able to render your computer unbootable if used wrongly or to leave your computer infected if you do not know what you are doing..



You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert.


Please read Combofix's Disclaimer.


Please post the "C:\ComboFix.txt" I need to see what it deleted.


Please give me some time to review your logs and take the steps necessary with you to get your machine back in working order clean and free of malware.

I will Propose a fix for your machine so my coach can ok your fix.

In the meantime Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
.

Thanks and again sorry for the delay.

Kind regards
Net_Surfer

:(

#5 JudyLee

JudyLee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:05:39 AM

Posted 15 October 2009 - 06:56 PM

Greetings Net Surfer - and thank you very much for coming to my rescue. Thanks as well to your supervisor. I hope to follow in your foot steps some day as it has long been a joy of mine (and occasional part time job) to help the elderly in our area (retirement capital: South Florida) get better use from their personal computers. I have been watching this thread with eager anticipation of this day.

I am well aware of your cautions regarding ComboFix, and I was directed to use it by a professional in the field. He has great experience with malware and with ComboFix, but just like you all here at BC, he has very limited time to devote to this situation. I'm grateful for my computer-guru friends, but know the limits of friendship. As my introduction explains, they were able to find and arrest the problem, but not to completely solve the problem. Obviously, the rootkit remains and has slowed many processes to a mind-numbing crawl.

The most telling symptom I experience at this time is when mousing over the bottom bar on my screen, the mouse remains as an "up-and-down expando arrow" for quite a long time - as much as a minute - before recognizing that it is over the explorer bar and allowing me to click on a button. This is the same if I am attempting to click the start button or the browser or any other program I might have running. I am, however, able to change windows more quickly if I use alt-tab. Besides checking this forum, this laptop is only being used to play WoW, and it seems to have little trouble with that task.

I have not attempted to run a scan with AVG, Spybot, or any other program since I first posted on this forum on September 25th.

Following are the contents of the ComboFix.txt logs on my computer. There are 4 that were created after this problem began on August 24, 2009.

ComboFix Log - August 29, 2009

ComboFix 09-08-29.01 - Judy 08/29/2009 19:49.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.630 [GMT -4:00]
Running from: c:\documents and settings\Judy\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\kb913800.exe
c:\windows\system32\drivers\ESQULqvcdtiqmbetixjxqhhsssvmtixvpqxpb.sys
c:\windows\system32\ESQULlknjemirdgtoipyhtcrruffqsederdrq.dll
c:\windows\system32\ESQULvpuyfvkosusibapuycwkinlqenxrqjpw.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys
-------\Legacy_ESQULserv.sys
-------\Service_ESQULserv.sys


((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-30 )))))))))))))))))))))))))))))))
.

2009-08-29 05:09 . 2009-08-29 05:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-08-19 20:51 . 2009-08-19 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-15 05:18 . 2009-08-15 05:18 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM
2009-08-13 15:38 . 2009-08-13 15:38 -------- d-----w- c:\windows\ServicePackFiles
2009-08-12 09:48 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-05 09:11 . 2009-08-05 09:11 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-31 01:57 . 2009-07-31 01:57 -------- d-----w- c:\documents and settings\Judy\Application Data\MSNInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-29 03:55 . 2009-03-08 05:59 90112 ----a-w- c:\windows\DUMP7cb1.tmp
2009-08-19 20:53 . 2009-03-21 03:49 -------- d-----w- c:\program files\World of Warcraft
2009-08-05 09:11 . 2006-03-16 04:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-18 12:21 . 2009-05-23 13:30 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-17 18:55 . 2006-03-16 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 01:42 . 2009-06-02 22:25 16 ----a-w- c:\windows\popcinfot.dat
2009-07-14 03:43 . 2006-03-16 04:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 06:11 . 2009-06-21 06:11 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-12 06:11 . 2009-06-21 06:10 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-12 06:11 . 2009-06-21 06:10 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-11 08:03 . 2009-03-21 17:18 34 ----a-w- c:\documents and settings\Judy\jagex_runescape_preferences.dat
2009-07-05 06:10 . 2009-06-21 06:11 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-05 06:10 . 2009-06-21 06:11 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-05 06:10 . 2009-06-21 06:10 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-05 06:10 . 2009-06-21 06:10 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-05 06:10 . 2009-05-31 06:09 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-05 06:09 . 2009-05-31 06:09 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-05 06:09 . 2009-05-31 06:09 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-05 06:09 . 2009-06-21 06:10 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-05 06:09 . 2009-06-21 06:10 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-05 06:09 . 2009-06-21 06:10 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-05 06:09 . 2009-06-21 06:10 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-05 06:09 . 2009-06-21 06:10 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-05 06:09 . 2009-06-21 06:09 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-05 06:09 . 2009-06-21 06:09 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-01 07:17 . 2009-07-01 07:17 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-30 00:53 . 2006-09-12 06:39 66712 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-29 16:12 . 2006-03-16 04:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2006-03-16 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2006-03-16 04:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-29 14:56 . 2009-05-23 13:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-29 14:56 . 2009-05-23 13:30 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-25 18:36 . 2006-03-16 04:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2006-03-16 04:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2006-03-16 04:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2006-03-16 04:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2006-03-16 04:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2006-03-16 04:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2006-03-16 04:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2006-03-16 04:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2006-03-16 04:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2006-03-16 04:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2006-03-16 04:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2006-03-16 04:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:17 . 2006-03-16 04:00 729600 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:17 . 2006-03-16 04:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:17 . 2006-03-16 04:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:17 . 2006-03-16 04:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:17 . 2006-03-16 04:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:17 . 2006-03-16 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:49 . 2006-03-16 04:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2006-03-16 04:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2006-03-16 04:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2006-03-16 04:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:35 . 2006-03-16 04:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:55 . 2005-10-18 05:14 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2005-10-18 05:14 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-14 20:07 . 2009-06-29 18:59 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-12 11:50 . 2006-03-16 04:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50 . 2006-03-16 04:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2006-03-16 04:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2006-03-16 04:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2006-03-16 04:00 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:24 . 2005-08-30 12:13 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 22:25 . 2009-06-02 22:25 0 ----a-w- c:\windows\popcreg.dat
2008-01-05 21:56 . 2009-03-08 05:52 22 -csha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((( SnapShot@2009-05-17_03.07.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2006-12-02 04:46 . 2006-12-02 04:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 04:26 . 2006-12-02 04:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 04:25 . 2006-12-02 04:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 02:56 . 2006-12-02 02:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2009-07-11 23:41 . 2009-07-11 23:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2005-10-14 03:22 . 2007-07-27 14:41 26488 c:\windows\system32\spupdsvc.exe
- 2005-10-14 03:22 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2006-09-12 07:10 . 2007-04-09 17:23 28552 c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2006-09-12 07:10 . 2007-04-09 17:23 46472 c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2006-09-12 07:10 . 2007-04-09 17:23 46472 c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
- 2009-03-31 16:56 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2009-03-31 16:56 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2009-02-06 22:52 . 2009-02-06 22:52 49504 c:\windows\system32\sirenacm.dll
+ 2005-07-03 10:11 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll
- 2005-07-03 10:11 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll
+ 2006-06-29 18:27 . 2009-06-01 20:40 56796 c:\windows\system32\perfc009.dat
- 2006-06-29 18:27 . 2009-05-17 01:31 56796 c:\windows\system32\perfc009.dat
- 2007-08-13 20:54 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 20:54 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-09-12 07:10 . 2007-04-09 17:23 28040 c:\windows\system32\mdimon.dll
+ 2009-05-17 13:01 . 2009-05-17 06:08 15688 c:\windows\system32\lsdelete.exe
+ 2006-03-16 04:00 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll
- 2006-03-16 04:00 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll
+ 2007-08-13 20:39 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
- 2007-08-13 20:39 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe
- 2006-03-16 04:00 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll
+ 2006-03-16 04:00 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll
- 2006-03-16 04:00 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
+ 2006-03-16 04:00 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 20:36 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll
- 2007-08-13 20:36 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll
+ 2007-03-22 23:17 . 2007-03-22 23:17 35440 c:\windows\system32\FM20ENU.DLL
+ 2009-05-17 06:09 . 2009-05-17 06:08 64160 c:\windows\system32\DRVSTORE\lbd_4C6E0193F967021F4DECA024CA3950BECD8BF864\Lbd.sys
+ 2009-05-17 06:09 . 2009-05-17 06:08 64160 c:\windows\system32\drivers\Lbd.sys
+ 2006-03-16 04:00 . 2006-03-16 04:00 13894 c:\windows\system32\dllcache\zonelibm.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 29760 c:\windows\system32\dllcache\znetm.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 41029 c:\windows\system32\dllcache\zcorem.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 36937 c:\windows\system32\dllcache\zclientm.exe
+ 2006-03-16 04:00 . 2006-10-19 01:47 96256 c:\windows\system32\dllcache\wmpband.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 52224 c:\windows\system32\dllcache\wmitimep.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 41472 c:\windows\system32\dllcache\wmipsess.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 62976 c:\windows\system32\dllcache\wmipjobj.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 62464 c:\windows\system32\dllcache\wmipiprt.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 75264 c:\windows\system32\dllcache\wmipicmp.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 61440 c:\windows\system32\dllcache\wmimsg.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 60928 c:\windows\system32\dllcache\wmicookr.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 25088 c:\windows\system32\dllcache\wisc10.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 16384 c:\windows\system32\dllcache\winmgmtr.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 13312 c:\windows\system32\dllcache\winmgmt.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 13600 c:\windows\system32\dllcache\wfwnet.drv
+ 2009-06-25 08:17 . 2009-06-25 08:17 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 43008 c:\windows\system32\dllcache\wbemperf.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 12288 c:\windows\system32\dllcache\wbemads.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 12288 c:\windows\system32\dllcache\wb32.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 84992 c:\windows\system32\dllcache\wabimp.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 32339 c:\windows\system32\dllcache\uniansi.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 59904 c:\windows\system32\dllcache\trnsprov.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 61952 c:\windows\system32\dllcache\tmplprov.dll
+ 2009-06-12 11:50 . 2009-06-12 11:50 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 11:50 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 19200 c:\windows\system32\dllcache\tapi.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 86528 c:\windows\system32\dllcache\stdprov.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 33280 c:\windows\system32\dllcache\sstub.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 14336 c:\windows\system32\dllcache\ssstars.scr
+ 2006-03-16 04:00 . 2006-03-16 04:00 47104 c:\windows\system32\dllcache\ssmypics.scr
+ 2006-03-16 04:00 . 2006-03-16 04:00 47104 c:\windows\system32\dllcache\srdiag.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 58434 c:\windows\system32\dllcache\srchctls.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 62976 c:\windows\system32\dllcache\spgrmr.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 61440 c:\windows\system32\dllcache\spcplui.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 77824 c:\windows\system32\dllcache\spcommon.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 34816 c:\windows\system32\dllcache\sniffpol.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 40960 c:\windows\system32\dllcache\smtpcons.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 66113 c:\windows\system32\dllcache\shvl.dll
+ 2009-02-03 20:08 . 2009-06-25 08:17 56320 c:\windows\system32\dllcache\secur32.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 36864 c:\windows\system32\dllcache\scrcons.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 36864 c:\windows\system32\dllcache\sapisvr.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 48706 c:\windows\system32\dllcache\rvse.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 61440 c:\windows\system32\dllcache\rrcm.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 15860 c:\windows\system32\dllcache\prnqctl.vbs
+ 2006-03-16 04:00 . 2006-03-16 04:00 29454 c:\windows\system32\dllcache\prnport.vbs
+ 2006-03-16 04:00 . 2006-03-16 04:00 32546 c:\windows\system32\dllcache\prnmngr.vbs
+ 2006-03-16 04:00 . 2006-03-16 04:00 21527 c:\windows\system32\dllcache\prnjobs.vbs
+ 2006-03-16 04:00 . 2006-03-16 04:00 25415 c:\windows\system32\dllcache\prndrvr.vbs
+ 2006-03-16 04:00 . 2006-03-16 04:00 35755 c:\windows\system32\dllcache\prncnfg.vbs
+ 2006-03-16 04:00 . 2006-03-16 04:00 92672 c:\windows\system32\dllcache\policman.dll
- 2009-03-21 06:32 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-03-21 06:32 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 51200 c:\windows\system32\dllcache\oobebaln.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 24064 c:\windows\system32\dllcache\olesvr.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 65536 c:\windows\system32\dllcache\oledb32r.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 82944 c:\windows\system32\dllcache\olecli.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 35328 c:\windows\system32\dllcache\oemiglib.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 60416 c:\windows\system32\dllcache\oemig50.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 34560 c:\windows\system32\dllcache\ntio804.sys
+ 2006-03-16 04:00 . 2006-03-16 04:00 35424 c:\windows\system32\dllcache\ntio412.sys
+ 2006-03-16 04:00 . 2006-03-16 04:00 35648 c:\windows\system32\dllcache\ntio411.sys
+ 2006-03-16 04:00 . 2006-03-16 04:00 34560 c:\windows\system32\dllcache\ntio404.sys
+ 2006-03-16 04:00 . 2006-03-16 04:00 33840 c:\windows\system32\dllcache\ntio.sys
+ 2006-03-16 04:00 . 2006-03-16 04:00 29146 c:\windows\system32\dllcache\ntdos804.sys
+ 2006-03-16 04:00 . 2006-03-16 04:00 29274 c:\windows\system32\dllcache\ntdos412.sys
+ 2006-03-16 04:00 . 2006-03-16 04:00 29370 c:\windows\system32\dllcache\ntdos411.sys
+ 2006-03-16 04:00 . 2006-03-16 04:00 29146 c:\windows\system32\dllcache\ntdos404.sys
+ 2006-03-16 04:00 . 2006-03-16 04:00 27866 c:\windows\system32\dllcache\ntdos.sys
+ 2006-03-16 04:00 . 2006-03-16 04:00 15360 c:\windows\system32\dllcache\nppagent.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 35328 c:\windows\system32\dllcache\notiflag.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 77824 c:\windows\system32\dllcache\nmcom.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 81920 c:\windows\system32\dllcache\nmchat.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 28672 c:\windows\system32\dllcache\nmasnt.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 57344 c:\windows\system32\dllcache\ndisnpp.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 90624 c:\windows\system32\dllcache\muisetup.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 24576 c:\windows\system32\dllcache\msxactps.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 57344 c:\windows\system32\dllcache\mst123.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 23552 c:\windows\system32\dllcache\mssoapr.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 28160 c:\windows\system32\dllcache\msoobe.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 18944 c:\windows\system32\dllcache\msobweb.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 30720 c:\windows\system32\dllcache\msobshel.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 16384 c:\windows\system32\dllcache\msobdl.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 39936 c:\windows\system32\dllcache\mslwvtts.dll
+ 2009-03-22 07:33 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-22 07:33 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 36864 c:\windows\system32\dllcache\msdfmap.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 20480 c:\windows\system32\dllcache\msdatt.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 94208 c:\windows\system32\dllcache\msdatl3.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 16384 c:\windows\system32\dllcache\msdasqlr.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 16384 c:\windows\system32\dllcache\msdaremr.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 16384 c:\windows\system32\dllcache\msdaprsr.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 77824 c:\windows\system32\dllcache\msdaosp.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 16384 c:\windows\system32\dllcache\msdaorar.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 57344 c:\windows\system32\dllcache\msadrh15.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 57344 c:\windows\system32\dllcache\msador15.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 24576 c:\windows\system32\dllcache\msader15.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 24576 c:\windows\system32\dllcache\msaddsr.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 53248 c:\windows\system32\dllcache\msadcs.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 16384 c:\windows\system32\dllcache\msadcor.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 16384 c:\windows\system32\dllcache\msadcfr.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 61440 c:\windows\system32\dllcache\msadcf.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 20480 c:\windows\system32\dllcache\msadcer.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 48640 c:\windows\system32\dllcache\mqupgrd.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 16896 c:\windows\system32\dllcache\mqise.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 47104 c:\windows\system32\dllcache\mqdscli.dll
+ 2009-06-22 11:49 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2009-06-22 11:48 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys
+ 2006-03-16 04:00 . 2006-03-16 04:00 16384 c:\windows\system32\dllcache\mofcomp.exe
+ 2005-08-06 04:29 . 2005-08-06 04:29 63488 c:\windows\system32\dllcache\medctrro.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 28160 c:\windows\system32\dllcache\mciwave.drv
+ 2006-03-16 04:00 . 2006-03-16 04:00 25264 c:\windows\system32\dllcache\mciseq.drv
+ 2006-03-16 04:00 . 2006-03-16 04:00 73376 c:\windows\system32\dllcache\mciavi.drv
+ 2006-03-16 04:00 . 2006-03-16 04:00 19968 c:\windows\system32\dllcache\log.dll
+ 2009-06-22 11:35 . 2009-06-22 11:35 92544 c:\windows\system32\dllcache\ksecdd.sys
+ 2006-03-16 04:00 . 2006-03-16 04:00 24576 c:\windows\system32\dllcache\krnlprov.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 42537 c:\windows\system32\dllcache\keyboard.sys
+ 2006-03-16 04:00 . 2006-03-16 04:00 42809 c:\windows\system32\dllcache\key01.sys
- 2009-03-21 06:32 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-21 06:32 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-22 07:33 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-03-22 07:33 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-08-13 20:39 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 20:39 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 20:45 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll
- 2007-08-13 20:45 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-13 20:39 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-13 20:39 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-22 07:33 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll
- 2009-03-22 07:33 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 13312 c:\windows\system32\dllcache\htrn_jis.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 18944 c:\windows\system32\dllcache\hscupd.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 57409 c:\windows\system32\dllcache\hrtz.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 87552 c:\windows\system32\dllcache\hhctrlui.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 57344 c:\windows\system32\dllcache\h323cc.dll
+ 2007-01-15 18:10 . 2007-01-15 18:10 61440 c:\windows\system32\dllcache\gacutil.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 53248 c:\windows\system32\dllcache\fwdprov.dll
+ 2009-06-16 14:55 . 2009-06-16 14:55 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 97965 c:\windows\system32\dllcache\evtquery.vbs
+ 2006-03-16 04:00 . 2006-03-16 04:00 45568 c:\windows\system32\dllcache\evtgprov.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 22016 c:\windows\system32\dllcache\evntrprv.dll
+ 2005-08-06 05:01 . 2005-08-06 05:01 45056 c:\windows\system32\dllcache\ehjpnime.dll
+ 2005-08-06 05:01 . 2005-08-06 05:01 18944 c:\windows\system32\dllcache\ehiuserxp.dll
+ 2005-08-06 05:01 . 2005-08-06 05:01 73728 c:\windows\system32\dllcache\ehiextens.dll
+ 2004-08-10 19:11 . 2004-08-10 19:11 10240 c:\windows\system32\dllcache\ehepgnet.dll
+ 2004-08-10 19:11 . 2004-08-10 19:11 35328 c:\windows\system32\dllcache\ehepgdec.dll
+ 2005-08-06 05:01 . 2005-08-06 05:01 40960 c:\windows\system32\dllcache\ehentt.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 81408 c:\windows\system32\dllcache\directdb.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 40960 c:\windows\system32\dllcache\dcap32.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 28672 c:\windows\system32\dllcache\custsat.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 27097 c:\windows\system32\dllcache\country.sys
+ 2007-08-13 20:42 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll
- 2007-08-13 20:42 . 2007-08-13 20:42 17408 c:\windows\system32\dllcache\corpol.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 45056 c:\windows\system32\dllcache\confmrsl.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 32816 c:\windows\system32\dllcache\commdlg.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 40515 c:\windows\system32\dllcache\chkr.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 12288 c:\windows\system32\dllcache\cb32.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 21504 c:\windows\system32\dllcache\brpinfo.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 82501 c:\windows\system32\dllcache\bckg.dll
+ 2009-06-10 14:21 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 69584 c:\windows\system32\dllcache\avicap.dll
+ 2009-07-17 18:55 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 24064 c:\windows\system32\dllcache\agtintl.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 20480 c:\windows\system32\dllcache\agt0c0a.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 20992 c:\windows\system32\dllcache\agt0816.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 19456 c:\windows\system32\dllcache\agt041f.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 19456 c:\windows\system32\dllcache\agt041d.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 19456 c:\windows\system32\dllcache\agt0419.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 20480 c:\windows\system32\dllcache\agt0416.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 19456 c:\windows\system32\dllcache\agt0415.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 19456 c:\windows\system32\dllcache\agt0414.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 20992 c:\windows\system32\dllcache\agt0413.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 20992 c:\windows\system32\dllcache\agt0410.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 19968 c:\windows\system32\dllcache\agt040e.dll
+ 2009-03-08 06:01 . 2006-03-15 20:00 19456 c:\windows\system32\dllcache\agt040d.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 21504 c:\windows\system32\dllcache\agt040c.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 19456 c:\windows\system32\dllcache\agt040b.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 19456 c:\windows\system32\dllcache\agt0409.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 22016 c:\windows\system32\dllcache\agt0408.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 21504 c:\windows\system32\dllcache\agt0407.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 19456 c:\windows\system32\dllcache\agt0406.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 19456 c:\windows\system32\dllcache\agt0405.dll
+ 2009-03-08 06:01 . 2006-03-15 20:00 19456 c:\windows\system32\dllcache\agt0401.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 44032 c:\windows\system32\dllcache\agentsr.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 49152 c:\windows\system32\dllcache\agentmpx.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 58880 c:\windows\system32\dllcache\agentdpv.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 41984 c:\windows\system32\dllcache\agentdp2.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 24064 c:\windows\system32\dllcache\agentanm.dll
+ 2009-08-14 20:45 . 2009-08-14 20:45 78924 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat
+ 2009-08-14 20:45 . 2009-08-15 00:08 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009081420090815\index.dat
+ 2006-09-12 06:46 . 2009-08-29 23:14 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-08-15 00:08 . 2009-08-15 00:08 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2006-09-12 06:46 . 2009-08-29 23:14 65536 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-08-14 23:04 . 2009-08-14 23:04 62909 c:\windows\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\UserCache.bin
+ 2006-09-12 07:28 . 2006-09-12 07:28 83968 c:\windows\Installer\3b708.msi
+ 2009-06-30 00:52 . 2009-06-30 00:52 25088 c:\windows\Installer\225fcda.msi
+ 2009-06-30 00:52 . 2009-06-30 00:52 28160 c:\windows\Installer\225fcd4.msi
+ 2009-06-30 00:52 . 2009-06-30 00:52 83456 c:\windows\Installer\225fcbc.msi
+ 2009-06-30 00:52 . 2009-06-30 00:52 59904 c:\windows\Installer\225fcb6.msi
+ 2009-06-30 00:52 . 2009-06-30 00:52 62304 c:\windows\Installer\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}\IconWlc.exe
- 2006-09-12 07:09 . 2006-09-12 07:09 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-09-12 07:09 . 2009-08-13 15:44 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-09-12 07:09 . 2006-09-12 07:09 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-09-12 07:09 . 2009-08-13 15:44 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-09-12 07:09 . 2009-08-13 15:44 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-09-12 07:09 . 2006-09-12 07:09 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-09-12 07:09 . 2009-08-13 15:44 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-09-12 07:09 . 2006-09-12 07:09 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-06-30 00:53 . 2009-06-30 00:53 80395 c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe
+ 2007-03-22 23:07 . 2007-03-22 23:07 78168 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-22 23:07 . 2007-03-22 23:07 41824 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-22 23:05 . 2007-03-22 23:05 97632 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2007-04-19 17:53 . 2007-04-19 17:53 69984 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-03-22 23:07 . 2007-03-22 23:07 80224 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-03-22 23:07 . 2007-03-22 23:07 91488 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2006-09-12 07:09 . 2006-09-12 07:09 64088 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2003-07-15 06:00 . 2003-07-15 06:00 99904 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\TRANSMGR.DLL
+ 2003-07-15 05:53 . 2003-07-15 05:53 11848 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2003-07-15 05:57 . 2003-07-15 05:57 58944 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-15 05:44 . 2003-07-15 05:44 66616 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-15 05:43 . 2003-07-15 05:43 74288 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RM.DLL
+ 2003-07-15 05:57 . 2003-07-15 05:57 40512 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2003-05-09 04:54 . 2003-05-09 04:54 77824 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 05:42 . 2003-07-15 05:42 37432 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RECALL.DLL
+ 2003-07-15 10:18 . 2003-07-15 10:18 93752 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2003-07-15 05:43 . 2003-07-15 05:43 49208 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2003-07-15 05:43 . 2003-07-15 05:43 64056 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLRPC.DLL
+ 2003-07-15 05:44 . 2003-07-15 05:44 88128 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLMIME.DLL
+ 2003-07-15 05:41 . 2003-07-15 05:41 24640 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLACCT.DLL
+ 2003-07-15 10:14 . 2003-07-15 10:14 27192 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
+ 2003-07-15 05:56 . 2003-07-15 05:56 13888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2003-07-15 05:57 . 2003-07-15 05:57 56888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-15 05:52 . 2003-07-15 05:52 41528 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-06-19 00:31 . 2003-06-19 00:31 16384 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-07-15 05:45 . 2003-07-15 05:45 39488 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-07-15 05:45 . 2003-07-15 05:45 55360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 05:46 . 2003-07-15 05:46 42040 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 05:53 . 2003-07-15 05:53 39488 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-15 05:52 . 2003-07-15 05:52 35896 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-15 05:52 . 2003-07-15 05:52 28224 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 05:52 . 2003-07-15 05:52 55360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2003-07-15 05:44 . 2003-07-15 05:44 25144 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2003-07-15 05:52 . 2003-07-15 05:52 27704 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 05:52 . 2003-07-15 05:52 17464 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-07-15 05:51 . 2003-07-15 05:51 87104 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-06-19 00:31 . 2003-06-19 00:31 35328 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL
+ 2003-06-19 00:31 . 2003-06-19 00:31 18944 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL
+ 2003-06-19 00:31 . 2003-06-19 00:31 17920 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL
+ 2003-07-15 05:57 . 2003-07-15 05:57 87096 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
+ 2003-07-15 05:41 . 2003-07-15 05:41 13368 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2003-07-15 05:57 . 2003-07-15 05:57 98360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-15 05:56 . 2003-07-15 05:56 14904 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-26 01:57 . 2003-07-26 01:57 75832 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DLGSETP.DLL
+ 2003-07-15 10:18 . 2003-07-15 10:18 47160 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE
+ 2003-07-15 05:53 . 2003-07-15 05:53 94768 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 05:57 . 2003-07-15 05:57 38968 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-15 05:43 . 2003-07-15 05:43 87616 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ADDRPARS.DLL
+ 2009-07-29 07:01 . 2009-04-29 04:56 44544 c:\windows\ie7updates\KB972260-IE7\pngfilt.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 52224 c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 27648 c:\windows\ie7updates\KB972260-IE7\jsproxy.dll
+ 2009-07-29 07:01 . 2009-04-28 09:05 13824 c:\windows\ie7updates\KB972260-IE7\ieudinit.exe
+ 2009-07-29 07:01 . 2009-04-29 04:55 44544 c:\windows\ie7updates\KB972260-IE7\iernonce.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 78336 c:\windows\ie7updates\KB972260-IE7\ieencode.dll
+ 2009-07-29 07:01 . 2009-04-28 09:05 70656 c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe
+ 2009-07-29 07:01 . 2009-04-29 04:55 63488 c:\windows\ie7updates\KB972260-IE7\icardie.dll
+ 2009-07-29 07:01 . 2006-03-16 04:00 35328 c:\windows\ie7updates\KB972260-IE7\corpol.dll
+ 2009-06-10 08:57 . 2009-02-20 18:09 44544 c:\windows\ie7updates\KB969897-IE7\pngfilt.dll
+ 2009-06-10 08:57 . 2009-02-20 18:09 52224 c:\windows\ie7updates\KB969897-IE7\msfeedsbs.dll
+ 2009-06-10 08:57 . 2009-02-20 18:09 27648 c:\windows\ie7updates\KB969897-IE7\jsproxy.dll
+ 2009-06-10 08:57 . 2009-02-20 10:20 13824 c:\windows\ie7updates\KB969897-IE7\ieudinit.exe
+ 2009-06-10 08:57 . 2009-02-20 18:09 44544 c:\windows\ie7updates\KB969897-IE7\iernonce.dll
+ 2009-06-10 08:57 . 2009-02-20 18:09 78336 c:\windows\ie7updates\KB969897-IE7\ieencode.dll
+ 2009-06-10 08:57 . 2009-02-20 10:20 70656 c:\windows\ie7updates\KB969897-IE7\ie4uinit.exe
+ 2009-06-10 08:57 . 2009-02-20 18:09 63488 c:\windows\ie7updates\KB969897-IE7\icardie.dll
+ 2009-06-19 03:07 . 2009-06-19 03:07 38428 c:\windows\Downloaded Program Files\unagiuninst.exe
+ 2009-07-01 07:09 . 2009-07-01 07:09 66936 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2009-03-21 17:18 . 2009-05-17 03:15 20480 c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
- 2009-03-21 17:18 . 2009-05-17 01:53 20480 c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2009-05-21 01:05 . 2009-07-11 08:03 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-05-21 01:05 . 2009-07-11 08:03 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2009-07-16 07:02 . 2005-10-18 05:14 80896 c:\windows\$NtUninstallKB961371$\fontsub.dll
+ 2009-07-16 07:17 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973346\update\spcustom.dll
+ 2009-07-16 07:17 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973346\spmsg.dll
+ 2009-07-29 07:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB972260-IE7\update\spcustom.dll
+ 2009-07-29 07:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB972260-IE7\spmsg.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 44544 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\pngfilt.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 52224 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\msfeedsbs.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 27648 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\jsproxy.dll
+ 2009-06-29 11:25 . 2009-06-29 11:25 13824 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieudinit.exe
+ 2009-06-29 16:23 . 2009-06-29 16:23 44544 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iernonce.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 78336 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieencode.dll
+ 2009-06-29 11:25 . 2009-06-29 11:25 70656 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ie4uinit.exe
+ 2009-06-29 16:23 . 2009-06-29 16:23 63488 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\icardie.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 17408 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\corpol.dll
+ 2009-07-16 07:17 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971633\update\spcustom.dll
+ 2009-07-16 07:17 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971633\spmsg.dll
+ 2009-06-10 08:58 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB970238\update\spcustom.dll
+ 2009-06-10 08:58 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB970238\spmsg.dll
+ 2009-06-10 09:02 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969898\update\spcustom.dll
+ 2009-06-10 09:02 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969898\spmsg.dll
+ 2009-06-10 08:57 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB969897-IE7\update\spcustom.dll
+ 2009-06-10 08:57 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB969897-IE7\spmsg.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 44544 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\pngfilt.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 52224 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\msfeedsbs.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 27648 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\jsproxy.dll
+ 2009-04-28 09:56 . 2009-04-28 09:56 13824 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieudinit.exe
+ 2009-04-29 04:49 . 2009-04-29 04:49 44544 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iernonce.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 78336 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieencode.dll
+ 2009-04-28 09:56 . 2009-04-28 09:56 70656 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ie4uinit.exe
+ 2009-04-29 04:49 . 2009-04-29 04:49 63488 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\icardie.dll
+ 2009-06-10 08:57 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB968537\update\spcustom.dll
+ 2009-06-10 08:57 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB968537\spmsg.dll
+ 2009-07-01 07:18 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB961503\update\spcustom.dll
+ 2009-07-01 07:18 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB961503\spmsg.dll
+ 2009-06-10 09:02 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB961501\update\spcustom.dll
+ 2009-06-10 09:02 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB961501\spmsg.dll
+ 2009-07-16 07:02 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB961371\update\spcustom.dll
+ 2009-07-16 07:02 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB961371\spmsg.dll
+ 2009-06-16 14:43 . 2009-06-16 14:43 81920 c:\windows\$hf_mig$\KB961371\SP3QFE\fontsub.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\$hf_mig$\KB961371\SP3GDR\fontsub.dll
+ 2009-06-16 14:45 . 2009-06-16 14:45 81920 c:\windows\$hf_mig$\KB961371\SP2QFE\fontsub.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 4677 c:\windows\system32\dllcache\zeeverm.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 2176 c:\windows\system32\dllcache\vga.drv
+ 2006-03-16 04:00 . 2006-03-16 04:00 9008 c:\windows\system32\dllcache\ver.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 4048 c:\windows\system32\dllcache\timer.drv
+ 2006-03-16 04:00 . 2006-03-16 04:00 3360 c:\windows\system32\dllcache\system.drv
+ 2006-03-16 04:00 . 2006-03-16 04:00 1744 c:\windows\system32\dllcache\sound.drv
+ 2006-03-16 04:00 . 2006-03-16 04:00 5120 c:\windows\system32\dllcache\shell.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 4569 c:\windows\system32\dllcache\secupd.dat
+ 2006-03-16 04:00 . 2006-03-16 04:00 9216 c:\windows\system32\dllcache\scrnsave.scr
+ 2006-03-16 04:00 . 2006-03-16 04:00 3708 c:\windows\system32\dllcache\pubprn.vbs
+ 2002-05-28 21:54 . 2002-05-28 21:54 4605 c:\windows\system32\dllcache\oembios.dat
+ 2006-03-16 04:00 . 2006-03-16 04:00 4096 c:\windows\system32\dllcache\msdaurl.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 4096 c:\windows\system32\dllcache\msdasc.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 4096 c:\windows\system32\dllcache\msdaer.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 4096 c:\windows\system32\dllcache\msdaenum.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 4096 c:\windows\system32\dllcache\msdadc.dll
+ 2009-06-22 11:49 . 2009-06-22 11:49 4608 c:\windows\system32\dllcache\mqsvc.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 2032 c:\windows\system32\dllcache\mouse.drv
+ 2006-03-16 04:00 . 2006-03-16 04:00 9936 c:\windows\system32\dllcache\lzexpand.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 2000 c:\windows\system32\dllcache\keyboard.drv
+ 2006-03-16 04:00 . 2006-03-16 04:00 4768 c:\windows\system32\dllcache\himem.sys
+ 2006-03-16 04:00 . 2006-03-16 04:00 6144 c:\windows\system32\dllcache\fsconins.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 5120 c:\windows\system32\dllcache\comrereg.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 9728 c:\windows\system32\dllcache\comrepl.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 9029 c:\windows\system32\dllcache\ansi.sys
+ 2006-09-12 07:09 . 2009-08-13 15:44 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-09-12 07:09 . 2006-09-12 07:09 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-07-29 12:05 . 2008-07-29 12:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2007-11-07 05:19 . 2007-11-07 05:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 05:19 . 2007-11-07 05:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 00:23 . 2007-11-07 00:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2005-09-23 02:48 . 2005-09-23 02:48 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2005-09-23 02:48 . 2005-09-23 02:48 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 02:48 . 2005-09-23 02:48 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
- 2006-02-01 08:28 . 2008-10-15 14:00 351744 c:\windows\system32\xpsp3res.dll
+ 2006-02-01 08:28 . 2009-04-15 09:24 351744 c:\windows\system32\xpsp3res.dll
+ 2006-03-16 04:00 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll
- 2006-03-16 04:00 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll
- 2006-03-16 04:00 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
+ 2006-03-16 04:00 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll
+ 2006-09-12 07:10 . 2007-04-09 17:24 758664 c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2006-09-12 07:10 . 2007-04-09 17:24 758664 c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2006-03-16 04:00 . 2009-06-25 18:36 169472 c:\windows\system32\Setup\msmqocm.dll
+ 2006-03-16 04:00 . 2009-04-15 15:11 584192 c:\windows\system32\rpcrt4.dll
+ 2006-06-29 18:27 . 2009-06-01 20:40 392980 c:\windows\system32\perfh009.dat
- 2006-06-29 18:27 . 2009-05-17 01:31 392980 c:\windows\system32\perfh009.dat
- 2006-03-16 04:00 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll
+ 2006-03-16 04:00 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll
+ 2006-03-16 04:00 . 2009-02-06 18:46 408064 c:\windows\system32\netlogon.dll
+ 2009-06-30 19:26 . 2008-10-16 18:06 208744 c:\windows\system32\muweb.dll
+ 2009-06-30 19:26 . 2008-10-16 18:06 268648 c:\windows\system32\mucltui.dll
+ 2006-03-16 04:00 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll
- 2006-03-16 04:00 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll
+ 2005-07-03 10:11 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll
- 2005-07-03 10:11 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll
- 2005-07-03 10:11 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll
+ 2005-07-03 10:11 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 20:54 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 20:54 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll
+ 2006-03-16 04:00 . 2009-05-07 15:44 344064 c:\windows\system32\localspl.dll
- 2007-08-13 20:34 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll
+ 2007-08-13 20:34 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll
- 2006-03-16 04:00 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll
+ 2006-03-16 04:00 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 14:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll
- 2006-03-16 04:00 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
+ 2006-03-16 04:00 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
- 2006-03-16 04:00 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll
+ 2006-03-16 04:00 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll
- 2006-03-16 04:00 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll
+ 2006-03-16 04:00 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll
+ 2006-06-29 18:18 . 2009-07-01 07:37 259840 c:\windows\system32\FNTCACHE.DAT
+ 2006-03-16 04:00 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll
- 2006-03-16 04:00 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
+ 2006-03-16 04:00 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll
- 2006-03-16 04:00 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll
- 2006-03-16 04:00 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll
+ 2006-03-16 04:00 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll
+ 2009-05-23 13:30 . 2009-05-23 13:30 108552 c:\windows\system32\drivers\avgtdix.sys
+ 2006-03-16 04:00 . 2006-03-16 04:00 113222 c:\windows\system32\dllcache\zoneclim.dll
+ 2009-07-14 03:43 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 132096 c:\windows\system32\dllcache\wmipdskq.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 140800 c:\windows\system32\dllcache\wmidcprv.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 358912 c:\windows\system32\dllcache\wmic.exe
+ 2009-06-10 06:32 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 146432 c:\windows\system32\dllcache\winspool.drv
+ 2009-03-21 06:32 . 2009-06-29 16:12 827392 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-13 20:54 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-13 20:54 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 197120 c:\windows\system32\dllcache\wbemupgd.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 116224 c:\windows\system32\dllcache\wbemtest.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 196608 c:\windows\system32\dllcache\wbemcntl.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 131584 c:\windows\system32\dllcache\viewprov.dll
+ 2006-03-16 04:00 . 2008-05-27 17:23 765952 c:\windows\system32\dllcache\vgx.dll
- 2007-08-13 20:54 . 2008-05-27 17:23 765952 c:\windows\system32\dllcache\vgx.dll
- 2007-08-13 20:44 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-13 20:44 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 150528 c:\windows\system32\dllcache\uploadm.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 116224 c:\windows\system32\dllcache\updprov.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 279040 c:\windows\system32\dllcache\tshoot.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 153088 c:\windows\system32\dllcache\triedit.dll
+ 2009-06-16 14:55 . 2009-06-16 14:55 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 155648 c:\windows\system32\dllcache\sysmod_a.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 168960 c:\windows\system32\dllcache\sysmod.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 679936 c:\windows\system32\dllcache\sstext3d.scr
+ 2006-03-16 04:00 . 2006-03-16 04:00 610304 c:\windows\system32\dllcache\sspipes.scr
+ 2006-03-16 04:00 . 2006-03-16 04:00 393216 c:\windows\system32\dllcache\ssflwbox.scr
+ 2006-03-16 04:00 . 2006-03-16 04:00 704512 c:\windows\system32\dllcache\ss3dfo.scr
+ 2006-03-16 04:00 . 2006-03-16 04:00 725566 c:\windows\system32\dllcache\srchui.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 217088 c:\windows\system32\dllcache\sqlxmlx.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 110592 c:\windows\system32\dllcache\sqlse20.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 462848 c:\windows\system32\dllcache\sqlqp20.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 151552 c:\windows\system32\dllcache\sqldb20.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 774144 c:\windows\system32\dllcache\spttseng.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 773632 c:\windows\system32\dllcache\sprb0C0A.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 751616 c:\windows\system32\dllcache\sprb0816.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 470016 c:\windows\system32\dllcache\sprb0804.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 732160 c:\windows\system32\dllcache\sprb0424.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 724480 c:\windows\system32\dllcache\sprb041f.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 724992 c:\windows\system32\dllcache\sprb041D.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 757248 c:\windows\system32\dllcache\sprb041b.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 736768 c:\windows\system32\dllcache\sprb0419.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 752128 c:\windows\system32\dllcache\sprb0416.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 759808 c:\windows\system32\dllcache\sprb0415.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 716288 c:\windows\system32\dllcache\sprb0414.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 769024 c:\windows\system32\dllcache\sprb0413.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 543744 c:\windows\system32\dllcache\sprb0412.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 562688 c:\windows\system32\dllcache\sprb0411.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 769536 c:\windows\system32\dllcache\sprb0410.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 769536 c:\windows\system32\dllcache\sprb040e.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 793600 c:\windows\system32\dllcache\sprb040C.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 729088 c:\windows\system32\dllcache\sprb040b.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 801280 c:\windows\system32\dllcache\sprb0408.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 788992 c:\windows\system32\dllcache\sprb0407.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 742912 c:\windows\system32\dllcache\sprb0406.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 734720 c:\windows\system32\dllcache\sprb0405.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 477696 c:\windows\system32\dllcache\sprb0404.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 196096 c:\windows\system32\dllcache\spra0C0A.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 194560 c:\windows\system32\dllcache\spra0816.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 161280 c:\windows\system32\dllcache\spra0804.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 189952 c:\windows\system32\dllcache\spra0427.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 188928 c:\windows\system32\dllcache\spra0426.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 187392 c:\windows\system32\dllcache\spra0425.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 192512 c:\windows\system32\dllcache\spra0424.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 188928 c:\windows\system32\dllcache\spra041f.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 188416 c:\windows\system32\dllcache\spra041e.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 188928 c:\windows\system32\dllcache\spra041D.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 193024 c:\windows\system32\dllcache\spra041b.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 188928 c:\windows\system32\dllcache\spra041a.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 192512 c:\windows\system32\dllcache\spra0419.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 190464 c:\windows\system32\dllcache\spra0418.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 192512 c:\windows\system32\dllcache\spra0416.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 194560 c:\windows\system32\dllcache\spra0415.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 189440 c:\windows\system32\dllcache\spra0414.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 196096 c:\windows\system32\dllcache\spra0413.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 167936 c:\windows\system32\dllcache\spra0412.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 171008 c:\windows\system32\dllcache\spra0411.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 195072 c:\windows\system32\dllcache\spra0410.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 195584 c:\windows\system32\dllcache\spra040e.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 181760 c:\windows\system32\dllcache\spra040D.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 197632 c:\windows\system32\dllcache\spra040C.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 186368 c:\windows\system32\dllcache\spra040b.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 197632 c:\windows\system32\dllcache\spra0408.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 199680 c:\windows\system32\dllcache\spra0407.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 192512 c:\windows\system32\dllcache\spra0406.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 188928 c:\windows\system32\dllcache\spra0405.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 161280 c:\windows\system32\dllcache\spra0404.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 189440 c:\windows\system32\dllcache\spra0402.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 186880 c:\windows\system32\dllcache\spra0401.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 130048 c:\windows\system32\dllcache\softkbd.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 188416 c:\windows\system32\dllcache\script_a.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 202752 c:\windows\system32\dllcache\script.dll
+ 2008-12-05 07:12 . 2009-06-25 08:17 168448 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 15:11 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 237056 c:\windows\system32\dllcache\provthrd.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 167219 c:\windows\system32\dllcache\pagefile.vbs
+ 2006-03-16 04:00 . 2006-03-16 04:00 104448 c:\windows\system32\dllcache\oeimport.dll
- 2007-08-13 20:44 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 20:44 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 446464 c:\windows\system32\dllcache\obrb0C0A.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 435200 c:\windows\system32\dllcache\obrb0816.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 270336 c:\windows\system32\dllcache\obrb0804.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 427008 c:\windows\system32\dllcache\obrb0419.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 306688 c:\windows\system32\dllcache\obrb0412.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 275456 c:\windows\system32\dllcache\obrb0411.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 434176 c:\windows\system32\dllcache\obrb040e.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 428032 c:\windows\system32\dllcache\obrb0405.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 212480 c:\windows\system32\dllcache\obrb0404.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 212992 c:\windows\system32\dllcache\ntevt.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 172032 c:\windows\system32\dllcache\nmoldwb.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 151552 c:\windows\system32\dllcache\nmft.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 229376 c:\windows\system32\dllcache\nmas.dll
+ 2009-02-06 18:46 . 2009-02-06 18:46 408064 c:\windows\system32\dllcache\netlogon.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 221184 c:\windows\system32\dllcache\nac.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 126912 c:\windows\system32\dllcache\msvideo.dll
+ 2009-06-25 08:17 . 2009-06-25 08:17 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2009-03-21 06:32 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-21 06:32 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 274432 c:\windows\system32\dllcache\mst120.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 235520 c:\windows\system32\dllcache\mssoap1.dll
- 2009-03-21 06:32 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll
+ 2009-03-21 06:32 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-03-16 04:00 . 2004-11-25 00:31 563200 c:\windows\system32\dllcache\msobmain.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 122368 c:\windows\system32\dllcache\msobcomm.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 169472 c:\windows\system32\dllcache\msmqocm.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 102400 c:\windows\system32\dllcache\msjro.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 273920 c:\windows\system32\dllcache\msiprov.dll
- 2009-03-21 06:32 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-21 06:32 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-22 07:33 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2009-03-22 07:33 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 315392 c:\windows\system32\dllcache\msdasql.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 118784 c:\windows\system32\dllcache\msdarem.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 204800 c:\windows\system32\dllcache\msdaps.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 200704 c:\windows\system32\dllcache\msdaprst.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 233472 c:\windows\system32\dllcache\msdaora.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 220160 c:\windows\system32\dllcache\mscandui.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 200704 c:\windows\system32\dllcache\msadox.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 155648 c:\windows\system32\dllcache\msadds.dll
+ 2006-03-16 04:00 . 2008-05-01 14:30 331776 c:\windows\system32\dllcache\msadce.dll
- 2009-03-21 06:43 . 2008-05-01 14:30 331776 c:\windows\system32\dllcache\msadce.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 471552 c:\windows\system32\dllcache\mqutil.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 186880 c:\windows\system32\dllcache\mqtrig.dll
+ 2009-06-22 11:49 . 2009-06-22 11:49 117248 c:\windows\system32\dllcache\mqtgsvc.exe
+ 2009-06-25 18:36 . 2009-06-25 18:36 517120 c:\windows\system32\dllcache\mqsnap.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 123392 c:\windows\system32\dllcache\mqrtdep.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 661504 c:\windows\system32\dllcache\mqqm.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 225280 c:\windows\system32\dllcache\mqoa.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 138240 c:\windows\system32\dllcache\mqad.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 673088 c:\windows\system32\dllcache\mlang.dat
+ 2006-03-16 04:00 . 2006-03-16 04:00 236032 c:\windows\system32\dllcache\migwiz_a.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 103424 c:\windows\system32\dllcache\migload.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 192512 c:\windows\system32\dllcache\migism_a.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 201216 c:\windows\system32\dllcache\migism.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 362496 c:\windows\system32\dllcache\metal_ss.dll
+ 2009-04-15 10:30 . 2009-06-25 08:17 729600 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-05-07 15:44 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2009-06-25 08:17 . 2009-06-25 08:17 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2007-08-13 20:43 . 2009-06-29 08:35 634632 c:\windows\system32\dllcache\iexplore.exe
+ 2009-03-22 07:33 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll
- 2009-03-22 07:33 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll
- 2007-08-13 20:39 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 20:39 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-22 07:33 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-08-13 19:56 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
- 2007-08-13 19:56 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll
- 2007-08-13 20:39 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 20:39 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 20:39 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2007-08-13 20:39 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 362496 c:\windows\system32\dllcache\home_ss.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 108544 c:\windows\system32\dllcache\guitrn_a.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 123904 c:\windows\system32\dllcache\guitrn.dll
+ 2003-03-25 07:52 . 2003-03-25 07:52 618605 c:\windows\system32\dllcache\fp4autl.dll
- 2009-03-21 06:32 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2009-03-21 06:32 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2005-08-06 05:01 . 2005-08-06 05:01 389120 c:\windows\system32\dllcache\ehrecobj.dll
+ 2005-08-06 05:01 . 2005-08-06 05:01 307712 c:\windows\system32\dllcache\ehplayer.dll
+ 2004-08-10 19:12 . 2004-08-10 19:12 122880 c:\windows\system32\dllcache\ehiwmp.dll
+ 2005-08-06 05:01 . 2005-08-06 05:01 278528 c:\windows\system32\dllcache\ehividctl.dll
+ 2005-08-06 05:01 . 2005-08-06 05:01 389120 c:\windows\system32\dllcache\ehiproxy.dll
+ 2005-08-06 05:01 . 2005-08-06 05:01 204800 c:\windows\system32\dllcache\ehiplay.dll
+ 2005-12-16 03:14 . 2006-10-09 20:17 328704 c:\windows\system32\dllcache\ehglid.dll
- 2005-12-15 19:14 . 2006-10-09 20:17 328704 c:\windows\system32\dllcache\ehglid.dll
+ 2005-08-06 05:01 . 2005-08-06 05:01 126976 c:\windows\system32\dllcache\ehepgdat.dll
+ 2005-08-06 05:01 . 2005-08-06 05:01 192512 c:\windows\system32\dllcache\ehcommon.dll
+ 2005-08-06 05:01 . 2005-08-06 05:01 102400 c:\windows\system32\dllcache\ehcir.dll
+ 2009-03-21 06:32 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2009-03-21 06:32 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2009-03-21 06:32 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-03-21 06:32 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 120320 c:\windows\system32\dllcache\dsprov.dll
+ 2004-08-10 19:11 . 2004-08-10 19:11 152064 c:\windows\system32\dllcache\debugsvc.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 561179 c:\windows\system32\dllcache\dao360.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 195584 c:\windows\system32\dllcache\comadmin.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 217160 c:\windows\system32\dllcache\cmnclim.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 385024 c:\windows\system32\dllcache\callcont.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 109456 c:\windows\system32\dllcache\avifile.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 256512 c:\windows\system32\dllcache\agentsvr.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 214016 c:\windows\system32\dllcache\agentctl.dll
+ 2007-08-13 20:39 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll
- 2007-08-13 20:39 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 116224 c:\windows\system32\dllcache\acxtrnal.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 244736 c:\windows\system32\dllcache\acspecfc.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 137728 c:\windows\system32\dllcache\aclua.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 450048 c:\windows\system32\dllcache\aclayers.dll
- 2006-03-16 04:00 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll
+ 2006-03-16 04:00 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll
+ 2009-05-23 13:29 . 2009-05-23 13:29 337408 c:\windows\Installer\7a84d0.msi
+ 2009-05-17 06:00 . 2009-05-17 06:00 236032 c:\windows\Installer\53187b.msi
+ 2009-03-23 03:45 . 2009-03-23 03:45 683008 c:\windows\Installer\3e770a.msi
+ 2009-07-29 07:00 . 2009-07-29 07:00 248832 c:\windows\Installer\3d759ef.msi
+ 2006-06-29 18:23 . 2006-06-29 18:23 366592 c:\windows\Installer\3b9fe.msi
+ 2006-06-29 18:23 . 2006-06-29 18:23 363008 c:\windows\Installer\3b9f9.msi
+ 2006-09-12 07:28 . 2006-09-12 07:28 112128 c:\windows\Installer\3b70d.msi
+ 2006-09-12 07:22 . 2006-09-12 07:22 189440 c:\windows\Installer\3b6ff.msi
+ 2006-09-12 07:10 . 2006-09-12 07:10 335872 c:\windows\Installer\3b6a7.msi
+ 2006-09-12 07:05 . 2006-09-12 07:05 903168 c:\windows\Installer\3b689.msi
+ 2009-06-19 03:07 . 2009-06-19 03:07 122880 c:\windows\Installer\37fe303.msi
+ 2008-06-11 18:02 . 2008-06-11 18:02 830464 c:\windows\Installer\35136db.msp
+ 2009-03-21 18:45 . 2009-03-21 18:45 432640 c:\windows\Installer\3484bce.msi
+ 2006-09-12 07:42 . 2006-09-12 07:42 440320 c:\windows\Installer\2ec70d.msi
+ 2009-07-01 07:17 . 2009-07-01 07:17 470528 c:\windows\Installer\2b6ff1d.msi
+ 2009-06-30 00:53 . 2009-06-30 00:53 431104 c:\windows\Installer\225fce1.msi
+ 2009-06-30 00:52 . 2009-06-30 00:52 140288 c:\windows\Installer\225fcce.msi
+ 2009-06-30 00:52 . 2009-06-30 00:52 202752 c:\windows\Installer\225fcc8.msi
+ 2009-06-30 00:52 . 2009-06-30 00:52 152576 c:\windows\Installer\225fcc2.msi
+ 2009-06-30 00:52 . 2009-06-30 00:52 107008 c:\windows\Installer\225fcb0.msi
+ 2009-06-30 00:52 . 2009-06-30 00:52 301056 c:\windows\Installer\225fcaa.msi
+ 2006-06-29 18:49 . 2006-06-29 18:49 221184 c:\windows\Installer\1af85e.msi
+ 2006-06-29 18:49 . 2006-06-29 18:49 239104 c:\windows\Installer\1af858.msi
+ 2006-06-29 18:49 . 2006-06-29 18:49 237568 c:\windows\Installer\1af852.msi
+ 2006-06-29 18:49 . 2006-06-29 18:49 238080 c:\windows\Installer\1af84d.msi
+ 2006-06-29 18:49 . 2006-06-29 18:49 238080 c:\windows\Installer\1af848.msi
+ 2006-06-29 18:49 . 2006-06-29 18:49 238080 c:\windows\Installer\1af843.msi
+ 2006-06-29 18:49 . 2006-06-29 18:49 120832 c:\windows\Installer\1af83b.msi
+ 2006-06-29 18:48 . 2006-06-29 18:48 471552 c:\windows\Installer\1af836.msi
+ 2006-06-29 18:48 . 2006-06-29 18:48 664064 c:\windows\Installer\1af82d.msi
+ 2006-06-29 18:48 . 2006-06-29 18:48 121344 c:\windows\Installer\1af821.msi
+ 2006-06-29 18:48 . 2006-06-29 18:48 239104 c:\windows\Installer\1af81c.msi
+ 2006-06-29 18:48 . 2006-06-29 18:48 239104 c:\windows\Installer\1af816.msi
+ 2006-06-29 18:48 . 2006-06-29 18:48 542208 c:\windows\Installer\1af810.msi
+ 2006-06-29 18:48 . 2006-06-29 18:48 245248 c:\windows\Installer\1af73c.msi
+ 2006-06-29 18:48 . 2006-06-29 18:48 324096 c:\windows\Installer\1af736.msi
+ 2006-06-29 18:48 . 2006-06-29 18:48 250368 c:\windows\Installer\1af72f.msi
+ 2006-06-29 18:48 . 2006-06-29 18:48 239616 c:\windows\Installer\1af72a.msi
+ 2006-06-29 18:48 . 2006-06-29 18:48 250368 c:\windows\Installer\1af724.msi
+ 2006-06-29 18:48 . 2006-06-29 18:48 240128 c:\windows\Installer\1af71e.msi
+ 2006-06-29 18:48 . 2006-06-29 18:48 239104 c:\windows\Installer\1af719.msi
+ 2006-06-29 18:47 . 2006-06-29 18:47 260096 c:\windows\Installer\1af6f2.msi
+ 2006-06-29 18:47 . 2006-06-29 18:47 422912 c:\windows\Installer\1af6ed.msi
+ 2006-06-29 18:47 . 2006-06-29 18:47 121344 c:\windows\Installer\1af6e8.msi
+ 2006-06-29 18:46 . 2006-06-29 18:46 227840 c:\windows\Installer\154ef6.msi
+ 2006-06-29 18:46 . 2006-06-29 18:46 838144 c:\windows\Installer\154eef.msi
+ 2006-06-29 18:44 . 2006-06-29 18:44 226304 c:\windows\Installer\154e73.msi
+ 2009-04-02 09:49 . 2009-04-02 09:49 598016 c:\windows\Installer\14c4fb.msi
+ 2006-06-29 18:19 . 2006-06-29 18:19 264704 c:\windows\Installer\13db4.msi
+ 2006-09-12 07:09 . 2009-08-13 15:44 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-09-12 07:09 . 2006-09-12 07:09 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-09-12 07:09 . 2009-08-13 15:44 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-09-12 07:09 . 2006-09-12 07:09 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-09-12 07:09 . 2009-08-13 15:44 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-09-12 07:09 . 2006-09-12 07:09 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-09-12 07:09 . 2009-08-13 15:44 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-09-12 07:09 . 2006-09-12 07:09 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-09-12 07:09 . 2006-09-12 07:09 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-09-12 07:09 . 2009-08-13 15:44 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-03-22 23:22 . 2007-03-22 23:22 103264 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-04-19 17:53 . 2007-04-19 17:53 149856 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-05-31 17:42 . 2007-05-31 17:42 200032 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 17:53 . 2007-04-19 17:53 106336 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-04-19 17:54 . 2007-04-19 17:54 183136 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-04-19 17:53 . 2007-04-19 17:53 127328 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-19 18:09 . 2007-04-19 18:09 167256 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 17:53 . 2007-04-19 17:53 137568 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2003-07-21 18:46 . 2003-07-21 18:46 390712 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2003-07-15 10:18 . 2003-07-15 10:18 430136 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL
+ 2003-07-15 05:43 . 2003-07-15 05:43 139320 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLPH.DLL
+ 2003-07-15 05:45 . 2003-07-15 05:45 196152 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLOOK.EXE
+ 2003-07-08 18:48 . 2003-07-08 18:48 115288 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DLL
+ 2003-07-15 05:44 . 2003-07-15 05:44 102968 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-07-15 10:14 . 2003-07-15 10:14 242240 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-15 10:14 . 2003-07-15 10:14 828472 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
+ 2003-07-15 10:14 . 2003-07-15 10:14 283696 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OIS.EXE
+ 2006-09-12 07:09 . 2006-09-12 07:09 223800 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-15 06:00 . 2003-07-15 06:00 145984 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-24 05:40 . 2003-07-24 05:40 482872 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
+ 2003-07-15 05:56 . 2003-07-15 05:56 124984 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
+ 2003-07-15 06:02 . 2003-07-15 06:02 627256 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
+ 2003-06-19 23:05 . 2003-06-19 23:05 364648 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-15 10:18 . 2003-07-15 10:18 376888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-24 05:35 . 2003-07-24 05:35 127032 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
+ 2003-07-15 10:14 . 2003-07-15 10:14 106552 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
+ 2003-07-15 05:57 . 2003-07-15 05:57 120888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2002-04-10 03:14 . 2002-04-10 03:14 187560 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL
+ 2002-12-18 02:08 . 2002-12-18 02:08 359600 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL
+ 2003-07-15 05:58 . 2003-07-15 05:58 230968 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL
+ 2003-07-15 05:46 . 2003-07-15 05:46 176696 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL
+ 2003-06-19 00:31 . 2003-06-19 00:31 443904 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL
+ 2003-06-19 00:31 . 2003-06-19 00:31 252928 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-06-19 00:31 . 2003-06-19 00:31 758784 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL
+ 2003-07-24 05:32 . 2003-07-24 05:32 121400 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL
+ 2003-07-15 05:53 . 2003-07-15 05:53 161336 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\IETAG.DLL
+ 2003-07-26 02:14 . 2003-07-26 02:14 799288 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL
+ 2003-07-15 05:40 . 2003-07-15 05:40 165944 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
+ 2003-07-15 05:40 . 2003-07-15 05:40 179768 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-15 06:36 . 2003-07-15 06:36 186424 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
+ 2003-07-31 22:19 . 2003-07-31 22:19 131648 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ENVELOPE.DLL
+ 2003-07-15 10:14 . 2003-07-15 10:14 350264 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
+ 2003-07-15 10:18 . 2003-07-15 10:18 141360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2009-07-29 07:01 . 2009-04-29 04:56 827392 c:\windows\ie7updates\KB972260-IE7\wininet.dll
+ 2009-07-29 07:01 . 2009-04-29 04:56 233472 c:\windows\ie7updates\KB972260-IE7\webcheck.dll
+ 2009-07-29 07:01 . 2009-04-29 04:56 105984 c:\windows\ie7updates\KB972260-IE7\url.dll
+ 2009-07-29 07:01 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll
+ 2009-07-29 07:01 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe
+ 2009-07-29 07:01 . 2009-04-29 04:56 102912 c:\windows\ie7updates\KB972260-IE7\occache.dll
+ 2009-07-29 07:01 . 2009-04-29 04:56 671232 c:\windows\ie7updates\KB972260-IE7\mstime.dll
+ 2009-07-29 07:01 . 2009-04-29 04:56 193024 c:\windows\ie7updates\KB972260-IE7\msrating.dll
+ 2009-07-29 07:01 . 2009-04-29 04:56 477696 c:\windows\ie7updates\KB972260-IE7\mshtmled.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 459264 c:\windows\ie7updates\KB972260-IE7\msfeeds.dll
+ 2009-07-29 07:01 . 2009-04-25 05:27 636088 c:\windows\ie7updates\KB972260-IE7\iexplore.exe
+ 2009-07-29 07:01 . 2009-04-29 04:55 268288 c:\windows\ie7updates\KB972260-IE7\iertutil.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 385024 c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 383488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll
+ 2009-07-29 07:01 . 2009-04-25 05:26 161792 c:\windows\ie7updates\KB972260-IE7\ieakui.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 230400 c:\windows\ie7updates\KB972260-IE7\ieaksie.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 153088 c:\windows\ie7updates\KB972260-IE7\ieakeng.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 133120 c:\windows\ie7updates\KB972260-IE7\extmgr.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 214528 c:\windows\ie7updates\KB972260-IE7\dxtrans.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 347136 c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 124928 c:\windows\ie7updates\KB972260-IE7\advpack.dll
+ 2009-06-10 08:57 . 2009-03-03 00:18 826368 c:\windows\ie7updates\KB969897-IE7\wininet.dll
+ 2009-06-10 08:57 . 2009-02-20 18:09 233472 c:\windows\ie7updates\KB969897-IE7\webcheck.dll
+ 2009-06-10 08:57 . 2009-02-20 18:09 105984 c:\windows\ie7updates\KB969897-IE7\url.dll
+ 2009-06-10 08:57 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB969897-IE7\spuninst\updspapi.dll
+ 2009-06-10 08:57 . 2008-07-09 07:38 231288 c:\windows\ie7updates\KB969897-IE7\spuninst\spuninst.exe
+ 2009-06-10 08:57 . 2009-02-20 18:09 102912 c:\windows\ie7updates\KB969897-IE7\occache.dll
+ 2009-06-10 08:57 . 2009-02-20 18:09 671232 c:\windows\ie7updates\KB969897-IE7\mstime.dll
+ 2009-06-10 08:57 . 2009-02-20 18:09 193024 c:\windows\ie7updates\KB969897-IE7\msrating.dll
+ 2009-06-10 08:57 . 2009-02-20 18:09 477696 c:\windows\ie7updates\KB969897-IE7\mshtmled.dll
+ 2009-06-10 08:57 . 2009-02-20 18:09 459264 c:\windows\ie7updates\KB969897-IE7\msfeeds.dll
+ 2009-06-10 08:57 . 2009-02-28 04:54 636072 c:\windows\ie7updates\KB969897-IE7\iexplore.exe
+ 2009-06-10 08:57 . 2009-02-20 18:09 268288 c:\windows\ie7updates\KB969897-IE7\iertutil.dll
+ 2009-06-10 08:57 . 2009-02-20 18:09 385024 c:\windows\ie7updates\KB969897-IE7\iedkcs32.dll
+ 2009-06-10 08:57 . 2009-02-20 18:09 383488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dll
+ 2009-06-10 08:57 . 2009-02-20 05:14 161792 c:\windows\ie7updates\KB969897-IE7\ieakui.dll
+ 2009-06-10 08:57 . 2009-02-20 18:09 230400 c:\windows\ie7updates\KB969897-IE7\ieaksie.dll
+ 2009-06-10 08:57 . 2009-02-20 18:09 153088 c:\windows\ie7updates\KB969897-IE7\ieakeng.dll
+ 2009-06-10 08:57 . 2009-02-20 18:09 133120 c:\windows\ie7updates\KB969897-IE7\extmgr.dll
+ 2009-06-10 08:57 . 2009-02-20 18:09 214528 c:\windows\ie7updates\KB969897-IE7\dxtrans.dll
+ 2009-06-10 08:57 . 2009-02-20 18:09 347136 c:\windows\ie7updates\KB969897-IE7\dxtmsft.dll
+ 2009-06-10 08:57 . 2009-02-20 18:09 124928 c:\windows\ie7updates\KB969897-IE7\advpack.dll
+ 2007-01-24 01:41 . 2007-01-24 01:41 841304 c:\windows\Downloaded Program Files\ampAx3.0.84.2.dll
+ 2009-07-01 07:08 . 2009-07-01 07:09 226656 c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
- 2009-03-21 17:18 . 2009-05-17 01:53 315392 c:\windows\.jagex_cache_32\runescape\jogl.dll
+ 2009-03-21 17:18 . 2009-05-17 03:15 315392 c:\windows\.jagex_cache_32\runescape\jogl.dll
+ 2009-07-16 07:17 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB973346$\spuninst\updspapi.dll
+ 2009-07-16 07:17 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB973346$\spuninst\spuninst.exe
+ 2009-07-16 07:17 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB971633$\spuninst\updspapi.dll
+ 2009-07-16 07:17 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971633$\spuninst\spuninst.exe
+ 2009-06-10 08:58 . 2008-10-15 14:00 351744 c:\windows\$NtUninstallKB970238$\xpsp3res.dll
+ 2009-06-10 08:58 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB970238$\spuninst\updspapi.dll
+ 2009-06-10 08:58 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe
+ 2009-06-10 08:58 . 2006-03-16 04:00 581120 c:\windows\$NtUninstallKB970238$\rpcrt4.dll
+ 2009-06-10 09:02 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB969898$\spuninst\updspapi.dll
+ 2009-06-10 09:02 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB969898$\spuninst\spuninst.exe
+ 2009-06-10 08:57 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB968537$\spuninst\updspapi.dll
+ 2009-06-10 08:57 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB968537$\spuninst\spuninst.exe
+ 2009-07-01 07:18 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB961503$\spuninst\updspapi.dll
+ 2009-07-01 07:18 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB961503$\spuninst\spuninst.exe
+ 2009-06-10 09:02 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB961501$\spuninst\updspapi.dll
+ 2009-06-10 09:02 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe
+ 2009-06-10 09:02 . 2006-03-16 04:00 341504 c:\windows\$NtUninstallKB961501$\localspl.dll
+ 2009-07-16 07:02 . 2005-10-18 05:14 118272 c:\windows\$NtUninstallKB961371$\t2embed.dll
+ 2009-07-16 07:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB961371$\spuninst\updspapi.dll
+ 2009-07-16 07:02 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB961371$\spuninst\spuninst.exe
+ 2009-07-16 07:17 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB973346\update\updspapi.dll
+ 2009-07-16 07:17 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973346\update\update.exe
+ 2009-07-16 07:17 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973346\spuninst.exe
+ 2009-07-29 07:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB972260-IE7\update\updspapi.dll
+ 2009-07-29 07:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB972260-IE7\update\update.exe
+ 2009-07-29 07:01 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB972260-IE7\spuninst.exe
+ 2009-06-29 16:23 . 2009-06-29 16:23 828928 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 233472 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\webcheck.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 105984 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\url.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 102912 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\occache.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 671232 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mstime.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 193024 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\msrating.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 477696 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtmled.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 459264 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\msfeeds.dll
+ 2009-06-29 07:25 . 2009-06-29 07:25 634632 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe
+ 2009-06-29 16:23 . 2009-06-29 16:23 268288 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iertutil.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 388608 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iedkcs32.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 380928 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieapfltr.dll
+ 2009-06-29 07:23 . 2009-06-29 07:23 161792 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieakui.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 230400 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieaksie.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 153088 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieakeng.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 132608 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\extmgr.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 214528 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\dxtrans.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 347136 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\dxtmsft.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 124928 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\advpack.dll
+ 2009-07-16 07:17 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB971633\update\updspapi.dll
+ 2009-07-16 07:17 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB971633\update\update.exe
+ 2009-07-16 07:17 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971633\spuninst.exe
+ 2009-06-10 08:58 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB970238\update\updspapi.dll
+ 2009-06-10 08:58 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB970238\update\update.exe
+ 2009-06-10 08:58 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB970238\spuninst.exe
+ 2009-04-15 15:24 . 2009-04-15 15:24 585216 c:\windows\$hf_mig$\KB970238\SP3QFE\rpcrt4.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\$hf_mig$\KB970238\SP3GDR\rpcrt4.dll
+ 2009-04-15 09:24 . 2009-04-15 09:24 351744 c:\windows\$hf_mig$\KB970238\SP2QFE\xpsp3res.dll
+ 2009-04-15 15:26 . 2009-04-15 15:26 583168 c:\windows\$hf_mig$\KB970238\SP2QFE\rpcrt4.dll
+ 2009-06-10 09:02 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB969898\update\updspapi.dll
+ 2009-06-10 09:02 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB969898\update\update.exe
+ 2009-06-10 09:02 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB969898\spuninst.exe
+ 2009-06-10 08:57 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB969897-IE7\update\updspapi.dll
+ 2009-06-10 08:57 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB969897-IE7\update\update.exe
+ 2009-06-10 08:57 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB969897-IE7\spuninst.exe
+ 2009-04-29 04:49 . 2009-04-29 04:49 828928 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 233472 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\webcheck.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 105984 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\url.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 102912 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\occache.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 671232 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mstime.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 193024 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\msrating.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 477696 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtmled.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 459264 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\msfeeds.dll
+ 2009-04-25 05:27 . 2009-04-25 05:27 636088 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
+ 2009-04-29 04:49 . 2009-04-29 04:49 268288 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iertutil.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 388608 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iedkcs32.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 380928 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieapfltr.dll
+ 2009-04-25 05:26 . 2009-04-25 05:26 161792 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieakui.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 230400 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieaksie.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 153088 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieakeng.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 132608 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\extmgr.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 214528 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\dxtrans.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 347136 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\dxtmsft.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 124928 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\advpack.dll
+ 2009-06-10 08:57 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB968537\update\updspapi.dll
+ 2009-06-10 08:57 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB968537\update\update.exe
+ 2009-06-10 08:57 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB968537\spuninst.exe
+ 2009-07-01 07:18 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB961503\update\updspapi.dll
+ 2009-07-01 07:18 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB961503\update\update.exe
+ 2009-07-01 07:18 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB961503\spuninst.exe
+ 2009-06-10 09:02 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB961501\update\updspapi.dll
+ 2009-06-10 09:02 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB961501\update\update.exe
+ 2009-06-10 09:02 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB961501\spuninst.exe
+ 2009-05-07 15:14 . 2009-05-07 15:14 346112 c:\windows\$hf_mig$\KB961501\SP3QFE\localspl.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\$hf_mig$\KB961501\SP3GDR\localspl.dll
+ 2009-05-07 15:26 . 2009-05-07 15:26 346112 c:\windows\$hf_mig$\KB961501\SP2QFE\localspl.dll
+ 2009-07-16 07:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB961371\update\updspapi.dll
+ 2009-07-16 07:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB961371\update\update.exe
+ 2009-07-16 07:02 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB961371\spuninst.exe
+ 2009-06-16 14:43 . 2009-06-16 14:43 119808 c:\windows\$hf_mig$\KB961371\SP3QFE\t2embed.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\$hf_mig$\KB961371\SP3GDR\t2embed.dll
+ 2009-06-16 14:45 . 2009-06-16 14:45 119808 c:\windows\$hf_mig$\KB961371\SP2QFE\t2embed.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
+ 2006-12-02 04:25 . 2006-12-02 04:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 04:25 . 2006-12-02 04:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-03-16 04:00 . 2009-04-17 09:58 1846656 c:\windows\system32\win32k.sys
+ 2006-03-16 04:00 . 2006-03-16 04:00 1326080 c:\windows\system32\webfldrs.msi
+ 2006-03-16 04:00 . 2009-06-29 16:12 1159680 c:\windows\system32\urlmon.dll
+ 2006-03-16 04:00 . 2009-07-19 13:33 3597824 c:\windows\system32\mshtml.dll
+ 2007-08-13 20:54 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll
+ 2007-02-12 18:10 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat
+ 2007-06-06 14:53 . 2007-06-06 14:53 1195888 c:\windows\system32\FM20.DLL
+ 2009-02-09 10:19 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys
+ 2009-03-21 06:32 . 2009-06-29 16:12 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 3374640 c:\windows\system32\dllcache\tourW.exe
+ 2006-03-16 04:00 . 2006-03-16 04:00 2842112 c:\windows\system32\dllcache\sprb040D.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 2869248 c:\windows\system32\dllcache\sprb0401.dll
+ 2008-05-07 04:55 . 2009-06-03 19:24 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 2479616 c:\windows\system32\dllcache\msoeres.dll
+ 2006-03-16 04:00 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-03-21 06:21 . 2009-07-19 13:33 3597824 c:\windows\system32\dllcache\mshtml.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 3166208 c:\windows\system32\dllcache\msgr3en.dll
+ 2009-03-22 07:33 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2009-03-22 07:33 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
- 2005-12-15 19:14 . 2006-10-09 20:16 1863680 c:\windows\system32\dllcache\ehcm.dll
+ 2005-12-16 03:14 . 2006-10-09 20:16 1863680 c:\windows\system32\dllcache\ehcm.dll
+ 2004-08-10 19:11 . 2004-08-10 19:11 1370112 c:\windows\system32\dllcache\ehchsime.dll
+ 2006-03-16 04:00 . 2006-03-16 04:00 1039955 c:\windows\system32\dllcache\cmnresm.dll
+ 2007-05-25 14:08 . 2007-05-25 14:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2009-04-23 12:14 . 2009-04-23 12:14 1541120 c:\windows\Installer\aeb9bf.msi
+ 2009-08-05 06:11 . 2009-08-05 06:11 5518848 c:\windows\Installer\8954b.msp
+ 2009-07-01 17:21 . 2009-07-01 17:21 8891904 c:\windows\Installer\89537.msp
+ 2009-04-19 08:00 . 2009-04-19 08:00 3966976 c:\windows\Installer\78b1e7f.msi
+ 2009-04-19 07:59 . 2009-04-19 07:59 1659392 c:\windows\Installer\78b1e7b.msi
+ 2009-04-19 07:58 . 2009-04-19 07:58 8992256 c:\windows\Installer\78b1e75.msi
+ 2009-04-19 07:57 . 2009-04-19 07:57 1549312 c:\windows\Installer\78b1e6f.msi
+ 2009-04-19 07:57 . 2009-04-19 07:57 3293696 c:\windows\Installer\78b1e69.msi
+ 2009-05-17 06:00 . 2009-05-17 06:00 1802240 c:\windows\Installer\531881.msi
+ 2006-09-12 07:30 . 2006-09-12 07:30 1545728 c:\windows\Installer\3b724.msi
+ 2006-09-12 07:30 . 2006-09-12 07:30 3033088 c:\windows\Installer\3b712.msi
+ 2006-09-12 07:22 . 2006-09-12 07:22 1393152 c:\windows\Installer\3b702.msi
+ 2006-09-12 07:15 . 2006-09-12 07:15 5576704 c:\windows\Installer\3b6eb.msi
+ 2006-09-12 07:15 . 2006-09-12 07:15 1327616 c:\windows\Installer\3b6e0.msi
+ 2006-09-12 07:13 . 2006-09-12 07:13 3037184 c:\windows\Installer\3b6ad.msi
+ 2006-09-12 07:09 . 2006-09-12 07:09 4716032 c:\windows\Installer\3b6a1.msi
+ 2006-09-12 07:08 . 2006-09-12 07:08 4806656 c:\windows\Installer\3b696.msi
+ 2008-06-11 19:05 . 2008-06-11 19:05 9994240 c:\windows\Installer\3513790.msp
+ 2009-05-01 19:49 . 2009-05-01 19:49 4328960 c:\windows\Installer\3513779.msp
+ 2009-05-12 17:01 . 2009-05-12 17:01 6818816 c:\windows\Installer\3513752.msp
+ 2008-01-31 14:30 . 2008-01-31 14:30 9947648 c:\windows\Installer\351372c.msp
+ 2008-01-14 20:53 . 2008-01-14 20:53 5213696 c:\windows\Installer\3513712.msp
+ 2008-10-25 13:15 . 2008-10-25 13:15 6227456 c:\windows\Installer\3513700.msp
+ 2009-04-23 21:57 . 2009-04-23 21:57 7672832 c:\windows\Installer\35136c9.msp
+ 2007-11-08 15:42 . 2007-11-08 15:42 4158464 c:\windows\Installer\35136b6.msp
+ 2005-10-26 18:59 . 2005-10-26 18:59 2883072 c:\windows\Installer\2b6ff2f.msp
+ 2009-05-28 16:32 . 2009-05-28 16:32 5518848 c:\windows\Installer\2b6ff16.msp
+ 2009-06-30 15:30 . 2009-06-30 15:30 5520384 c:\windows\Installer\29022.msp
+ 2006-06-29 18:21 . 2006-06-29 18:21 3443712 c:\windows\Installer\22b52.msi
+ 2006-06-29 18:48 . 2006-06-29 18:48 1730048 c:\windows\Installer\1af714.msi
+ 2006-06-29 18:44 . 2006-06-29 18:44 1143808 c:\windows\Installer\154e6d.msi
+ 2006-06-29 18:44 . 2006-06-29 18:44 1150464 c:\windows\Installer\154de4.msi
+ 2006-06-29 18:44 . 2006-06-29 18:44 1142272 c:\windows\Installer\154d5b.msi
+ 2006-06-29 18:41 . 2006-06-29 18:41 5864960 c:\windows\Installer\154d54.msp
+ 2009-04-07 11:56 . 2009-04-07 11:56 1054208 c:\windows\Installer\102590.msi
+ 2007-05-09 21:19 . 2007-05-09 21:19 2585936 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-31 17:35 . 2007-05-31 17:35 6420320 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2007-05-10 17:45 . 2007-05-10 17:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2007-05-31 17:43 . 2007-05-31 17:43 7613280 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2003-07-03 22:19 . 2003-07-03 22:19 2502656 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\VBE6.DLL
+ 2003-08-03 17:52 . 2003-08-03 17:52 2808376 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
+ 2003-07-31 22:21 . 2003-07-31 22:21 1782840 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE
+ 2003-07-30 19:40 . 2003-07-30 19:40 6133312 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE
+ 2003-08-01 22:09 . 2003-08-01 22:09 8086072 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
+ 2003-08-10 06:06 . 2003-08-10 06:06 7522360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL
+ 2003-07-07 20:36 . 2003-07-07 20:36 2058343 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DAT
+ 2003-07-15 06:05 . 2003-07-15 06:05 1054264 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-06-19 00:31 . 2003-06-19 00:31 1033216 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
+ 2003-07-11 09:15 . 2003-07-11 09:15 1292872 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2002-12-18 02:09 . 2002-12-18 02:09 2071752 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL
+ 2002-12-18 02:08 . 2002-12-18 02:08 1383592 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL
+ 2003-07-15 06:11 . 2003-07-15 06:11 2139192 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
+ 2003-07-26 02:00 . 2003-07-26 02:00 1157696 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL
+ 2003-07-24 06:01 . 2003-07-24 06:01 1949240 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
+ 2003-08-03 17:56 . 2003-08-03 17:56 1146184 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FM20.DLL
+ 2009-07-29 07:01 . 2009-04-29 04:56 1159680 c:\windows\ie7updates\KB972260-IE7\urlmon.dll
+ 2009-07-29 07:01 . 2009-04-29 04:56 3596288 c:\windows\ie7updates\KB972260-IE7\mshtml.dll
+ 2009-07-29 07:01 . 2009-04-29 04:55 6066176 c:\windows\ie7updates\KB972260-IE7\ieframe.dll
+ 2009-07-29 07:01 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dat
+ 2009-06-10 08:57 . 2009-02-20 18:09 1160192 c:\windows\ie7updates\KB969897-IE7\urlmon.dll
+ 2009-06-10 08:57 . 2009-02-20 18:09 3595264 c:\windows\ie7updates\KB969897-IE7\mshtml.dll
+ 2009-06-10 08:57 . 2009-02-20 18:09 6066176 c:\windows\ie7updates\KB969897-IE7\ieframe.dll
+ 2009-06-10 08:57 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dat
+ 2006-09-12 07:30 . 2006-09-12 07:30 9879552 c:\windows\Downloaded Installations\{20F15A02-3916-4775-8694-718E3F7AB31A}\Vongo.msi
+ 2009-07-16 07:17 . 2008-12-20 22:59 1288192 c:\windows\$NtUninstallKB971633$\quartz.dll
+ 2009-06-10 08:57 . 2009-02-09 10:19 1846272 c:\windows\$NtUninstallKB968537$\win32k.sys
+ 2009-06-29 16:23 . 2009-06-29 16:23 1163264 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\urlmon.dll
+ 2009-07-19 13:31 . 2009-07-19 13:31 3600384 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
+ 2009-07-19 13:31 . 2009-07-19 13:31 6070784 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieframe.dll
+ 2009-06-29 08:33 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieapfltr.dat
+ 2009-06-03 19:12 . 2009-06-03 19:12 1291264 c:\windows\$hf_mig$\KB971633\SP3QFE\quartz.dll
+ 2009-06-03 19:09 . 2009-06-03 19:09 1291264 c:\windows\$hf_mig$\KB971633\SP3GDR\quartz.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 1163264 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\urlmon.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 3598336 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
+ 2009-04-29 04:49 . 2009-04-29 04:49 6069248 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieframe.dll
+ 2009-06-10 03:12 . 2008-07-09 14:25 2455488 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\ieapfltr.dat
+ 2009-04-17 10:50 . 2009-04-17 10:50 1847808 c:\windows\$hf_mig$\KB968537\SP3QFE\win32k.sys
+ 2009-04-17 12:26 . 2009-04-17 12:26 1847168 c:\windows\$hf_mig$\KB968537\SP3GDR\win32k.sys
+ 2009-04-17 10:09 . 2009-04-17 10:09 1847936 c:\windows\$hf_mig$\KB968537\SP2QFE\win32k.sys
+ 2005-12-06 21:02 . 2009-07-14 03:43 10841088 c:\windows\system32\wmp.dll
+ 2009-03-22 07:25 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe
+ 2009-07-14 03:43 . 2009-07-14 03:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-03-08 06:03 . 2006-06-29 18:49 12125696 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\J2SE Runtime Environment 5.0 Update 6.msi
+ 2009-07-01 17:19 . 2009-07-01 17:19 10607104 c:\windows\Installer\89538.msp
+ 2006-06-29 18:21 . 2006-06-29 18:21 19210240 c:\windows\Installer\3b9f4.msp
+ 2008-07-30 12:50 . 2008-07-30 12:50 12506112 c:\windows\Installer\3513765.msp
+ 2008-06-04 17:29 . 2008-06-04 17:29 16905728 c:\windows\Installer\351373f.msp
+ 2008-01-14 19:24 . 2008-01-14 19:24 10721280 c:\windows\Installer\35136ed.msp
+ 2009-03-21 18:47 . 2009-03-21 18:47 15256576 c:\windows\Installer\3484be6.msp
+ 2007-05-31 17:37 . 2007-05-31 17:37 12310368 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
+ 2007-06-18 21:16 . 2007-06-18 21:16 12259160 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-31 17:41 . 2007-05-31 17:41 10352472 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2003-08-06 20:24 . 2003-08-06 20:24 12037688 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE
+ 2003-08-08 07:23 . 2003-08-08 07:23 12172336 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSO.DLL
+ 2003-08-13 09:34 . 2003-08-13 09:34 10073144 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE
+ 2007-07-27 13:03 . 2007-07-27 13:03 119977472 c:\windows\Installer\2b6ff02.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 14:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-23 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-05 520024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-29 14:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/17/2009 2:09 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2009 9:30 AM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2009 9:30 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/23/2009 9:29 AM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/18/2009 11:08 PM 24652]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 4:39 PM 61952]
.
Contents of the 'Scheduled Tasks' folder

2009-08-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 06:09]

2009-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550649503-4093617429-2617151104-1005Core.job
- c:\documents and settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-23 03:37]

2009-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550649503-4093617429-2617151104-1005UA.job
- c:\documents and settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-23 03:37]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/go/notebookaccessories
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: {4D908843-2D1F-43AF-BC92-EC2AFCB524B7} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\yklwuwgl.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Judy\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-29 20:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1488)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\documents and settings\Judy\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2009-08-30 20:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-30 00:11
ComboFix2.txt 2009-05-17 03:08

Pre-Run: 40,364,716,032 bytes free
Post-Run: 40,385,982,464 bytes free

1291 --- E O F --- 2009-08-13 15:44


ComboFix Log - September 4, 2009 - 6:44 pm

ComboFix 09-09-03.02 - Judy 09/04/2009 18:35.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.604 [GMT -4:00]
Running from: c:\documents and settings\Judy\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-08-04 to 2009-09-04 )))))))))))))))))))))))))))))))
.

2009-09-03 23:42 . 2009-09-03 23:42 45 ----a-w- c:\documents and settings\Judy\jagex_runescape_preferences2.dat
2009-08-29 05:09 . 2009-08-29 05:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-08-19 20:51 . 2009-08-19 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-15 05:18 . 2009-08-15 05:18 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM
2009-08-13 15:38 . 2009-08-13 15:38 -------- d-----w- c:\windows\ServicePackFiles
2009-08-12 09:48 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 00:20 . 2009-03-21 17:18 37 ----a-w- c:\documents and settings\Judy\jagex_runescape_preferences.dat
2009-09-03 22:49 . 2009-05-23 13:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-03 22:49 . 2009-05-23 13:30 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-03 22:49 . 2009-05-23 13:30 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-29 03:55 . 2009-03-08 05:59 90112 ----a-w- c:\windows\DUMP7cb1.tmp
2009-08-19 20:53 . 2009-03-21 03:49 -------- d-----w- c:\program files\World of Warcraft
2009-08-05 09:11 . 2006-03-16 04:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 01:57 . 2009-07-31 01:57 -------- d-----w- c:\documents and settings\Judy\Application Data\MSNInstaller
2009-07-17 18:55 . 2006-03-16 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 01:42 . 2009-06-02 22:25 16 ----a-w- c:\windows\popcinfot.dat
2009-07-14 03:43 . 2006-03-16 04:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-30 00:53 . 2006-09-12 06:39 66712 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-29 16:12 . 2006-03-16 04:00 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2006-03-16 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2006-03-16 04:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-25 18:36 . 2006-03-16 04:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2006-03-16 04:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2006-03-16 04:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2006-03-16 04:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2006-03-16 04:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2006-03-16 04:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2006-03-16 04:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2006-03-16 04:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2006-03-16 04:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2006-03-16 04:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2006-03-16 04:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2006-03-16 04:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:17 . 2006-03-16 04:00 729600 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:17 . 2006-03-16 04:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:17 . 2006-03-16 04:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:17 . 2006-03-16 04:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:17 . 2006-03-16 04:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:17 . 2006-03-16 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:49 . 2006-03-16 04:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2006-03-16 04:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2006-03-16 04:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2006-03-16 04:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:35 . 2006-03-16 04:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:55 . 2005-10-18 05:14 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2005-10-18 05:14 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 11:50 . 2006-03-16 04:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50 . 2006-03-16 04:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2006-03-16 04:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2006-03-16 04:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2008-01-05 21:56 . 2009-03-08 05:52 22 -csha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((( SnapShot_2009-08-30_00.09.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-22 09:47 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2009-03-31 16:56 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2009-03-31 16:56 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2009-05-21 01:05 . 2009-07-11 08:03 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-05-21 01:05 . 2009-09-03 23:41 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-05-21 01:05 . 2009-09-03 23:41 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
- 2009-05-21 01:05 . 2009-07-11 08:03 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 14:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-23 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-05 520024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-03 2007832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-03 22:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/17/2009 2:09 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2009 9:30 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2009 9:30 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/3/2009 6:49 PM 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/18/2009 11:08 PM 24652]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 4:39 PM 61952]
.
Contents of the 'Scheduled Tasks' folder

2009-08-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 06:09]

2009-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550649503-4093617429-2617151104-1005Core.job
- c:\documents and settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-23 03:37]

2009-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550649503-4093617429-2617151104-1005UA.job
- c:\documents and settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-23 03:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/go/notebookaccessories
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: {4D908843-2D1F-43AF-BC92-EC2AFCB524B7} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\yklwuwgl.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Judy\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-04 18:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\msacm32.drv

- - - - - - - > 'explorer.exe'(2284)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-04 18:44
ComboFix-quarantined-files.txt 2009-09-04 22:44
ComboFix2.txt 2009-08-30 00:11
ComboFix3.txt 2009-05-17 03:08

Pre-Run: 40,236,773,376 bytes free
Post-Run: 40,196,427,776 bytes free

194 --- E O F --- 2009-09-01 20:39

ComboFix-quarantined-files - September 4, 2009 - 7:10 pm

2009-08-30 00:11:03 . 2009-08-30 00:11:03 91 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Aim6.reg.dat
2009-08-29 23:55:57 . 2009-08-29 23:55:57 74 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ESQULserv.reg.dat
2009-08-29 23:23:59 . 2009-08-29 23:23:59 951 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ESQULserv.sys.reg.dat
2009-08-27 18:23:44 . 2009-08-29 17:45:14 3,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\lowsec\local.ds.vir
2009-08-27 18:23:44 . 2009-08-29 17:50:38 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\lowsec\user.ds.vir
2009-05-17 03:07:40 . 2009-05-17 03:07:40 147 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-WMPNSCFG.reg.dat
2009-05-17 03:07:21 . 2004-04-30 18:01:14 53 ----a-w- C:\Qoobox\Quarantine\D\Autorun.inf.vir
2009-05-17 03:06:18 . 2009-09-04 23:06:28 7,644 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-05-17 03:01:15 . 2009-09-04 22:58:22 408 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-03-21 06:43:45 . 2006-03-21 03:23:12 23,040 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\kb913800.exe.vir
2006-03-16 04:00:00 . 2006-03-16 04:00:00 1,835,904 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000006_.tmp.dll.vir
2006-03-16 04:00:00 . 2006-03-16 04:00:00 144,896 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000007_.tmp.dll.vir

ComboFix Log - September 4, 2009 - 7:10 pm

ComboFix 09-09-03.02 - Judy 09/04/2009 19:02.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.556 [GMT -4:00]
Running from: c:\documents and settings\Judy\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-08-04 to 2009-09-04 )))))))))))))))))))))))))))))))
.

2009-09-03 23:42 . 2009-09-03 23:42 45 ----a-w- c:\documents and settings\Judy\jagex_runescape_preferences2.dat
2009-08-29 05:09 . 2009-08-29 05:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-08-19 20:51 . 2009-08-19 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-15 05:18 . 2009-08-15 05:18 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM
2009-08-13 15:38 . 2009-08-13 15:38 -------- d-----w- c:\windows\ServicePackFiles
2009-08-12 09:48 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 00:20 . 2009-03-21 17:18 37 ----a-w- c:\documents and settings\Judy\jagex_runescape_preferences.dat
2009-09-03 22:49 . 2009-05-23 13:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-03 22:49 . 2009-05-23 13:30 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-03 22:49 . 2009-05-23 13:30 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-29 03:55 . 2009-03-08 05:59 90112 ----a-w- c:\windows\DUMP7cb1.tmp
2009-08-19 20:53 . 2009-03-21 03:49 -------- d-----w- c:\program files\World of Warcraft
2009-08-05 09:11 . 2006-03-16 04:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 01:57 . 2009-07-31 01:57 -------- d-----w- c:\documents and settings\Judy\Application Data\MSNInstaller
2009-07-17 18:55 . 2006-03-16 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 01:42 . 2009-06-02 22:25 16 ----a-w- c:\windows\popcinfot.dat
2009-07-14 03:43 . 2006-03-16 04:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-30 00:53 . 2006-09-12 06:39 66712 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-29 16:12 . 2006-03-16 04:00 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2006-03-16 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2006-03-16 04:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-25 18:36 . 2006-03-16 04:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2006-03-16 04:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2006-03-16 04:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2006-03-16 04:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2006-03-16 04:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2006-03-16 04:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2006-03-16 04:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2006-03-16 04:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2006-03-16 04:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2006-03-16 04:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2006-03-16 04:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2006-03-16 04:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:17 . 2006-03-16 04:00 729600 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:17 . 2006-03-16 04:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:17 . 2006-03-16 04:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:17 . 2006-03-16 04:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:17 . 2006-03-16 04:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:17 . 2006-03-16 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:49 . 2006-03-16 04:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2006-03-16 04:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2006-03-16 04:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2006-03-16 04:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:35 . 2006-03-16 04:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:55 . 2005-10-18 05:14 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2005-10-18 05:14 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 11:50 . 2006-03-16 04:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50 . 2006-03-16 04:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2006-03-16 04:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2006-03-16 04:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2008-01-05 21:56 . 2009-03-08 05:52 22 -csha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((( SnapShot_2009-08-30_00.09.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-22 09:47 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2009-03-31 16:56 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2009-03-31 16:56 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2009-05-21 01:05 . 2009-07-11 08:03 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-05-21 01:05 . 2009-09-03 23:41 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-05-21 01:05 . 2009-09-03 23:41 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
- 2009-05-21 01:05 . 2009-07-11 08:03 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 14:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-23 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-05 520024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-03 2007832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-03 22:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/17/2009 2:09 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2009 9:30 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2009 9:30 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/3/2009 6:49 PM 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/18/2009 11:08 PM 24652]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 4:39 PM 61952]
.
Contents of the 'Scheduled Tasks' folder

2009-08-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 06:09]

2009-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550649503-4093617429-2617151104-1005Core.job
- c:\documents and settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-23 03:37]

2009-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550649503-4093617429-2617151104-1005UA.job
- c:\documents and settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-23 03:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/go/notebookaccessories
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: {4D908843-2D1F-43AF-BC92-EC2AFCB524B7} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\yklwuwgl.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Judy\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-04 19:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2252)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-04 19:10
ComboFix-quarantined-files.txt 2009-09-04 23:10
ComboFix2.txt 2009-09-04 22:44
ComboFix3.txt 2009-08-30 00:11
ComboFix4.txt 2009-05-17 03:08

Pre-Run: 40,211,910,656 bytes free
Post-Run: 40,170,033,152 bytes free

193 --- E O F --- 2009-09-01 20:39

~~~~~End of Logs~~~~~~~

Again, I truly appreciate what you all do here. I have BC School on my Foxfire bar to check for an opening regularly.
My Signature Response:

#6 JudyLee

JudyLee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:05:39 AM

Posted 15 October 2009 - 07:04 PM

I have not attempted to run a scan with AVG, Spybot, or any other program since I first posted on this forum on September 25th.


with the obvious exception of the ones Garmanma asked me to run and post on the "Am I infected thread?"

Thanks again
:(
My Signature Response:

#7 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 16 October 2009 - 09:13 PM



Hello again JudyLee, :)

Sorry for the delay.

I hope you get to join us here at BC, you will get the right training to be one of us. :(

It seems that you got most of the rootkit infections you had, but I will like us to double check this by running combofix again with an updated version.

Please observe these rules while we work
:
  • Please Read All Instructions Carefully and perform the steps fully and in the order they are written.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
  • In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please continue to review my answers until I tell you that your machine is clean and free of malware. (Remember absence of symptoms does not mean that everything is clear).
Just because you can't see a problem doesn't mean it isn't there.

If you can do these things, everything should go smoothly. :(

---------------------------*------------------------


One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

You killed the rootkit on this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean any leftover malware in your machine please follow these next steps.

-------------------------*-------------------------


The logs show Viewpoint Manager installed, Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

=======***=======

Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.


:step1: Firstly, we need to disable: AD-AWARE AD-WATCH and TeaTimer to make sure it won't interfere fixing.
  • Right click on the Ad-Watch icon in the system tray.
  • At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
    • Active: This will turn Ad-Watch On\Off without closing it.
    • Automatic: Suspicious activity will be blocked automatically.
  • Uncheck both of those boxes.
  • (When done, you can re-enable it using the same steps but this time check both boxes.)
Instructions how to Disable Ad-Watch if needed.

============****============


I see you are running Spybot Teatimer. I suggest you to disable it

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

**Note: In the event you already have old versions of Combofix I need you to delete them, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  • If you are using Firefox, make sure that your download settings are as follows:

  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
:) Please download ComboFix from Here or Here to your Desktop. Do NOT run it just yet!
(Please, never rename Combofix unless instructed. This tool is not a toy and not for everyday use).

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    Please insert your flash drive and all usb-drives before running Combofix
  • Close any open browsers.
    WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
  • Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

-----------------------------------------------------------


:) Now let's run ComboFix with some additional directives:
  • Go to Start -> Run... and in the "Open:" box that opens type Notepad and press Enter (alternatively, navigate to Start -> Accessories -> Notepad).
  • Copy the entire contents inside the CODE box below into Notepad (do NOT copy the word "CODE"!) - don't use any other text editor than Notepad or the script will fail.
    DDS::
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    WARNING: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!
  • Go to File -> Save and save as CFScript.txt in the same location as ComboFix.exe.
    Posted Image
  • Drag CFScript.txt on top of ComboFix.exe. This will start ComboFix again.
    NOTE: Do NOT mouseclick ComboFix's window whilst it's running. That may cause your system to hang!
  • When finished, ComboFix shall produce a log for you at C:\ComboFix.txt. Please post the entire contents of that report in your next reply for further review.
:)Lets clean up the temp files and make sure there are not any other leftovers.

Download: Posted Image to your desktop.
(TFC only cleans temp folders. It will not clean URL history, prefetch, or cookies).
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
NOTE:
_It's normal after running TFC cleaner that the PC will be slower to boot the first time.

_TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.


:step1:Malwarebytes' Anti-Malware

Because some malware can be easily removed, we recommend Malwarebytes Anti-Malware be run. It's an advanced piece of software which should get a lot of what's on this machine. These guys are so on top of the latest infections it's amazing.

It's important to let me know however, if you experience any trouble getting the updates or opening it to run. Some rootkits target MBAM and those indicators are the 'tell', if you will. We have another method of double-checking for this rootkit, which if present, will require another special tool.


Malwarebytes' Anti-Malware

Please download Posted ImageMalwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Tutorial if needed

:) We need to see more information about what is happening in your machine. Please perform the following scan:

Run random's system information tool (RSIT)

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Please note that it is important that RSIT be run and a log created while in normal mode. *If you run it and create your log while in safe mode, you will be asked to redo it again properly.
  • Download random's system information tool (RSIT) by random/random and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open.
Copy/Paste the contents of both log.txt and info.txt into your next post please.

( Default location for both files is C:\rsit\ )

Summary of the logs I will need in your next reply:
  • The log of Combofix
  • The MBAM log
  • The two logs of RSIT.
And a description of any remaining problems in your next post.

How are things your end JudyLee???.


Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks.
Kind regards
Net_Surfer

Edited by Net_Surfer, 16 October 2009 - 09:32 PM.


#8 JudyLee

JudyLee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:05:39 AM

Posted 17 October 2009 - 03:14 AM

Hey Net Surfer - thanks for your encouragement :-) and your time. It's good to know my computer is on the road to recovery.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
If you decide you want to proceed with trying to clean your machine please follow these next steps.


Since this computer is rather new to me, I haven't had the time to amass all that much to lose by reformatting. However, since it came as a gift, and I did not receive any of the system discs with it, I really wouldn't know how to even start to reformat it. Cleaning it seems to be my only option. I am open to suggestions.

In the meantime, I'll proceed with the cleanup tasks you've set out for me:

First of all, regarding the task of removing Viewpoint, Viewpoint Manager, Viewpoint Media Player (which I am happy to do by the way), it took upwards of ___ minutes wait time for "Add or Remove Programs - Please wait while list is populated" ... OK - I was going to go back and fill in that blank, but it never did populate the list in about 2 hours time (I had to run out for a little bit). So I closed the "Add or Remove Programs" screen, and behind it was a screen "Add-ons may be causing problems" saying "Firefox has determined that the following add-ons are known to cause stability or security problems:" It listed: Microsoft .NET Framework Assistant 1.1 and Windows Presentation Foundation 3.5.30729.1 - both were marked "Blocked" - further the screen says "These add-ons have a high risk of causing stability or security problems and have been blocked, but a restart is required to disable them completely." I then chose the button "Restart Firefox." For the record, I don't recall ever installing these add-ons. The only Firefox add-ons I have installed are FoxSaver and FoxMarks.

I then attempted "Add or Remove Programs" again ... waited 20 minutes for the list to populate, and I gave up figuring we could come back to this later.

Next you mentioned "Firstly, we need to disable: AD-AWARE AD-WATCH" - however, I have AVG 8.5 active, and I am aware that it interfers with ComboFix operation. So striving to be a smart puppy, I opened AVG and disabled Resident Shield. I do also have Ad-Aware installed on this machine (not sure why), but it had no icon in the system tray down beside the clock. I clicked the Ad-Aware icon on my desktop. I am running Ad-Aware Free Anniversary Edition. I clicked the Ad-Watch Live! tab, and "Processes" were marked "ON" ... I clicked it to turn them off. It reported "Information - By diusabling Ad-Watch Live! completely you will not be protected in rael time after your next reboot. I did not, however, choose to reboot my machine ... cause you didn't tell me to! :D

Then disabling TeaTimer - SpyBot took a few minutes to open (everything moves very slowly on this computer) - TeaTimer closed without remarkable event.

May I suggest that you move the direction "Close any open browsers" from Item #2 to Item #3 as it is necessary to have the browser open in order to copy the text from your code box in this forum. Thank you.

ComboFix ran without a hitch - I'll post the log below.

TFC ran without a hitch removing 289.11 mb, and as it did not reboot the machine, I did.

Upon reboot, I still get the blue screen which states "One of your disks needs to be checked for consistency...."

Regarding MBAM, I installed it according to your instructions and set it to running. It scanned 143,919 objects over 43:56 minutes and froze on "c:\hp\bin\UIni.exe" although it is hard to tell if that is the uppercase letter "I" or a lower case "L" or a number "1". I waited for it to move on for about 20 minutes. Then I aborted the scan. It also showed "Objects Infected: 0" I clicked on logs, and it reported "not responding." I tried to click on Abort Scan, but it still said "not responding." I waited quite a few minutes to see if the computer would resolve the problem. So I opened Task Manager - Processes - End Process for MBAM. I couldn't think of any other option, and you didn't address this. This still wouldn't close MBAM, so I finally just restarted the computer, and I decided to try to move on to the next item on your list.

RSIT ran without a hitch.

As I've been keeping this reply post open on an adjacent computer, I'll now submit post this and re-open the thread on the afflicted computer so that I can add the logs.
My Signature Response:

#9 JudyLee

JudyLee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:05:39 AM

Posted 17 October 2009 - 03:23 AM

First the ComboFix log:

ComboFix 09-10-16.09 - Judy 10/17/2009 1:41.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.615 [GMT -4:00]
Running from: c:\documents and settings\Judy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Judy\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-09-17 to 2009-10-17 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 03:42 . 2009-03-21 03:49 -------- d-----w- c:\program files\World of Warcraft
2009-09-25 03:24 . 2009-04-19 08:00 -------- d-----w- c:\documents and settings\Judy\Application Data\Apple Computer
2009-09-25 03:18 . 2006-09-12 06:39 66712 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-19 04:00 . 2009-03-21 17:18 37 ----a-w- c:\documents and settings\Judy\jagex_runescape_preferences.dat
2009-09-19 03:33 . 2009-09-03 23:42 45 ----a-w- c:\documents and settings\Judy\jagex_runescape_preferences2.dat
2009-09-13 07:48 . 2009-09-13 07:48 -------- d-----w- c:\program files\MSBuild
2009-09-13 07:47 . 2009-09-13 07:47 -------- d-----w- c:\program files\Reference Assemblies
2009-09-13 07:16 . 2009-09-13 07:16 -------- d-----w- c:\program files\MSXML 6.0
2009-09-12 00:53 . 2009-09-12 00:53 -------- d-----w- c:\documents and settings\Judy\Application Data\Skinux
2009-09-12 00:36 . 2009-09-11 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-09-12 00:35 . 2009-09-11 23:55 -------- d-----w- c:\program files\Kodak
2009-09-12 00:33 . 2009-09-12 00:11 -------- d-----w- c:\program files\Common Files\Kodak
2009-09-11 14:03 . 2006-03-16 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2006-03-16 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 22:49 . 2009-05-23 13:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-03 22:49 . 2009-05-23 13:30 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-03 22:49 . 2009-05-23 13:30 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-29 07:36 . 2006-03-16 04:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2006-03-16 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2006-03-16 04:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-29 03:55 . 2009-03-08 05:59 90112 ----a-w- c:\windows\DUMP7cb1.tmp
2009-08-26 08:16 . 2006-03-16 04:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-19 20:51 . 2009-08-19 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-06 23:24 . 2006-03-16 04:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2006-03-16 04:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2008-10-16 16:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2006-03-16 04:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2006-03-16 04:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2006-03-16 04:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2006-03-16 04:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2009-06-30 19:26 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2009-06-30 19:26 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2006-03-16 04:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2006-03-16 04:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:52 . 2009-08-04 23:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 12:49 . 2006-03-16 04:00 2142720 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 12:02 . 2006-03-16 04:00 2020864 ------w- c:\windows\system32\ntkrnlpa.exe
2008-01-05 21:56 . 2009-03-08 05:52 22 -csha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((( SnapShot_2009-08-30_00.09.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-03-16 04:00 . 2006-10-04 08:48 50176 c:\windows\system32\utilman.exe
- 2006-03-16 04:00 . 2006-03-16 04:00 50176 c:\windows\system32\utilman.exe
- 2006-03-16 04:00 . 2006-03-16 04:00 35840 c:\windows\system32\umandlg.dll
+ 2006-03-16 04:00 . 2006-10-04 13:33 35840 c:\windows\system32\umandlg.dll
+ 2008-10-22 09:47 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2008-07-30 01:10 . 2008-07-30 01:10 26112 c:\windows\system32\TsWpfWrp.exe
+ 2005-10-14 03:22 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
- 2005-10-14 03:22 . 2007-07-27 14:41 26488 c:\windows\system32\spupdsvc.exe
+ 2009-09-13 07:44 . 2008-07-06 12:06 89088 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
- 2009-03-31 16:56 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2009-03-31 16:56 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-10-03 18:05 . 2009-08-06 23:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-03 18:05 . 2009-08-06 23:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2007-02-08 05:40 . 2007-02-08 05:40 64512 c:\windows\system32\ptpitcp.dll
+ 2008-07-29 23:59 . 2008-07-29 23:59 43544 c:\windows\system32\PresentationHostProxy.dll
- 2005-07-03 10:11 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll
+ 2005-07-03 10:11 . 2009-08-29 07:36 44544 c:\windows\system32\pngfilt.dll
+ 2006-06-29 18:27 . 2009-10-14 07:42 75092 c:\windows\system32\perfc009.dat
+ 2006-03-16 04:00 . 2006-10-04 08:48 53760 c:\windows\system32\narrator.exe
- 2006-03-16 04:00 . 2006-03-16 04:00 53760 c:\windows\system32\narrator.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 15360 c:\windows\system32\mui\0409\mscorees.dll
+ 2007-05-08 21:08 . 2007-05-08 21:08 86728 c:\windows\system32\msxml6r.dll
+ 2007-08-13 20:54 . 2009-08-29 07:36 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 20:54 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 83968 c:\windows\system32\mscories.dll
+ 2006-03-16 04:00 . 2006-10-04 08:48 72704 c:\windows\system32\magnify.exe
- 2006-03-16 04:00 . 2006-03-16 04:00 72704 c:\windows\system32\magnify.exe
- 2009-05-17 13:01 . 2009-05-17 06:08 15688 c:\windows\system32\lsdelete.exe
+ 2009-05-17 13:01 . 2009-05-31 06:10 15688 c:\windows\system32\lsdelete.exe
+ 2006-03-16 04:00 . 2009-08-29 07:36 27648 c:\windows\system32\jsproxy.dll
- 2006-03-16 04:00 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll
+ 2008-07-29 23:24 . 2008-07-29 23:24 97800 c:\windows\system32\infocardapi.dll
+ 2007-08-13 20:39 . 2009-08-28 10:28 13824 c:\windows\system32\ieudinit.exe
- 2007-08-13 20:39 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
+ 2006-03-16 04:00 . 2009-08-29 07:36 44544 c:\windows\system32\iernonce.dll
- 2006-03-16 04:00 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll
+ 2006-03-16 04:00 . 2009-08-28 10:28 70656 c:\windows\system32\ie4uinit.exe
- 2006-03-16 04:00 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
+ 2008-07-29 23:24 . 2008-07-29 23:24 11264 c:\windows\system32\icardres.dll
+ 2007-08-13 20:36 . 2009-08-29 07:36 63488 c:\windows\system32\icardie.dll
- 2007-08-13 20:36 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll
+ 2008-07-30 01:10 . 2008-07-30 01:10 73720 c:\windows\system32\dxva2.dll
+ 2009-09-12 00:35 . 2007-06-06 13:25 40960 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\KPDLM.dll
+ 2009-09-12 00:35 . 2007-06-06 13:36 28672 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\KPDGPD.dll
+ 2009-09-12 00:35 . 2007-06-06 13:18 45056 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\KPDDynCC.DLL
+ 2009-09-12 00:33 . 2004-08-04 02:58 15104 c:\windows\system32\drivers\usbscan.sys
+ 2006-03-16 04:00 . 2008-05-02 09:05 62592 c:\windows\system32\drivers\cdrom.sys
+ 2006-03-16 04:00 . 2009-08-06 23:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2006-03-16 04:00 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2006-10-04 08:48 . 2006-10-04 08:48 50176 c:\windows\system32\dllcache\utilman.exe
+ 2009-09-12 00:33 . 2004-08-04 02:58 15104 c:\windows\system32\dllcache\usbscan.sys
+ 2006-10-04 13:33 . 2006-10-04 13:33 35840 c:\windows\system32\dllcache\umandlg.dll
- 2009-03-21 06:32 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-03-21 06:32 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-10-04 08:48 . 2006-10-04 08:48 53760 c:\windows\system32\dllcache\narrator.exe
+ 2009-03-22 07:33 . 2009-08-29 07:36 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-22 07:33 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-04 20:45 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2006-10-04 08:48 . 2006-10-04 08:48 72704 c:\windows\system32\dllcache\magnify.exe
+ 2009-03-21 06:32 . 2009-08-29 07:36 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-21 06:32 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-22 07:33 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-03-22 07:33 . 2009-08-28 10:28 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-08-13 20:39 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 20:39 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 20:45 . 2009-08-29 07:36 78336 c:\windows\system32\dllcache\ieencode.dll
- 2007-08-13 20:45 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll
- 2007-08-13 20:39 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-13 20:39 . 2009-08-28 10:28 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-22 07:33 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-03-22 07:33 . 2009-08-29 07:36 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-09-13 07:44 . 2008-07-06 12:06 89088 c:\windows\system32\dllcache\filterpipelineprintproc.dll
- 2007-08-13 20:42 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll
+ 2007-08-13 20:42 . 2009-08-29 07:36 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-09-11 23:59 . 2008-05-02 09:05 62592 c:\windows\system32\dllcache\cdrom.sys
+ 2006-03-16 04:00 . 2009-08-06 23:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 96760 c:\windows\system32\dfshim.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-30 01:10 . 2008-07-30 01:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-29 23:59 . 2008-07-29 23:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-30 01:10 . 2008-07-30 01:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-29 23:32 . 2008-07-29 23:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-29 23:16 . 2008-07-29 23:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 15:17 . 2008-07-25 15:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-11-25 08:59 . 2008-11-25 08:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2009-06-24 23:56 . 2009-06-24 23:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2007-04-13 22:58 . 2007-04-13 22:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-13 22:57 . 2007-04-13 22:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-13 22:57 . 2007-04-13 22:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2007-04-13 23:30 . 2007-04-13 23:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-01-15 18:11 . 2009-06-24 16:56 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
+ 2007-01-15 18:11 . 2009-06-24 16:56 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
- 2004-08-04 13:12 . 2007-01-02 18:29 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2004-08-04 13:12 . 2009-06-24 02:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2004-08-04 13:12 . 2007-01-02 18:29 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2004-08-04 13:12 . 2009-06-24 02:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2004-08-04 13:11 . 2009-06-24 02:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2004-08-04 13:11 . 2007-01-02 18:34 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2002-06-22 08:31 . 2002-06-22 08:31 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2002-06-22 08:31 . 2009-06-24 02:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2008-07-30 01:07 . 2008-07-30 01:07 23040 c:\windows\Installer\6a811f1.msp
+ 2009-09-13 07:28 . 2009-09-13 07:28 88576 c:\windows\Installer\68ae001.msi
+ 2009-09-12 00:35 . 2009-09-12 00:35 45056 c:\windows\Installer\{FCDB1C92-03C6-4C76-8625-371224256091}\PdockShortcut4.exe
+ 2006-09-12 07:09 . 2009-10-14 07:35 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-09-12 07:09 . 2009-08-13 15:44 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-09-12 07:09 . 2009-10-14 07:35 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-09-12 07:09 . 2009-08-13 15:44 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-09-12 07:09 . 2009-08-13 15:44 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-09-12 07:09 . 2009-10-14 07:35 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-09-12 07:09 . 2009-08-13 15:44 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-09-12 07:09 . 2009-10-14 07:35 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-09-12 00:11 . 2009-09-12 00:11 92854 c:\windows\Installer\{42938595-0D83-404D-9F73-F8177FDD531A}\EasyShareStartupShortcut10.exe
+ 2009-09-12 00:11 . 2009-09-12 00:11 92854 c:\windows\Installer\{42938595-0D83-404D-9F73-F8177FDD531A}\EasyShareStartMenu10_1.exe
+ 2009-09-12 00:11 . 2009-09-12 00:11 92854 c:\windows\Installer\{42938595-0D83-404D-9F73-F8177FDD531A}\EasyShareDesktopShortcut10.exe
+ 2009-10-14 07:18 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\pngfilt.dll
+ 2009-10-14 07:18 . 2009-06-29 16:12 52224 c:\windows\ie7updates\KB974455-IE7\msfeedsbs.dll
+ 2009-10-14 07:18 . 2009-06-29 16:12 27648 c:\windows\ie7updates\KB974455-IE7\jsproxy.dll
+ 2009-10-14 07:18 . 2009-06-29 11:07 13824 c:\windows\ie7updates\KB974455-IE7\ieudinit.exe
+ 2009-10-14 07:18 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\iernonce.dll
+ 2009-10-14 07:18 . 2009-06-29 16:12 78336 c:\windows\ie7updates\KB974455-IE7\ieencode.dll
+ 2009-10-14 07:18 . 2009-06-29 11:07 70656 c:\windows\ie7updates\KB974455-IE7\ie4uinit.exe
+ 2009-10-14 07:18 . 2009-06-29 16:12 63488 c:\windows\ie7updates\KB974455-IE7\icardie.dll
+ 2009-10-14 07:18 . 2009-06-29 16:12 17408 c:\windows\ie7updates\KB974455-IE7\corpol.dll
+ 2009-09-13 07:44 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
+ 2009-09-11 23:59 . 2008-05-02 09:05 62592 c:\windows\Driver Cache\i386\cdrom.sys
+ 2009-10-14 07:12 . 2009-10-14 07:12 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_646a791e\System.Drawing.Design.dll
+ 2009-10-14 07:12 . 2009-10-14 07:12 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_ad6e47b0\CustomMarshalers.dll
+ 2009-10-14 07:04 . 2009-10-14 07:04 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_d4da5a19\System.Drawing.Design.dll
+ 2009-10-14 07:04 . 2009-10-14 07:04 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_e06790d4\CustomMarshalers.dll
+ 2009-10-14 22:18 . 2009-10-14 22:18 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2009-09-13 08:30 . 2009-09-13 08:30 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll
+ 2009-10-14 22:24 . 2009-10-14 22:24 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2009-09-13 08:59 . 2009-09-13 08:59 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll
+ 2009-10-14 22:24 . 2009-10-14 22:24 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-09-13 08:57 . 2009-09-13 08:57 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2009-09-13 08:57 . 2009-09-13 08:57 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
+ 2009-10-14 07:44 . 2009-10-14 07:44 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2009-09-13 08:27 . 2009-09-13 08:27 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2d7408a0232f2e2efd0d7adf5dfa733a\PresentationFontCache.ni.exe
+ 2009-09-13 08:18 . 2009-09-13 08:18 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8fd2d9233f8ea3031fb16f697635231\PresentationCFFRasterizer.ni.dll
+ 2009-10-14 07:43 . 2009-10-14 07:43 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2009-10-14 22:23 . 2009-10-14 22:23 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll
+ 2009-09-13 08:57 . 2009-09-13 08:57 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-09-13 08:56 . 2009-09-13 08:56 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll
+ 2009-09-13 08:56 . 2009-09-13 08:56 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
+ 2009-10-14 22:21 . 2009-10-14 22:21 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe
+ 2009-10-14 22:20 . 2009-10-14 22:20 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
+ 2009-09-13 08:56 . 2009-09-13 08:56 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2009-09-12 00:11 . 2009-09-12 00:11 86016 c:\windows\assembly\GAC_MSIL\VirtualCollectionBase-Defs-PlatReq\1.0.5227.4054__b0cfd8589c27b05f\VirtualCollectionBase-Defs-PlatReq.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2009-09-13 07:55 . 2009-09-13 07:55 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2009-09-13 07:48 . 2009-09-13 07:48 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-09-12 00:11 . 2009-09-12 00:11 38400 c:\windows\assembly\GAC_32\PeopleRecognition-Defs-PlatReq\1.1.5227.4054__b0cfd8589c27b05f\PeopleRecognition-Defs-PlatReq.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2006-09-12 06:52 . 2006-09-12 06:52 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
+ 2009-09-09 07:20 . 2009-09-09 07:20 77824 c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
+ 2009-09-09 07:20 . 2009-09-09 07:20 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
- 2006-09-12 06:52 . 2006-09-12 06:52 45056 c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
- 2006-09-12 06:52 . 2006-09-12 06:52 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
+ 2009-09-09 07:20 . 2009-09-09 07:20 53248 c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
+ 2009-09-09 07:20 . 2009-09-09 07:20 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
- 2006-09-12 06:52 . 2006-09-12 06:52 18944 c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
+ 2009-09-09 07:20 . 2009-09-09 07:20 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
- 2006-09-12 06:52 . 2006-09-12 06:52 73728 c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
- 2009-05-21 01:05 . 2009-07-11 08:03 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-05-21 01:05 . 2009-09-19 03:32 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
- 2009-05-21 01:05 . 2009-07-11 08:03 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2009-05-21 01:05 . 2009-09-19 03:32 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2009-09-01 20:38 . 2008-10-22 09:47 62976 c:\windows\$NtUninstallKB970653-v3$\tzchange.exe
+ 2009-09-01 20:38 . 2009-07-16 04:14 14336 c:\windows\$NtUninstallKB970653-v3$\spuninst\tzchange.dll
+ 2009-09-11 23:59 . 2006-03-16 04:00 49536 c:\windows\$NtUninstallKB932716-v2$\cdrom.sys
+ 2009-09-14 22:22 . 2006-03-16 04:00 50176 c:\windows\$NtUninstallKB925720$\utilman.exe
+ 2009-09-14 22:22 . 2006-03-16 04:00 35840 c:\windows\$NtUninstallKB925720$\umandlg.dll
+ 2009-09-14 22:22 . 2006-03-16 04:00 53760 c:\windows\$NtUninstallKB925720$\narrator.exe
+ 2009-09-14 22:22 . 2006-03-16 04:00 72704 c:\windows\$NtUninstallKB925720$\magnify.exe
+ 2009-09-09 07:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB971961\update\spcustom.dll
+ 2009-09-09 07:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB971961\spmsg.dll
+ 2009-09-14 22:39 . 2007-11-30 11:18 26488 c:\windows\$hf_mig$\KB961118\update\spcustom.dll
+ 2009-09-14 22:39 . 2007-11-30 11:18 17272 c:\windows\$hf_mig$\KB961118\spmsg.dll
+ 2009-09-09 07:03 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB956844\update\spcustom.dll
+ 2009-09-09 07:03 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB956844\spmsg.dll
+ 2009-09-12 00:00 . 2007-11-30 11:18 26488 c:\windows\$hf_mig$\KB932716-v2\update\spcustom.dll
+ 2009-09-12 00:00 . 2007-11-30 11:18 17272 c:\windows\$hf_mig$\KB932716-v2\spmsg.dll
+ 2009-09-11 23:59 . 2008-05-02 10:49 62976 c:\windows\$hf_mig$\KB932716-v2\SP3QFE\cdrom.sys
+ 2009-09-14 22:22 . 2005-10-12 23:16 22752 c:\windows\$hf_mig$\KB925720\update\spcustom.dll
+ 2009-09-14 22:22 . 2005-10-12 23:16 14048 c:\windows\$hf_mig$\KB925720\spmsg.dll
+ 2006-10-04 10:40 . 2006-10-04 10:40 50176 c:\windows\$hf_mig$\KB925720\SP2QFE\utilman.exe
+ 2006-10-04 14:05 . 2006-10-04 14:05 35840 c:\windows\$hf_mig$\KB925720\SP2QFE\umandlg.dll
+ 2006-10-04 10:40 . 2006-10-04 10:40 53760 c:\windows\$hf_mig$\KB925720\SP2QFE\narrator.exe
+ 2006-10-04 10:40 . 2006-10-04 10:40 72704 c:\windows\$hf_mig$\KB925720\SP2QFE\magnify.exe
+ 2009-10-14 07:41 . 2009-10-14 07:41 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-09-12 00:33 . 2001-08-18 02:36 5632 c:\windows\system32\ptpusb.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2004-07-20 09:54 . 2007-01-02 18:29 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2004-07-20 09:54 . 2009-06-29 15:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2006-09-12 07:09 . 2009-08-13 15:44 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-09-12 07:09 . 2009-10-14 07:35 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-09-13 07:54 . 2009-09-13 07:54 5632 c:\windows\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-09-12 00:22 . 2009-09-12 00:22 3072 c:\windows\assembly\GAC_32\policy.2.0.EastmanKodakCompany.EasyShare\2.0.5406.2521__e736f44e197b3380\policy.2.0.EastmanKodakCompany.EasyShare.dll
+ 2009-09-12 00:22 . 2009-09-12 00:22 3072 c:\windows\assembly\GAC_32\policy.1.0.EastmanKodakCompany.EasyShare\1.0.0.2__e736f44e197b3380\policy.1.0.EastmanKodakCompany.EasyShare.dll
- 2006-09-12 06:52 . 2006-09-12 06:52 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
+ 2009-09-09 07:20 . 2009-09-09 07:20 8192 c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2008-07-30 01:26 . 2008-07-30 01:26 301568 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2009-09-13 07:43 . 2008-07-06 12:06 575488 c:\windows\system32\xpsshhdr.dll
+ 2005-08-04 09:29 . 2009-04-02 03:02 604160 c:\windows\system32\wmspdmod.dll
+ 2006-10-24 16:30 . 2006-10-24 16:30 276992 c:\windows\system32\WMPhoto.dll
+ 2006-10-24 16:29 . 2006-10-24 16:29 352256 c:\windows\system32\WindowsCodecsExt.dll
+ 2006-10-24 16:30 . 2006-10-24 16:30 716288 c:\windows\system32\WindowsCodecs.dll
- 2006-03-16 04:00 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll
+ 2006-03-16 04:00 . 2009-08-29 07:36 233472 c:\windows\system32\webcheck.dll
+ 2006-03-16 04:00 . 2009-08-29 07:36 105984 c:\windows\system32\url.dll
- 2006-03-16 04:00 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll
+ 2008-07-29 23:59 . 2008-07-29 23:59 161296 c:\windows\system32\UIAutomationCore.dll
+ 2009-09-13 07:44 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2009-09-13 07:44 . 2008-07-06 12:06 765440 c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2009-09-13 07:44 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2009-09-13 07:44 . 2008-07-06 12:06 748032 c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2009-09-13 07:44 . 2008-07-06 12:06 147456 c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2009-09-13 07:44 . 2008-07-06 10:50 597504 c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
+ 2009-09-13 07:44 . 2008-03-13 04:52 761344 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2009-09-13 07:44 . 2008-07-06 12:06 744960 c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2009-09-13 07:44 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2009-09-13 07:44 . 2008-07-06 12:06 198656 c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2009-09-13 07:43 . 2008-07-06 12:06 765440 c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2006-08-24 20:15 . 2006-08-24 20:15 150808 c:\windows\system32\rgb9rast_2.dll
+ 2009-09-12 00:33 . 2004-08-04 04:56 159232 c:\windows\system32\ptpusd.dll
+ 2009-09-13 07:44 . 2008-07-06 12:06 117760 c:\windows\system32\prntvpt.dll
+ 2008-07-29 23:59 . 2008-07-29 23:59 781344 c:\windows\system32\PresentationNative_v0300.dll
+ 2008-07-30 00:35 . 2008-07-30 00:35 326160 c:\windows\system32\PresentationHost.exe
+ 2008-07-29 23:59 . 2008-07-29 23:59 105016 c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2006-10-24 16:30 . 2008-05-28 07:13 425472 c:\windows\system32\photometadatahandler.dll
+ 2006-06-29 18:27 . 2009-10-14 07:42 453754 c:\windows\system32\perfh009.dat
- 2006-03-16 04:00 . 2006-03-16 04:00 215552 c:\windows\system32\osk.exe
+ 2006-03-16 04:00 . 2006-10-04 08:48 215552 c:\windows\system32\osk.exe
- 2006-03-16 04:00 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll
+ 2006-03-16 04:00 . 2009-08-29 07:36 102912 c:\windows\system32\occache.dll
- 2006-03-16 04:00 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll
+ 2006-03-16 04:00 . 2009-08-29 07:36 671232 c:\windows\system32\mstime.dll
- 2005-07-03 10:11 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll
+ 2005-07-03 10:11 . 2009-08-29 07:36 193024 c:\windows\system32\msrating.dll
- 2005-07-03 10:11 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll
+ 2005-07-03 10:11 . 2009-08-29 07:36 477696 c:\windows\system32\mshtmled.dll
+ 2007-08-13 20:54 . 2009-08-29 07:36 459264 c:\windows\system32\msfeeds.dll
- 2007-08-13 20:54 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 158720 c:\windows\system32\mscorier.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 282112 c:\windows\system32\mscoree.dll
+ 2007-06-06 13:18 . 2007-06-06 13:18 196608 c:\windows\system32\KPDRES.DLL
+ 2007-06-06 13:38 . 2007-06-06 13:38 237568 c:\windows\system32\KPDPMUI.dll
+ 2007-06-06 13:38 . 2007-06-06 13:38 344064 c:\windows\system32\KPDPM.dll
+ 2006-03-16 04:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
+ 2009-09-11 23:59 . 2008-05-02 13:30 464384 c:\windows\system32\imapi2fs.dll
+ 2009-09-11 23:59 . 2008-05-02 13:30 317952 c:\windows\system32\imapi2.dll
- 2007-08-13 20:34 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll
+ 2007-08-13 20:34 . 2009-08-29 07:36 268288 c:\windows\system32\iertutil.dll
+ 2006-03-16 04:00 . 2009-08-29 07:36 385024 c:\windows\system32\iedkcs32.dll
- 2006-03-16 04:00 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 14:27 . 2009-08-29 07:36 380928 c:\windows\system32\ieapfltr.dll
- 2007-07-11 14:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll
- 2006-03-16 04:00 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
+ 2006-03-16 04:00 . 2009-08-27 05:18 161792 c:\windows\system32\ieakui.dll
- 2006-03-16 04:00 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll
+ 2006-03-16 04:00 . 2009-08-29 07:36 230400 c:\windows\system32\ieaksie.dll
+ 2006-03-16 04:00 . 2009-08-29 07:36 153088 c:\windows\system32\ieakeng.dll
- 2006-03-16 04:00 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll
+ 2008-07-29 23:24 . 2008-07-29 23:24 622080 c:\windows\system32\icardagt.exe
+ 2006-06-29 18:18 . 2009-09-13 08:51 263024 c:\windows\system32\FNTCACHE.DAT
- 2006-03-16 04:00 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll
+ 2006-03-16 04:00 . 2009-08-29 07:36 133120 c:\windows\system32\extmgr.dll
+ 2008-07-30 01:10 . 2008-07-30 01:10 493048 c:\windows\system32\evr.dll
- 2006-03-16 04:00 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll
+ 2006-03-16 04:00 . 2009-08-29 07:36 214528 c:\windows\system32\dxtrans.dll
- 2006-03-16 04:00 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll
+ 2006-03-16 04:00 . 2009-08-29 07:36 347136 c:\windows\system32\dxtmsft.dll
+ 2009-09-12 00:35 . 2007-06-06 13:46 229376 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\KPDVS.dll
+ 2009-09-12 00:35 . 2007-06-06 13:37 278528 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\KPDUI.dll
+ 2009-09-12 00:35 . 2007-06-06 13:18 196608 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\KPDRES.dll
+ 2009-09-12 00:35 . 2007-06-06 13:37 258048 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\KPDGDI.dll
+ 2009-09-13 07:43 . 2008-07-06 12:06 575488 c:\windows\system32\dllcache\xpsshhdr.dll
+ 2006-03-16 04:00 . 2009-08-06 23:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2006-03-16 04:00 . 2009-08-06 23:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2006-03-16 04:00 . 2009-08-06 23:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-04-02 03:02 . 2009-04-02 03:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2009-03-21 06:32 . 2009-08-29 07:36 832512 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-13 20:54 . 2009-08-29 07:36 233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-13 20:54 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 20:44 . 2009-08-29 07:36 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-13 20:44 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll
- 2006-03-16 04:00 . 2006-03-16 04:00 153088 c:\windows\system32\dllcache\triedit.dll
+ 2006-03-16 04:00 . 2009-06-21 22:04 153088 c:\windows\system32\dllcache\triedit.dll
- 2009-03-21 06:40 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2009-03-21 06:40 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2009-09-13 07:44 . 2008-07-06 10:50 597504 c:\windows\system32\dllcache\printfilterpipelinesvc.exe
+ 2006-10-04 08:48 . 2006-10-04 08:48 215552 c:\windows\system32\dllcache\osk.exe
+ 2007-08-13 20:44 . 2009-08-29 07:36 102912 c:\windows\system32\dllcache\occache.dll
- 2007-08-13 20:44 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-06-25 08:17 . 2009-09-11 14:03 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2009-06-25 08:17 . 2009-06-25 08:17 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2009-03-21 06:32 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-21 06:32 . 2009-08-29 07:36 671232 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-21 06:32 . 2009-08-29 07:36 193024 c:\windows\system32\dllcache\msrating.dll
- 2009-03-21 06:32 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll
+ 2009-03-21 06:32 . 2009-08-29 07:36 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2009-03-21 06:32 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2009-03-22 07:33 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-03-22 07:33 . 2009-08-29 07:36 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-12-18 14:40 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
+ 2009-09-11 23:59 . 2008-05-02 13:30 464384 c:\windows\system32\dllcache\imapi2fs.dll
+ 2009-09-11 23:59 . 2008-05-02 13:30 317952 c:\windows\system32\dllcache\imapi2.dll
+ 2007-08-13 20:43 . 2009-08-27 05:18 634648 c:\windows\system32\dllcache\iexplore.exe
- 2009-03-22 07:33 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2009-03-22 07:33 . 2009-08-29 07:36 268288 c:\windows\system32\dllcache\iertutil.dll
- 2007-08-13 20:39 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 20:39 . 2009-08-29 07:36 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-22 07:33 . 2009-08-29 07:36 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2009-03-22 07:33 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-08-13 19:56 . 2009-08-27 05:18 161792 c:\windows\system32\dllcache\ieakui.dll
- 2007-08-13 19:56 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 20:39 . 2009-08-29 07:36 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-13 20:39 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-13 20:39 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-13 20:39 . 2009-08-29 07:36 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-03-21 06:32 . 2009-08-29 07:36 133120 c:\windows\system32\dllcache\extmgr.dll
- 2009-03-21 06:32 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2009-03-21 06:32 . 2009-08-29 07:36 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2009-03-21 06:32 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-03-21 06:32 . 2009-08-29 07:36 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2009-03-21 06:32 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-13 20:39 . 2009-08-29 07:36 124928 c:\windows\system32\dllcache\advpack.dll
- 2007-08-13 20:39 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll
+ 2006-03-16 04:00 . 2009-08-29 07:36 124928 c:\windows\system32\advpack.dll
- 2006-03-16 04:00 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 196104 c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-30 03:40 . 2008-07-30 03:40 802816 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 984056 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 105976 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 107000 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 107512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 109048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 110072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 101368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 112120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 106488 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 113656 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111608 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 108536 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 102904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 689152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 413184 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 632320 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2009-09-13 07:51 . 2009-09-13 07:51 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-29 22:47 . 2008-07-29 22:47 110080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 131584 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 131072 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 121344 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 123904 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 122880 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 121856 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 129024 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 128512 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 132096 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 111104 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 133120 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 122368 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 137728 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 130048 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 126464 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 125440 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 113152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 269304 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 22:47 . 2008-07-29 22:47 177152 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 276984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-30 03:15 . 2008-07-30 03:15 225490 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-30 03:40 . 2008-07-30 03:40 233976 c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 168448 c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-30 00:35 . 2008-07-30 00:35 864256 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-29 23:59 . 2008-07-29 23:59 132120 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-30 01:10 . 2008-07-30 01:10 806928 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 152576 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-29 23:16 . 2008-07-29 23:16 966656 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 132096 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-29 23:16 . 2008-07-29 23:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 156688 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-29 23:16 . 2008-07-29 23:16 163840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-29 23:16 . 2008-07-29 23:16 397312 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-29 23:24 . 2008-07-29 23:24 881664 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-29 23:16 . 2008-07-29 23:16 168968 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-11-25 08:59 . 2008-11-25 08:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-11-25 08:59 . 2008-11-25 08:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 392184 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 118784 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 143360 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 100856 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 230912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 345600 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-11-25 08:59 . 2008-11-25 08:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 308224 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 230904 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 798224 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 575496 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 15:16 . 2008-07-25 15:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 15:17 . 2008-07-25 15:17 147968 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 218112 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 193016 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 145408 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-13 22:58 . 2007-04-13 22:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-13 22:56 . 2007-04-13 22:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-13 23:30 . 2007-04-13 23:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-20 09:54 . 2004-07-20 09:54 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2004-07-20 09:54 . 2009-06-24 01:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2004-08-04 13:11 . 2007-01-02 18:34 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2004-08-04 13:11 . 2009-06-24 02:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2009-09-14 22:35 . 2009-09-14 22:35 972800 c:\windows\Installer\baae2.msi
+ 2009-03-20 15:48 . 2009-03-20 15:48 183808 c:\windows\Installer\baada.msp
+ 2009-09-28 21:36 . 2009-09-28 21:36 288768 c:\windows\Installer\84e6ee6.msi
+ 2009-09-12 00:31 . 2009-09-12 00:31 295936 c:\windows\Installer\6db159.msi
+ 2009-09-12 00:29 . 2009-09-12 00:29 370688 c:\windows\Installer\6db153.msi
+ 2009-09-12 00:28 . 2009-09-12 00:28 404480 c:\windows\Installer\6db14d.msi
+ 2009-09-12 00:27 . 2009-09-12 00:27 213504 c:\windows\Installer\6db146.msi
+ 2009-09-12 00:25 . 2009-09-12 00:25 186368 c:\windows\Installer\6db13f.msi
+ 2009-09-12 00:24 . 2009-09-12 00:24 180736 c:\windows\Installer\6db139.msi
+ 2009-09-12 00:23 . 2009-09-12 00:23 180736 c:\windows\Installer\6db133.msi
+ 2009-09-12 00:22 . 2009-09-12 00:22 396800 c:\windows\Installer\6db12d.msi
+ 2009-09-12 00:21 . 2009-09-12 00:21 548352 c:\windows\Installer\6db127.msi
+ 2009-09-12 00:19 . 2009-09-12 00:19 291840 c:\windows\Installer\6db121.msi
+ 2009-09-12 00:17 . 2009-09-12 00:17 357376 c:\windows\Installer\6db11b.msi
+ 2009-09-12 00:16 . 2009-09-12 00:16 291840 c:\windows\Installer\6db115.msi
+ 2009-09-12 00:15 . 2009-09-12 00:15 182784 c:\windows\Installer\6db10f.msi
+ 2009-09-12 00:14 . 2009-09-12 00:14 288768 c:\windows\Installer\6db109.msi
+ 2009-09-12 00:12 . 2009-09-12 00:12 294912 c:\windows\Installer\6db103.msi
+ 2008-12-13 13:58 . 2008-12-13 13:58 754688 c:\windows\Installer\6ae59e8.msp
+ 2009-09-13 07:55 . 2009-09-13 07:55 648192 c:\windows\Installer\6ae59c2.msi
+ 2008-07-30 01:23 . 2008-07-30 01:23 250880 c:\windows\Installer\6a811fa.msp
+ 2008-07-30 01:28 . 2008-07-30 01:28 278016 c:\windows\Installer\6a811f8.msp
+ 2008-07-29 23:40 . 2008-07-29 23:40 291840 c:\windows\Installer\6a811f6.msp
+ 2009-09-13 07:49 . 2009-09-13 07:49 137728 c:\windows\Installer\6a811f0.msi
+ 2008-07-29 21:35 . 2008-07-29 21:35 553472 c:\windows\Installer\68ae006.msp
+ 2008-07-29 21:33 . 2008-07-29 21:33 506368 c:\windows\Installer\68ae004.msp
+ 2008-07-29 21:37 . 2008-07-29 21:37 911360 c:\windows\Installer\68ae003.msp
+ 2009-09-12 00:35 . 2009-09-12 00:35 135168 c:\windows\Installer\{FCDB1C92-03C6-4C76-8625-371224256091}\PdockShortcut5.exe
- 2006-09-12 07:09 . 2009-08-13 15:44 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-09-12 07:09 . 2009-10-14 07:35 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-09-12 07:09 . 2009-10-14 07:35 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-09-12 07:09 . 2009-08-13 15:44 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-09-12 07:09 . 2009-08-13 15:44 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-09-12 07:09 . 2009-10-14 07:35 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-09-12 07:09 . 2009-08-13 15:44 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-09-12 07:09 . 2009-10-14 07:35 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-09-12 07:09 . 2009-08-13 15:44 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-09-12 07:09 . 2009-10-14 07:35 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-04-19 17:53 . 2007-04-19 17:53 109408 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL
+ 2009-10-14 07:18 . 2009-06-29 16:12 827392 c:\windows\ie7updates\KB974455-IE7\wininet.dll
+ 2009-10-14 07:18 . 2009-06-29 16:12 233472 c:\windows\ie7updates\KB974455-IE7\webcheck.dll
+ 2009-10-14 07:18 . 2009-06-29 16:12 105984 c:\windows\ie7updates\KB974455-IE7\url.dll
+ 2009-10-14 07:18 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB974455-IE7\spuninst\updspapi.dll
+ 2009-10-14 07:18 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe
+ 2009-10-14 07:18 . 2009-06-29 16:12 102912 c:\windows\ie7updates\KB974455-IE7\occache.dll
+ 2009-10-14 07:18 . 2009-06-29 16:12 671232 c:\windows\ie7updates\KB974455-IE7\mstime.dll
+ 2009-10-14 07:18 . 2009-06-29 16:12 193024 c:\windows\ie7updates\KB974455-IE7\msrating.dll
+ 2009-10-14 07:18 . 2009-06-29 16:12 477696 c:\windows\ie7updates\KB974455-IE7\mshtmled.dll
+ 2009-10-14 07:18 . 2009-06-29 16:12 459264 c:\windows\ie7updates\KB974455-IE7\msfeeds.dll
+ 2009-10-14 07:18 . 2009-06-29 08:35 634632 c:\windows\ie7updates\KB974455-IE7\iexplore.exe
+ 2009-10-14 07:18 . 2009-06-29 16:12 268288 c:\windows\ie7updates\KB974455-IE7\iertutil.dll
+ 2009-10-14 07:18 . 2009-06-29 16:12 385024 c:\windows\ie7updates\KB974455-IE7\iedkcs32.dll
+ 2009-10-14 07:18 . 2009-06-29 16:12 380928 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dll
+ 2009-10-14 07:18 . 2009-06-29 08:33 161792 c:\windows\ie7updates\KB974455-IE7\ieakui.dll
+ 2009-10-14 07:18 . 2009-06-29 16:12 230400 c:\windows\ie7updates\KB974455-IE7\ieaksie.dll
+ 2009-10-14 07:18 . 2009-06-29 16:12 153088 c:\windows\ie7updates\KB974455-IE7\ieakeng.dll
+ 2009-10-14 07:18 . 2009-06-29 16:12 133120 c:\windows\ie7updates\KB974455-IE7\extmgr.dll
+ 2009-10-14 07:18 . 2009-06-29 16:12 214528 c:\windows\ie7updates\KB974455-IE7\dxtrans.dll
+ 2009-10-14 07:18 . 2009-06-29 16:12 347136 c:\windows\ie7updates\KB974455-IE7\dxtmsft.dll
+ 2009-10-14 07:18 . 2009-06-29 16:12 124928 c:\windows\ie7updates\KB974455-IE7\advpack.dll
+ 2004-08-10 19:11 . 2009-08-18 14:55 179712 c:\windows\ehome\ehkeyctl.dll
+ 2009-09-13 07:44 . 2008-03-13 04:52 761344 c:\windows\Driver Cache\i386\unires.dll
+ 2009-09-13 07:44 . 2008-07-06 12:06 744960 c:\windows\Driver Cache\i386\unidrvui.dll
+ 2009-09-13 07:44 . 2008-07-06 12:06 373248 c:\windows\Driver Cache\i386\unidrv.dll
+ 2009-09-13 07:44 . 2008-07-06 12:06 198656 c:\windows\Driver Cache\i386\mxdwdui.dll
+ 2009-09-13 07:43 . 2008-07-06 12:06 765440 c:\windows\Driver Cache\i386\mxdwdrv.dll
+ 2009-10-14 07:13 . 2009-10-14 07:13 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_97ee2e70\System.Drawing.dll
+ 2009-10-14 07:13 . 2009-10-14 07:13 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_4d01909a\System.Drawing.Design.dll
+ 2009-10-14 07:13 . 2009-10-14 07:13 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_14697f9c\CustomMarshalers.dll
+ 2009-10-14 07:04 . 2009-10-14 07:04 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_eeaf77ed\System.Drawing.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe
+ 2009-09-13 08:56 . 2009-09-13 08:56 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
+ 2009-10-14 22:18 . 2009-10-14 22:18 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2009-09-13 08:30 . 2009-09-13 08:30 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll
+ 2009-09-13 08:30 . 2009-09-13 08:30 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll
+ 2009-10-14 22:18 . 2009-10-14 22:18 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2009-10-14 22:18 . 2009-10-14 22:18 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2009-09-13 08:30 . 2009-09-13 08:30 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll
+ 2009-10-14 22:25 . 2009-10-14 22:25 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2009-09-13 08:59 . 2009-09-13 08:59 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
+ 2009-10-14 22:24 . 2009-10-14 22:24 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
+ 2009-10-14 22:24 . 2009-10-14 22:24 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2009-09-13 08:59 . 2009-09-13 08:59 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
+ 2009-10-14 22:24 . 2009-10-14 22:24 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2009-09-13 08:59 . 2009-09-13 08:59 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2009-10-14 22:24 . 2009-10-14 22:24 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
+ 2009-09-13 08:59 . 2009-09-13 08:59 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
+ 2009-10-14 22:24 . 2009-10-14 22:24 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2009-10-14 22:24 . 2009-10-14 22:24 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
+ 2009-10-14 22:24 . 2009-10-14 22:24 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
+ 2009-10-14 22:24 . 2009-10-14 22:24 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
+ 2009-10-14 22:24 . 2009-10-14 22:24 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2009-09-13 08:57 . 2009-09-13 08:57 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-10-14 22:23 . 2009-10-14 22:23 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-10-14 22:24 . 2009-10-14 22:24 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
+ 2009-10-14 22:23 . 2009-10-14 22:23 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2009-10-14 22:23 . 2009-10-14 22:23 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
+ 2009-09-13 08:55 . 2009-09-13 08:55 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll
+ 2009-10-14 22:20 . 2009-10-14 22:20 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2009-10-14 22:20 . 2009-10-14 22:20 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2009-09-13 08:55 . 2009-09-13 08:55 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll
+ 2009-10-14 22:23 . 2009-10-14 22:23 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2009-10-14 22:23 . 2009-10-14 22:23 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll
+ 2009-10-14 22:17 . 2009-10-14 22:17 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2009-09-13 08:29 . 2009-09-13 08:29 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll
+ 2009-10-14 22:23 . 2009-10-14 22:23 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll
+ 2009-10-14 22:23 . 2009-10-14 22:23 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-10-14 22:23 . 2009-10-14 22:23 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2009-10-14 22:23 . 2009-10-14 22:23 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2009-10-14 22:23 . 2009-10-14 22:23 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2009-09-13 08:57 . 2009-09-13 08:57 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2009-09-13 08:57 . 2009-09-13 08:57 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll
+ 2009-10-14 22:23 . 2009-10-14 22:23 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-09-13 08:57 . 2009-09-13 08:57 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe
+ 2009-09-13 08:56 . 2009-09-13 08:56 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2009-09-13 08:56 . 2009-09-13 08:56 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe
+ 2009-09-13 08:56 . 2009-09-13 08:56 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2009-09-13 08:28 . 2009-09-13 08:28 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f475294d8c7dc2dd4febeef27bc0417e\PresentationFramework.Classic.ni.dll
+ 2009-10-14 07:45 . 2009-10-14 07:45 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2009-09-13 08:28 . 2009-09-13 08:28 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8003abaf6bcf70f7eb620d06837e897b\PresentationFramework.Luna.ni.dll
+ 2009-09-13 08:28 . 2009-09-13 08:28 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\59a67874d8d8475faa5be1d993083d12\PresentationFramework.Aero.ni.dll
+ 2009-10-14 07:45 . 2009-10-14 07:45 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2009-10-14 07:44 . 2009-10-14 07:44 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2009-09-13 08:28 . 2009-09-13 08:28 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c980c9a5051d723c6ec2a78a3d0e2b3\PresentationFramework.Royale.ni.dll
+ 2009-10-14 07:44 . 2009-10-14 07:44 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2009-09-13 08:56 . 2009-09-13 08:56 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
+ 2009-10-14 22:22 . 2009-10-14 22:22 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-09-13 08:56 . 2009-09-13 08:56 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2009-09-13 08:57 . 2009-09-13 08:57 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-09-13 08:57 . 2009-09-13 08:57 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-09-13 08:57 . 2009-09-13 08:57 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-09-13 08:57 . 2009-09-13 08:57 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-09-13 08:57 . 2009-09-13 08:57 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll
+ 2009-10-14 22:21 . 2009-10-14 22:21 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe
+ 2009-09-13 08:56 . 2009-09-13 08:56 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
+ 2009-09-13 08:56 . 2009-09-13 08:56 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
+ 2009-10-14 22:20 . 2009-10-14 22:20 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 385024 c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 167936 c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 139264 c:\windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 507904 c:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 540672 c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-09-13 07:55 . 2009-09-13 07:55 335872 c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2009-09-13 08:21 . 2009-09-13 08:21 139264 c:\windows\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 131072 c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2009-09-13 08:21 . 2009-09-13 08:21 229376 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 688128 c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 569344 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-09-13 07:47 . 2009-09-13 07:47 966656 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 233472 c:\windows\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 143360 c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2009-09-13 07:47 . 2009-09-13 07:47 131072 c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2009-09-13 07:47 . 2009-09-13 07:47 430080 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 126976 c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 286720 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-09-13 08:21 . 2009-09-13 08:21 442368 c:\windows\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 114688 c:\windows\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2009-09-13 08:21 . 2009-09-13 08:21 294912 c:\windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 684032 c:\windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 229376 c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 667648 c:\windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-09-13 07:47 . 2009-09-13 07:47 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 528384 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 864256 c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 163840 c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 397312 c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 139264 c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 196608 c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 598016 c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-09-13 07:47 . 2009-09-13 07:47 397312 c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 802816 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 733184 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-09-12 00:11 . 2009-09-12 00:11 430080 c:\windows\assembly\GAC_32\WicFileFormat-PlatOpt\1.0.5227.4054__b0cfd8589c27b05f\WicFileFormat-PlatOpt.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-09-13 07:47 . 2009-09-13 07:47 163840 c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2009-09-12 00:22 . 2009-09-12 00:22 258048 c:\windows\assembly\GAC_32\EastmanKodakCompany.EasyShare\2.0.5406.2521__e736f44e197b3380\EastmanKodakCompany.EasyShare.dll
+ 2009-09-12 00:22 . 2009-09-12 00:22 282624 c:\windows\assembly\GAC_32\EastmanKodakCompany.EasyShare\1.0.2698.25402__e736f44e197b3380\EastmanKodakCompany.EasyShare.dll
- 2006-09-12 06:52 . 2006-09-12 06:52 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
+ 2009-09-09 07:20 . 2009-09-09 07:20 389120 c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
- 2006-09-12 06:52 . 2006-09-12 06:52 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
+ 2009-09-09 07:20 . 2009-09-09 07:20 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
+ 2009-09-09 07:20 . 2009-09-09 07:20 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
- 2006-09-12 06:52 . 2006-09-12 06:52 278528 c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
+ 2009-09-09 07:20 . 2009-09-09 07:20 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
- 2006-09-12 06:52 . 2006-09-12 06:52 389120 c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
- 2009-03-31 17:15 . 2009-03-31 17:15 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiplay.dll
+ 2009-09-09 07:20 . 2009-09-09 07:20 204800 c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
- 2006-09-12 06:52 . 2006-09-12 06:52 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
+ 2009-09-09 07:20 . 2009-09-09 07:20 167936 c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
- 2006-09-12 06:52 . 2006-09-12 06:52 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
+ 2009-09-09 07:20 . 2009-09-09 07:20 110592 c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
+ 2009-09-09 07:20 . 2009-09-09 07:20 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
- 2006-09-12 06:52 . 2006-09-12 06:52 126976 c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
- 2009-03-31 17:15 . 2009-03-31 17:15 868352 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2009-09-09 07:20 . 2009-09-09 07:20 868352 c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
- 2006-09-12 06:52 . 2006-09-12 06:52 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
+ 2009-09-09 07:20 . 2009-09-09 07:20 192512 c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
+ 2009-09-09 07:20 . 2009-09-09 07:20 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
- 2006-09-12 06:52 . 2006-09-12 06:52 102400 c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
+ 2009-09-09 07:20 . 2009-09-09 07:20 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
- 2006-09-12 06:52 . 2006-09-12 06:52 117248 c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
- 2009-05-17 01:48 . 2009-05-17 01:48 101948 c:\windows\.jagex_cache_32\loginapplet\cache--2062608270.dat
+ 2009-05-17 01:48 . 2009-09-21 04:31 101948 c:\windows\.jagex_cache_32\loginapplet\cache--2062608270.dat
+ 2009-09-11 23:56 . 2006-10-16 20:10 379184 c:\windows\$NtUninstallWIC$\spuninst\updspapi.dll
+ 2009-09-11 23:56 . 2006-10-16 20:10 221488 c:\windows\$NtUninstallWIC$\spuninst\spuninst.exe
+ 2009-09-09 07:03 . 2008-05-06 20:16 382840 c:\windows\$NtUninstallKB973768$\spuninst\updspapi.dll
+ 2009-09-09 07:03 . 2008-05-06 20:16 231288 c:\windows\$NtUninstallKB973768$\spuninst\spuninst.exe
+ 2009-09-09 07:03 . 2006-10-09 20:18 178176 c:\windows\$NtUninstallKB973768$\ehkeyctl.dll
+ 2009-09-09 07:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971961$\spuninst\updspapi.dll
+ 2009-09-09 07:01 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB971961$\spuninst\spuninst.exe
+ 2009-09-09 07:01 . 2007-08-13 20:38 491520 c:\windows\$NtUninstallKB971961$\jscript.dll
+ 2009-09-01 20:38 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB970653-v3$\spuninst\updspapi.dll
+ 2009-09-01 20:38 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB970653-v3$\spuninst\spuninst.exe
+ 2009-09-09 07:03 . 2007-07-27 14:41 382840 c:\windows\$NtUninstallKB968816_WM9$\spuninst\updspapi.dll
+ 2009-09-09 07:03 . 2007-07-27 14:41 231288 c:\windows\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe
+ 2009-09-14 22:38 . 2007-11-30 11:18 382840 c:\windows\$NtUninstallKB961118$\spuninst\updspapi.dll
+ 2009-09-14 22:38 . 2007-11-30 11:18 231288 c:\windows\$NtUninstallKB961118$\spuninst\spuninst.exe
+ 2009-09-09 07:03 . 2006-03-16 04:00 153088 c:\windows\$NtUninstallKB956844$\triedit.dll
+ 2009-09-09 07:03 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB956844$\spuninst\updspapi.dll
+ 2009-09-09 07:03 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB956844$\spuninst\spuninst.exe
+ 2009-09-12 00:02 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB945060-v3$\spuninst\updspapi.dll
+ 2009-09-12 00:02 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB945060-v3$\spuninst\spuninst.exe
+ 2009-09-12 00:02 . 2006-10-24 16:30 412160 c:\windows\$NtUninstallKB945060-v3$\photometadatahandler.dll
+ 2009-09-11 23:59 . 2007-11-30 11:18 382840 c:\windows\$NtUninstallKB932716-v2$\spuninst\updspapi.dll
+ 2009-09-11 23:59 . 2007-11-30 11:18 231288 c:\windows\$NtUninstallKB932716-v2$\spuninst\spuninst.exe
+ 2009-09-14 22:22 . 2005-10-12 23:16 371424 c:\windows\$NtUninstallKB925720$\spuninst\updspapi.dll
+ 2009-09-14 22:22 . 2005-10-12 23:16 213216 c:\windows\$NtUninstallKB925720$\spuninst\spuninst.exe
+ 2009-09-14 22:22 . 2006-03-16 04:00 215552 c:\windows\$NtUninstallKB925720$\osk.exe
+ 2009-09-09 07:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971961\update\updspapi.dll
+ 2009-09-09 07:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971961\update\update.exe
+ 2009-09-09 07:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB971961\spuninst.exe
+ 2009-09-09 03:40 . 2009-08-13 15:02 512000 c:\windows\$hf_mig$\KB971961\SP3QFE\jscript.dll
+ 2009-09-14 22:39 . 2007-11-30 11:18 382840 c:\windows\$hf_mig$\KB961118\update\updspapi.dll
+ 2009-09-14 22:39 . 2007-11-30 11:18 755576 c:\windows\$hf_mig$\KB961118\update\update.exe
+ 2009-09-14 22:39 . 2007-11-30 11:18 231288 c:\windows\$hf_mig$\KB961118\spuninst.exe
+ 2009-09-09 07:03 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB956844\update\updspapi.dll
+ 2009-09-09 07:03 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB956844\update\update.exe
+ 2009-09-09 07:03 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB956844\spuninst.exe
+ 2009-09-09 03:44 . 2009-06-21 21:49 153088 c:\windows\$hf_mig$\KB956844\SP3QFE\triedit.dll
+ 2009-09-09 03:44 . 2009-06-21 21:44 153088 c:\windows\$hf_mig$\KB956844\SP3GDR\triedit.dll
+ 2009-09-09 03:44 . 2009-06-21 21:55 153088 c:\windows\$hf_mig$\KB956844\SP2QFE\triedit.dll
+ 2009-09-12 00:00 . 2007-11-30 11:18 382840 c:\windows\$hf_mig$\KB932716-v2\update\updspapi.dll
+ 2009-09-12 00:00 . 2007-11-30 11:18 755576 c:\windows\$hf_mig$\KB932716-v2\update\update.exe
+ 2009-09-12 00:00 . 2007-11-30 11:18 231288 c:\windows\$hf_mig$\KB932716-v2\spuninst.exe
+ 2009-09-11 23:59 . 2008-05-02 13:25 465920 c:\windows\$hf_mig$\KB932716-v2\SP3QFE\imapi2fs.dll
+ 2009-09-11 23:59 . 2008-05-02 13:25 317952 c:\windows\$hf_mig$\KB932716-v2\SP3QFE\imapi2.dll
+ 2009-09-14 22:22 . 2005-10-12 23:16 371424 c:\windows\$hf_mig$\KB925720\update\updspapi.dll
+ 2009-09-14 22:22 . 2005-10-12 23:16 716000 c:\windows\$hf_mig$\KB925720\update\update.exe
+ 2009-09-14 22:22 . 2005-10-12 23:16 213216 c:\windows\$hf_mig$\KB925720\spuninst.exe
+ 2006-10-04 10:40 . 2006-10-04 10:40 215552 c:\windows\$hf_mig$\KB925720\SP2QFE\osk.exe
+ 2009-10-13 22:20 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-09-13 07:43 . 2008-07-06 12:06 1676288 c:\windows\system32\xpssvcs.dll
+ 2005-08-04 09:29 . 2009-05-20 08:56 2458112 c:\windows\system32\WMVCore.dll
- 2005-08-04 09:29 . 2008-06-18 07:03 2458112 c:\windows\system32\WMVCore.dll
+ 2006-03-16 04:00 . 2009-08-29 07:36 1168384 c:\windows\system32\urlmon.dll
+ 2009-09-13 07:44 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2009-09-13 07:44 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2009-09-13 07:44 . 2008-07-06 21:36 2936832 c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2009-09-13 07:44 . 2008-07-06 21:36 2936832 c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2009-09-13 07:43 . 2008-07-06 12:06 1676288 c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2006-03-16 04:00 . 2009-07-17 16:27 1435648 c:\windows\system32\query.dll
- 2006-03-16 04:00 . 2006-03-16 04:00 1435648 c:\windows\system32\query.dll
+ 2008-08-30 00:06 . 2008-08-30 00:06 1350664 c:\windows\system32\msxml6.dll
+ 2006-03-16 04:00 . 2009-08-29 07:36 3598336 c:\windows\system32\mshtml.dll
- 2007-08-13 20:54 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll
+ 2007-08-13 20:54 . 2009-08-29 07:36 6067200 c:\windows\system32\ieframe.dll
+ 2009-09-12 00:35 . 2007-06-06 13:57 2363392 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\xerces-c_2_7.dll
+ 2009-09-13 07:43 . 2008-07-06 12:06 1676288 c:\windows\system32\dllcache\xpssvcs.dll
+ 2006-03-16 04:00 . 2009-08-06 23:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
- 2005-08-04 09:29 . 2008-06-18 07:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2005-08-04 09:29 . 2009-05-20 08:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-03-21 06:32 . 2009-08-29 07:36 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2009-07-17 16:27 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll
+ 2009-03-21 06:23 . 2009-08-04 12:51 2185984 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-03-21 06:23 . 2009-02-06 09:49 2020864 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-03-21 06:23 . 2009-08-04 12:02 2020864 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-03-21 06:23 . 2009-08-04 12:02 2062976 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-03-21 06:23 . 2009-02-06 09:49 2062976 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-03-21 06:23 . 2009-08-04 12:49 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-03-21 06:23 . 2009-02-06 10:29 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-03-21 06:21 . 2009-08-29 07:36 3598336 c:\windows\system32\dllcache\mshtml.dll
- 2009-03-22 07:33 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2009-03-22 07:33 . 2009-08-29 07:36 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 1720824 c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 22:47 . 2008-07-29 22:47 1054208 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 1364992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 22:47 . 2008-07-29 22:47 1064448 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-30 03:40 . 2008-07-30 03:40 1548280 c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-12-05 23:35 . 2008-12-05 23:35 1736528 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-30 01:10 . 2008-07-30 01:10 2637840 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-30 01:10 . 2008-07-30 01:10 4883464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-12-06 00:12 . 2008-12-06 00:12 5931008 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 1344000 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 1172472 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-11-25 08:59 . 2008-11-25 08:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-11-25 08:59 . 2008-11-25 08:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 3149824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 15:17 . 2008-07-25 15:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 15:16 . 2008-07-25 15:16 1163768 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
- 2007-04-13 23:35 . 2007-04-13 23:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-13 23:35 . 2007-04-13 23:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-13 22:57 . 2007-04-13 22:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-13 22:57 . 2007-04-13 22:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-13 22:50 . 2007-04-13 22:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2004-07-20 09:54 . 2009-06-29 15:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2004-07-20 09:54 . 2007-01-02 18:40 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2004-07-20 09:54 . 2009-06-24 02:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2004-07-20 09:54 . 2007-01-02 18:28 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2004-07-20 09:54 . 2007-01-02 18:28 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2004-07-20 09:54 . 2009-06-24 02:00 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2004-07-20 09:54 . 2007-01-02 18:21 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2004-07-20 09:54 . 2009-06-29 15:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2009-09-12 00:35 . 2009-09-12 00:35 1510912 c:\windows\Installer\6db166.msi
+ 2009-09-12 00:33 . 2009-09-12 00:33 1922560 c:\windows\Installer\6db15f.msi
+ 2009-09-12 00:11 . 2009-09-12 00:11 1021440 c:\windows\Installer\6db0fc.msi
+ 2008-12-13 13:57 . 2008-12-13 13:57 8397824 c:\windows\Installer\6ae59d1.msp
+ 2008-07-29 23:26 . 2008-07-29 23:26 1043456 c:\windows\Installer\6a811f9.msp
+ 2008-07-30 00:37 . 2008-07-30 00:37 2679808 c:\windows\Installer\6a811f7.msp
+ 2008-07-30 01:15 . 2008-07-30 01:15 3697664 c:\windows\Installer\6a811f5.msp
+ 2008-07-29 23:34 . 2008-07-29 23:34 1448448 c:\windows\Installer\6a811f4.msp
+ 2008-07-30 00:22 . 2008-07-30 00:22 4137984 c:\windows\Installer\6a811f3.msp
+ 2008-07-29 23:18 . 2008-07-29 23:18 3376640 c:\windows\Installer\6a811f2.msp
+ 2008-07-29 21:45 . 2008-07-29 21:45 2543616 c:\windows\Installer\68ae00a.msp
+ 2008-07-29 21:29 . 2008-07-29 21:29 2926080 c:\windows\Installer\68ae009.msp
+ 2008-07-29 21:41 . 2008-07-29 21:41 6487040 c:\windows\Installer\68ae008.msp
+ 2008-07-29 21:39 . 2008-07-29 21:39 3403264 c:\windows\Installer\68ae007.msp
+ 2008-07-29 21:43 . 2008-07-29 21:43 1013248 c:\windows\Installer\68ae005.msp
+ 2008-07-29 21:31 . 2008-07-29 21:31 6083072 c:\windows\Installer\68ae002.msp
+ 2009-08-25 18:57 . 2009-08-25 18:57 5518336 c:\windows\Installer\23dcd8f.msp
+ 2009-08-21 14:14 . 2009-08-21 14:14 8363008 c:\windows\Installer\1ec3c8c.msp
+ 2009-08-20 09:02 . 2009-08-20 09:02 5204992 c:\windows\Installer\1ec3c73.msp
+ 2009-09-29 13:08 . 2009-09-29 13:08 6747648 c:\windows\Installer\1ec3c60.msp
+ 2009-09-21 20:53 . 2009-09-21 20:53 5518848 c:\windows\Installer\1ec3c36.msp
+ 2007-06-06 14:53 . 2007-06-06 14:53 1195888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\FM20.DLL
+ 2009-10-14 07:18 . 2009-06-29 16:12 1159680 c:\windows\ie7updates\KB974455-IE7\urlmon.dll
+ 2009-10-14 07:18 . 2009-07-19 13:33 3597824 c:\windows\ie7updates\KB974455-IE7\mshtml.dll
+ 2009-10-14 07:18 . 2009-07-19 13:32 6067200 c:\windows\ie7updates\KB974455-IE7\ieframe.dll
+ 2006-09-12 06:54 . 2009-08-04 12:51 2185984 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2006-09-12 06:54 . 2009-08-04 12:02 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2006-09-12 06:54 . 2009-02-06 09:49 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2006-09-12 06:54 . 2009-08-04 12:02 2062976 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2006-09-12 06:54 . 2009-02-06 09:49 2062976 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2006-09-12 06:54 . 2009-02-06 10:29 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2006-09-12 06:54 . 2009-08-04 12:49 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-10-14 07:13 . 2009-10-14 07:13 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_e35bd5b0\System.dll
+ 2009-10-14 07:12 . 2009-10-14 07:12 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_56eb41c5\System.dll
+ 2009-10-14 07:13 . 2009-10-14 07:13 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f1e97ca9\System.Xml.dll
+ 2009-10-14 07:13 . 2009-10-14 07:13 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_da782764\System.Xml.dll
+ 2009-10-14 07:13 . 2009-10-14 07:13 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f387ee19\System.Windows.Forms.dll
+ 2009-10-14 07:12 . 2009-10-14 07:12 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_7025739e\System.Windows.Forms.dll
+ 2009-10-14 07:13 . 2009-10-14 07:13 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e534426c\System.Drawing.dll
+ 2009-10-14 07:13 . 2009-10-14 07:13 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_e52ec3e1\System.Design.dll
+ 2009-10-14 07:13 . 2009-10-14 07:13 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a300c60e\System.Design.dll
+ 2009-10-14 07:13 . 2009-10-14 07:13 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d0ca6c23\mscorlib.dll
+ 2009-10-14 07:13 . 2009-10-14 07:13 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a077e35f\mscorlib.dll
+ 2009-10-14 07:04 . 2009-10-14 07:04 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_0df0fee8\System.dll
+ 2009-10-14 07:04 . 2009-10-14 07:04 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_f894eaa8\System.Xml.dll
+ 2009-10-14 07:04 . 2009-10-14 07:04 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_7844e6aa\System.Windows.Forms.dll
+ 2009-10-14 07:04 . 2009-10-14 07:04 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_5637382b\System.Design.dll
+ 2009-10-14 07:04 . 2009-10-14 07:04 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_941c5997\mscorlib.dll
+ 2009-10-14 07:43 . 2009-10-14 07:43 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2009-09-13 08:19 . 2009-09-13 08:19 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
+ 2009-09-13 08:30 . 2009-09-13 08:30 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll
+ 2009-10-14 22:18 . 2009-10-14 22:18 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2009-09-13 08:16 . 2009-09-13 08:16 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3BC.tmp\PresentationBuildTasks.dll
+ 2009-09-13 08:16 . 2009-09-13 08:16 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
+ 2009-10-14 07:43 . 2009-10-14 07:43 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2009-09-13 08:30 . 2009-09-13 08:30 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
+ 2009-10-14 22:18 . 2009-10-14 22:18 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2009-10-14 22:25 . 2009-10-14 22:25 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2009-09-13 08:59 . 2009-09-13 08:59 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
+ 2009-09-13 08:59 . 2009-09-13 08:59 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
+ 2009-10-14 22:25 . 2009-10-14 22:25 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2009-10-14 22:25 . 2009-10-14 22:25 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2009-09-13 08:59 . 2009-09-13 08:59 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
+ 2009-09-13 08:59 . 2009-09-13 08:59 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
+ 2009-10-14 22:24 . 2009-10-14 22:24 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2009-10-14 22:24 . 2009-10-14 22:24 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2009-09-13 08:59 . 2009-09-13 08:59 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll
+ 2009-09-13 08:59 . 2009-09-13 08:59 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
+ 2009-10-14 22:24 . 2009-10-14 22:24 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2009-10-14 22:24 . 2009-10-14 22:24 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
+ 2009-10-14 22:17 . 2009-10-14 22:17 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2009-09-13 08:29 . 2009-09-13 08:29 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll
+ 2009-10-14 22:24 . 2009-10-14 22:24 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
+ 2009-10-14 22:21 . 2009-10-14 22:21 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2009-09-13 08:56 . 2009-09-13 08:56 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
+ 2009-10-14 22:17 . 2009-10-14 22:17 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2009-09-13 08:29 . 2009-09-13 08:29 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll
+ 2009-10-14 22:20 . 2009-10-14 22:20 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2009-09-13 08:55 . 2009-09-13 08:55 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll
+ 2009-10-14 22:17 . 2009-10-14 22:17 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2009-09-13 08:29 . 2009-09-13 08:29 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
+ 2009-10-14 22:23 . 2009-10-14 22:23 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll
+ 2009-10-14 22:23 . 2009-10-14 22:23 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll
+ 2009-09-13 08:29 . 2009-09-13 08:29 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c70731047b0022638b3f9fb158948a03\System.Data.ni.dll
+ 2009-10-14 07:45 . 2009-10-14 07:45 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2009-09-13 08:57 . 2009-09-13 08:57 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
+ 2009-10-14 22:23 . 2009-10-14 22:23 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2009-10-14 07:45 . 2009-10-14 07:45 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2009-09-13 08:29 . 2009-09-13 08:29 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\0bbec79460b1137df5313f9baf7b246f\System.Data.Linq.ni.dll
+ 2009-10-14 22:23 . 2009-10-14 22:23 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll
+ 2009-10-14 07:45 . 2009-10-14 07:45 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2009-09-13 08:28 . 2009-09-13 08:28 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\47d87251e93256c635eb73403b8db33e\System.Core.ni.dll
+ 2009-10-14 07:45 . 2009-10-14 07:45 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2009-09-13 08:28 . 2009-09-13 08:28 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\4bfb3048bf200a6a8592d1b4ba861a7f\ReachFramework.ni.dll
+ 2009-10-14 07:45 . 2009-10-14 07:45 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2009-09-13 08:28 . 2009-09-13 08:28 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\6bafb1a2a73794ddb9761cb321c9e7e2\PresentationUI.ni.dll
+ 2009-10-14 07:43 . 2009-10-14 07:43 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2009-09-13 08:17 . 2009-09-13 08:17 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e634bc4c4a00635a0a254febab0e2e2c\PresentationBuildTasks.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2009-09-13 08:57 . 2009-09-13 08:57 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2009-09-13 08:56 . 2009-09-13 08:56 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
+ 2009-10-14 22:23 . 2009-10-14 22:23 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2009-09-13 08:57 . 2009-09-13 08:57 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
+ 2009-09-13 08:57 . 2009-09-13 08:57 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-09-13 08:57 . 2009-09-13 08:57 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
+ 2009-10-14 22:22 . 2009-10-14 22:22 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 1245184 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-09-13 08:21 . 2009-09-13 08:21 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-09-13 08:15 . 2009-09-13 08:15 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-09-13 07:54 . 2009-09-13 07:54 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2009-09-13 08:15 . 2009-09-13 08:15 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-09-13 07:48 . 2009-09-13 07:48 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2009-10-14 07:41 . 2009-10-14 07:41 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-14 07:12 . 2009-10-14 07:12 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-03-21 18:48 . 2009-03-21 18:48 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-03-21 18:48 . 2009-03-21 18:48 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-14 07:12 . 2009-10-14 07:12 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-03-21 18:45 . 2009-03-21 18:45 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-14 07:04 . 2009-10-14 07:04 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-09-09 07:20 . 2009-09-09 07:20 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
- 2009-03-31 17:15 . 2009-03-31 17:15 1863680 c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\ehcm.dll
+ 2009-09-09 07:03 . 2008-06-18 07:03 2458112 c:\windows\$NtUninstallKB968816_WM9$\wmvcore.dll
+ 2009-03-22 07:25 . 2009-10-02 18:01 25198016 c:\windows\system32\MRT.exe
+ 2009-08-11 01:08 . 2009-08-11 01:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-09-12 00:00 . 2009-09-12 00:00 26360320 c:\windows\Installer\6db0e4.msi
+ 2008-12-13 14:21 . 2008-12-13 14:21 10473472 c:\windows\Installer\6ae59dc.msp
+ 2009-08-15 00:32 . 2009-08-15 00:32 11110912 c:\windows\Installer\1ec3c96.msp
+ 2009-08-10 18:09 . 2009-08-10 18:09 17254912 c:\windows\Installer\1ec3c4e.msp
+ 2009-10-14 22:18 . 2009-10-14 22:18 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2009-09-13 08:30 . 2009-09-13 08:30 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
+ 2009-10-14 22:24 . 2009-10-14 22:24 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2009-09-13 08:58 . 2009-09-13 08:58 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll
+ 2009-09-13 08:56 . 2009-09-13 08:56 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll
+ 2009-10-14 22:21 . 2009-10-14 22:21 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2009-09-13 08:29 . 2009-09-13 08:29 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8ee220bc3cce4f7bbd7818946519ed7f\System.Design.ni.dll
+ 2009-10-14 07:45 . 2009-10-14 07:45 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2009-09-13 08:28 . 2009-09-13 08:28 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96e710f47c601cba3f2348a8d11ddede\PresentationFramework.ni.dll
+ 2009-10-14 07:44 . 2009-10-14 07:44 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2009-09-13 08:27 . 2009-09-13 08:27 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\956375d487cbef36165b3250030e3574\PresentationCore.ni.dll
+ 2009-10-14 07:44 . 2009-10-14 07:44 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2009-10-14 07:43 . 2009-10-14 07:43 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
+ 2009-09-13 08:13 . 2009-09-13 08:13 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 15:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-23 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-28 520024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-06 2023704]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-03 22:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Documents and Settings\\Judy\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Judy\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/17/2009 2:09 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2009 9:30 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2009 9:30 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/3/2009 6:49 PM 297752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/18/2009 11:08 PM 24652]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 4:39 PM 61952]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1028432]
.
Contents of the 'Scheduled Tasks' folder

2009-10-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 06:08]

2009-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550649503-4093617429-2617151104-1005Core.job
- c:\documents and settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-23 03:37]

2009-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-550649503-4093617429-2617151104-1005UA.job
- c:\documents and settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-23 03:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/go/notebookaccessories
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: {4D908843-2D1F-43AF-BC92-EC2AFCB524B7} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\yklwuwgl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Judy\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Judy\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-17 01:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2992)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
Completion time: 2009-10-17 1:51
ComboFix-quarantined-files.txt 2009-10-17 05:51
ComboFix2.txt 2009-09-04 23:10
ComboFix3.txt 2009-09-04 22:44
ComboFix4.txt 2009-08-30 00:11
ComboFix5.txt 2009-10-17 05:39

Pre-Run: 36,962,066,432 bytes free
Post-Run: 36,984,365,056 bytes free

1305 --- E O F --- 2009-10-14 07:42

~~continued in next post~~
My Signature Response:

#10 JudyLee

JudyLee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:05:39 AM

Posted 17 October 2009 - 03:26 AM

The running of MBAM failed so no log from that.

Next the two RSIT Logs:


Logfile of random's system information tool 1.06 (written by random/random)
Run by Judy at 2009-10-17 04:11:34
Microsoft Windows XP Professional Service Pack 2
System drive C: has 36 GB (43%) free of 82 GB
Total RAM: 1014 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:58 AM, on 10/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Judy\Desktop\RSIT.exe
C:\Program Files\trend micro\Judy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/notebookaccessories
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D908843-2D1F-43AF-BC92-EC2AFCB524B7}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.114,85.255.112.115
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8185 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-550649503-4093617429-2617151104-1005Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-550649503-4093617429-2617151104-1005UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-09-03 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-02 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-02 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-04 458752]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-17 794713]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-09-28 520024]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-10-06 2023704]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-22 133104]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-09-03 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-22 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-10-17 04:11:35 ----D---- C:\Program Files\trend micro
2009-10-17 04:11:34 ----D---- C:\rsit
2009-10-17 02:43:54 ----D---- C:\Documents and Settings\Judy\Application Data\Malwarebytes
2009-10-17 02:43:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-17 02:43:47 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-17 02:26:55 ----SHD---- C:\RECYCLER
2009-10-17 01:51:32 ----D---- C:\WINDOWS\temp
2009-10-17 01:51:30 ----A---- C:\ComboFix.txt
2009-10-17 01:39:26 ----D---- C:\ComboFix
2009-10-14 03:39:35 ----D---- C:\Config.Msi
2009-10-14 03:31:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-14 03:31:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-14 03:22:37 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-14 03:18:55 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-14 03:18:49 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-14 03:17:55 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-14 03:10:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-14 03:09:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-14 03:04:10 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$
2009-10-14 03:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-09-22 00:29:04 ----A---- C:\RootRepeal report 09-22-09 (00-29-04).txt

======List of files/folders modified in the last 1 months======

2009-10-17 04:11:35 ----D---- C:\Program Files
2009-10-17 04:09:34 ----D---- C:\Program Files\Mozilla Firefox
2009-10-17 04:05:32 ----D---- C:\WINDOWS\Registration
2009-10-17 04:03:22 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-10-17 04:03:09 ----D---- C:\WINDOWS
2009-10-17 03:59:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-17 02:43:54 ----D---- C:\WINDOWS\Prefetch
2009-10-17 02:43:49 ----D---- C:\WINDOWS\system32\drivers
2009-10-17 02:26:12 ----D---- C:\WINDOWS\system32
2009-10-17 01:50:35 ----AD---- C:\Qoobox
2009-10-17 01:50:31 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-10-17 01:50:31 ----D---- C:\WINDOWS\ERDNT
2009-10-17 01:50:17 ----A---- C:\WINDOWS\system.ini
2009-10-17 01:46:16 ----D---- C:\WINDOWS\AppPatch
2009-10-17 01:46:15 ----D---- C:\Program Files\Common Files
2009-10-17 01:41:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-16 12:32:33 ----HD---- C:\WINDOWS\inf
2009-10-14 23:42:44 ----D---- C:\Program Files\World of Warcraft
2009-10-14 18:25:18 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-14 18:25:15 ----RSD---- C:\WINDOWS\assembly
2009-10-14 03:42:51 ----SHD---- C:\WINDOWS\Installer
2009-10-14 03:42:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-14 03:41:31 ----D---- C:\WINDOWS\WinSxS
2009-10-14 03:31:26 ----A---- C:\WINDOWS\imsins.BAK
2009-10-14 03:18:35 ----D---- C:\WINDOWS\system32\en-US
2009-10-14 03:18:35 ----D---- C:\Program Files\Internet Explorer
2009-10-14 03:18:25 ----D---- C:\WINDOWS\ie7updates
2009-10-14 03:09:53 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-11 08:10:09 ----A---- C:\WINDOWS\PEV.exe
2009-10-11 05:21:52 ----D---- C:\$AVG8.VAULT$
2009-10-03 14:05:42 ----D---- C:\WINDOWS\Help
2009-10-02 14:01:57 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-28 17:36:58 ----D---- C:\Documents and Settings\Judy\Application Data\Mozilla
2009-09-24 23:24:15 ----D---- C:\Documents and Settings\Judy\Application Data\Apple Computer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-03 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-03 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-23 108552]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-16 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-15 12672]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ; C:\WINDOWS\System32\Drivers\5U870CAP.sys [2006-06-06 61952]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-03-16 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-04-11 163328]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-06-02 572928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-20 995712]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-20 208000]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-22 1166972]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-03-16 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2006-03-16 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-17 193120]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-16 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-16 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-03-16 20480]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-21 1429632]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-20 727296]
R3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
R3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
S3 catchme;catchme; \??\C:\DOCUME~1\Judy\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-03 297752]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-06 102912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-05-18 49152]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-16 14336]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2006-03-15 267776]
S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-06 99328]
S2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2009-06-22 4608]
S2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2009-06-22 117248]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-12 126976]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-28 1028432]
S3 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2006-03-16 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 GameConsoleService;GameConsoleService; C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe [2009-02-24 242424]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-02 152984]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-10-17 04:12:00

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Dora's Carnival Adventure\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Garden Dreams\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Snowy Space Trip\Uninstall.exe"
-->"C:\Program Files\HP Games\SpongeBob SquarePants Krabby Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tinos Fruit Stand\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\WildTangent\Apps\My HP Game Console\Uninstall.exe"
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Talk Plugin-->MsiExec.exe /I{BBC783B7-8725-3B1C-B49A-BA7F09391251}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909095)-->"C:\WINDOWS\$NtUninstallKB909095$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB910728)-->"C:\WINDOWS\$NtUninstallKB910728$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB912436)-->"C:\WINDOWS\$NtUninstallKB912436$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB945060-v3)-->"C:\WINDOWS\$NtUninstallKB945060-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Pavilion Webcam Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC397D90-720E-426D-B381-0A10C6FD5A49}\setup.exe" -l0x9 -removeonly
HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Quick Launch Buttons 6.10 A2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP QuickPlay 2.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Rhapsody-->C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides 0035-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE247E71-C143-40BB-ADF2-A465DF062BAB}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 G2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PRO Network Connections Drivers-->Prounstl.exe
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_6b5616\Setup.exe /APR-REMOVE
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player-->MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB09F05F-85C6-4205-B28D-5BF071D276C3}\setup.exe" -l0x9
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Peggle Deluxe 1.01-->C:\Program Files\PopCap Games\Peggle Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Peggle Deluxe\Install.log"
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder-->MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder-->MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
SwiftKit-->C:\Program Files\SwiftKit\Uninstall.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TourSetup-->MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB911164)-->"C:\WINDOWS\$NtUninstallKB911164$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Vongo-->MsiExec.exe /I{DB7E00C9-6DEF-489A-8112-D8F81614F45A}
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885855-->C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB890546-->C:\WINDOWS\$NtUninstallKB890546$\spuninst\spuninst.exe
Windows XP Hotfix - KB891220-->C:\WINDOWS\$NtUninstallKB891220$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892559-->"C:\WINDOWS\$NtUninstallKB892559$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
Wireless Home Network Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9 -removeonly
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free (disabled)

======System event log======

Computer Name: PC785018295244
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 15619
Source Name: W32Time
Time Written: 20090906011311.000000-240
Event Type: error
User:

Computer Name: PC785018295244
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018DE0ECA86. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 15606
Source Name: Dhcp
Time Written: 20090905144553.000000-240
Event Type: warning
User:

Computer Name: PC785018295244
Event Code: 7022
Message: The Automatic Updates service hung on starting.

Record Number: 15583
Source Name: Service Control Manager
Time Written: 20090905132615.000000-240
Event Type: error
User:

Computer Name: PC785018295244
Event Code: 7001
Message: The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 15581
Source Name: Service Control Manager
Time Written: 20090905132422.000000-240
Event Type: error
User:

Computer Name: PC785018295244
Event Code: 1002
Message: The IP address lease 192.168.1.102 for the Network Card with network address 0018DE0ECA86 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 15578
Source Name: Dhcp
Time Written: 20090905132356.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: PC785018295244
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 6025
Source Name: crypt32
Time Written: 20090824231651.000000-240
Event Type: error
User:

Computer Name: PC785018295244
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally


Record Number: 6024
Source Name: crypt32
Time Written: 20090824231644.000000-240
Event Type: error
User:

Computer Name: PC785018295244
Event Code: 4
Message: Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET.MOF while recovering repository file.

Record Number: 5974
Source Name: WinMgmt
Time Written: 20090822225532.000000-240
Event Type: error
User:

Computer Name: PC785018295244
Event Code: 0
Message:
Record Number: 5973
Source Name: Media Center Scheduler
Time Written: 20090822225522.000000-240
Event Type: error
User:

Computer Name: PC785018295244
Event Code: 0
Message:
Record Number: 5972
Source Name: Media Center Scheduler
Time Written: 20090822225517.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"PCTYPE"=PAVILION
"PLATFORM"=MCD
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

And once again ... Many thanks for your time, effort and kindness in helping me through this.
I certainly am getting a taste for what it might be like to do this ... to be one of you guys ... kinda cool :(
Hugs, Judy Lee

[edited for grammar >.<]

Edited by JudyLee, 17 October 2009 - 03:28 AM.

My Signature Response:

#11 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 18 October 2009 - 10:36 AM



NOTICE:
These steps are for member: JudyLee ONLY. If you are a lurker, do NOT try this on your system! If you are not the topic starter and have a similar problem, do NOT post here; DO NOT follow these directions as they could damage the workings of your system. Please start your own topic.


First of all, regarding the task of removing Viewpoint, Viewpoint Manager, Viewpoint Media Player (which I am happy to do by the way), it took upwards of ___ minutes wait time for "Add or Remove Programs - Please wait while list is populated" ... OK - I was going to go back and fill in that blank, but it never did populate the list in about 2 hours time (I had to run out for a little bit). So I closed the "Add or Remove Programs" screen, and behind it was a screen "Add-ons may be causing problems" saying "Firefox has determined that the following add-ons are known to cause stability or security problems:" It listed: Microsoft .NET Framework Assistant 1.1 and Windows Presentation Foundation 3.5.30729.1 - both were marked "Blocked" - further the screen says "These add-ons have a high risk of causing stability or security problems and have been blocked, but a restart is required to disable them completely." I then chose the button "Restart Firefox." For the record, I don't recall ever installing these add-ons. The only Firefox add-ons I have installed are FoxSaver and FoxMarks.

Hello JudyLee,:(

You also have viewpoint as a plugin in Firefox browser to get there to disable it you have to go to the top of your firefox browser:


Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.

Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.


FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
  • OPEN firefox browser and go to the top of the window.
  • Click on Tools tab
  • Click on add-ons tab
  • Click on the plugins tab (pictured in blue)
  • look for anything related to viewpoint and disable it.
Do not worry about that little firefox window that pop up, firefox is protecting his browser by blocking an addon that microsoft added to their browser.

An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves the browser open to attack, Microsoft's security engineers acknowledged earlier this week.

You can read more about this: HERE

Too bad you can not run a full scan with MBAM, but I included instructions to run a quick scan.

I fixed my canned for combofix, thanks for pointing that to me.

Also every time I log on now I get a blue screen stating inconsistencies on this disk. The computer has only a C: drive and a D: drive. I was told that the D: drive should be where the backup restore ability is stored. When I try to open that, it says it is inaccessible or corrupted.

O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
This issue occurs if any one of the following conditions are true:
  • You have scheduled the Chkdsk.exe program or the Autochk.exe program to run in Scheduled Tasks.
  • A Windows registry setting has been set to run the Autochk.exe program at startup.
  • Your hard disk is damaged and must be repaired.
To resolve this issue, use ONE of the following methods from this microsoft KB Article page.

If the above doesn't help try this:
  • Open a command prompt: (Go Start > Run type cmd and hit OK)
  • Type: chkdsk /f
  • Press Enter
This will stop checkdisk on every boot.
====================
Also if the above doesn't help run chkdsk /r to scan for bad sectors

If you want to check the disk in drive D and have Windows fix errors, type:

chkdsk d: /f

=The following can help speed up your computer:

Defragment files (Drive C)
Defragmenting is a must. It's one of the large reasons for system slowdowns. I use JkDefrag to defragment. You can use it forever. I recommend installing it and defragmenting as soon as possible

To improve performance I recommend to check this LINK.

======================******===================

If you had your boot problem fixed do the following:

Firstly, Ensure that AD-AWARE AD-WATCH and spybot teatimer still disable which can interfere with the fixes.
How to turn off Ad-Watch in Ad-Aware Anniversary Edition (and Pro version)
  • Start Ad-Aware
  • Click the Ad-Watch tab
  • Click the Settings button
  • Ensure all highlighted options bellow are unchecked:(some settings may be used or changed only in the Pro version)

    Under the General tab
    • Processes Protection
    • Registry Protection
    • Network Protection
    Under the Detection Layers tab:
    • Spyware heuristics
    • AntiVirus engine
  • OK your way out, and close the main Ad-Aware window.
  • Shut down Ad-Aware and Ad-Watch Live! by right clicking on the system tray icon, and selecting Exit Ad-Aware.
  • OK the change.
:) Rerun ComboFix with some additional directives:
  • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
  • Make sure that combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Go to Start -> Run... and in the "Open:" box that opens type Notepad and press Enter (alternatively, navigate to Start -> Accessories -> Notepad).
  • Copy the entire contents inside the CODE box below into Notepad (do NOT copy the word "CODE"!) - don't use any other text editor than Notepad or the script will fail.
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=-
    "*{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
    [-HKEY_CLASSES_ROOT\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}]
    [-HKEY_CLASSES_ROOT\CLSID\*{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=""
    [HKEY_CLASSES_ROOT\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}]
    @="Microsoft Url Search Hook"
    [HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    @="Microsoft Url Search Hook"
    [HKEY_CLASSES_ROOT\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InProcServer32]
    @="C:\\WINDOWS\\system32\\ieframe.dll"
    "ThreadingModel"="Apartment"
    [HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InProcServer32]
    @="C:\\WINDOWS\\system32\\ieframe.dll"
    "ThreadingModel"="Apartment"
    WARNING: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!
  • Go to File -> Save and save as CFScript.txt in the same location as ComboFix.exe.
    Posted Image
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Drag CFScript.txt on top of ComboFix.exe. This will start ComboFix again. Please follow the prompts.
    NOTE: Do NOT mouseclick ComboFix's window whilst it's running. That may cause your system to hang!
  • When finished, ComboFix shall produce a log for you at C:\ComboFix.txt. Please post the entire contents of that report in your next reply for further review.
Next...

:) Posted Image Your Java program is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older version Java components and update:
Download and Run JavaRA

Please download JavaRa and save the file to your desktop.
  • Right click and Extract All and a new folder called "JavaRa" will be extracted
  • Once extracted, open that folder and run JavaRa.exe with the picture.
  • Select your Language which is probably English
  • Click Search For Updates
  • Select Update Using jucheck.exe
  • Click Search
  • If a newer version is found, allow it to be installed
  • Uncheck the Google Toolbar option. (if you don't want the Google tool bar)
  • When complete, click Remove Older Versions in the JavaRa interface and allow it to proceed
  • When that is complete, click Additional Tasks, then select Remove Useless JRE Files and click Go
  • It will now begin to remove older versions. Please be paitent while it does the removal process.
  • Exit the tool when complete.

:) Malwarebytes' Anti-Malware

Because some malware can be easily removed, we recommend Malwarebytes Anti-Malware be run. It's an advanced piece of software which should get a lot of what's on this machine. These guys are so on top of the latest infections it's amazing.

It's important to let me know however, if you experience any trouble getting to the site or updating it or opening it to run. Some rootkits target MBAM and those indicators are the 'tell', if you will. We have another method of double-checking for this rootkit, which if present, will require another special tool.


* MBAM
You already have Posted ImageMalwarebytes' Anti-Malware installed.
  • Open MBAM
  • Go to the updates tab, and click Update to update to the latest version
  • Once the program has updated, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: if you can not run a full system scan then retry with a quick scan.
    * Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
***NOTE: If MBAM will not install, try renaming it this way.
  • Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.
  • Double-click on mysetup.exe to start the installation.
  • If that did not work, then try renaming and changing the file extension. <- click this link if you do not see the file extension
  • Right-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.
  • Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.
**If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.
  • Right-click on mbam.exe, rename it to myscan.exe.
  • Double-click on myscan.exe to launch the program.
  • If that did not work, then try renaming and change the .exe extension in the same way as noted above.
  • Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.
If using Windows Vista, refer to How to Change a File Extension in Windows Vista.

MBAM Tutorial if needed

:) Rerun a scan with RSIT and post its resultant log.txt log file here for a another review. :step1:

Summary of the logs I will need in your next reply:
  • The report log of Combofix located at: "C:\ComboFix.txt"
  • The report log of MBAM
  • The log of RSIT.
And a description of any remaining problems in your next post.

How are things your end JudyLee???.


Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Kind regards
Net_Surfer

:(

#12 JudyLee

JudyLee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:05:39 AM

Posted 18 October 2009 - 03:40 PM

Many thanks for your time and help with this situation. I do not underestimate the amount of time you are putting into this, and I am very grateful.

Regarding Viewpoint - when I pull up the Firefox list of Addons, I see: Adobe Acrobat, Google Talk Plugin, Google Update, iTunes Application Detector, Java Platform SE 6 U13 (Java Platform SE binary), Java Platform SE 6 U13 (Java Plug-in 1.6.0_13 for Netscape Navigator (DLL Helper)), MetaStream 3 Plugin, Microsoft Office 2003, Mozilla Default Plug-in, Quicktime Plug-in 7.6, and Shockwave Flash. There is also Windows Presentation Foundation which is grayed out. I wish I could take a screenshot for you, but I can't figure out how to get the laptop prtscr button to work ... or maybe it is broken. There isn't any mention of Viewpoint on this list. Please advise.

Regarding MBAM, I so missed this instruction

Note: if you can not run a full system scan then retry with a quick scan.


... it is so easy to overlook one line. My apologies... and here I was patting myself on the back for doing such a good job ... dang!

MBAM quick scan worked ... and since it removed two items, I thought it best to post that log here and ask you to review it before continuing with your further instructions. It changed something ... and you told me to watch out for that.

I'll post the MBAM-log in the post to follow:
My Signature Response:

#13 JudyLee

JudyLee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:05:39 AM

Posted 18 October 2009 - 03:42 PM

Malwarebytes' Anti-Malware 1.41
Database version: 2973
Windows 5.1.2600 Service Pack 2

10/18/2009 4:37:44 PM
mbam-log-2009-10-18 (16-37-44).txt

Scan type: Quick Scan
Objects scanned: 110016
Time elapsed: 5 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4d908843-2d1f-43af-bc92-ec2afcb524b7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.114,85.255.112.115 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Following the MBAM instructions, I rebooted the computer.

[edited to add that last line]

Edited by JudyLee, 18 October 2009 - 03:57 PM.

My Signature Response:

#14 JudyLee

JudyLee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:05:39 AM

Posted 18 October 2009 - 07:41 PM

Ok - checking to see if there is anything I can do that won't do harm while waiting for your next reply, I followed these instructions:

QUOTE
Also every time I log on now I get a blue screen stating inconsistencies on this disk. The computer has only a C: drive and a D: drive. I was told that the D: drive should be where the backup restore ability is stored. When I try to open that, it says it is inaccessible or corrupted.

CODE
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

This issue occurs if any one of the following conditions are true:

* You have scheduled the Chkdsk.exe program or the Autochk.exe program to run in Scheduled Tasks.
* A Windows registry setting has been set to run the Autochk.exe program at startup.
* Your hard disk is damaged and must be repaired.

To resolve this issue, use ONE of the following methods from this microsoft KB Article page.


The first two instructions offered no solution. Those items were not there to change. Their 3rd suggestion involved starting from the system disk for the computer which I was not given when I received the computer. I have no idea how to go about getting one or creating one.

I went to your next suggestion:

If the above doesn't help try this:

* Open a command prompt: (Go Start > Run type cmd and hit OK)
* Type: chkdsk /f
* Press Enter

This will stop checkdisk on every boot.


which did not work.

So I went to the next suggestion:

Also if the above doesn't help run chkdsk /r to scan for bad sectors


Then rebooted and watched it work:

Stage 1 - verifying files completed
Stage 2 - verifying indexes completed
Stage 3 - verifying security descriptor completed
Stage 4 - verifying file data completed
Stage 5 - verifying free space complete


It then scrolled through a lot of text I could not possibly read and brought up another blue screen stating the volume is clean.
I repeated the process for /d drive.

If you want to check the disk in drive D and have Windows fix errors, type:
chkdsk d: /f


This process was confusing and very quick - I'm not sure what happened. Then it was closed.

I recalled on the previous instruction regarding the C drive, you told me to run chkdsk /r to scan for bad sectors, and that seemed to be productive, so I decided to try that.

The black box showed:

The type of the file system is FAT32.
Volume HP_RECOVERY created 3/7/2009 10:21 PM <--(note this is when I was given this computer-it was restored to factory specs)
Volume Serial Number is 3EC6-2E70
Windows is verifying files and folders ...
Files and folders verification is complete.
Windows is verifying free space ...
Free space verification is complete.
(then a lot of text printed quickly and the box closed)


Ok - I'm going to post this so you know what I've been up to ...
And download the defragmenting program you suggested.

Many thanks,
Judy Lee
My Signature Response:

#15 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 18 October 2009 - 07:50 PM

Hello JudyLee,

Good job! :(

Yes I am glad that MBAM worked this time, :( as you see for yourself your DNS were hijacked by the infection. :)

Please continue with the steps and run MBAM again and post the log back here before you re-scan with RSIT so we can double check if the DNS hijack is gone from your system.

We will fix the viewpoint issue in my next post.

Regards
Net_Surfer




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users